Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malwarebytes real-time protections disable themselves

Started by Lyanheart , Feb 23 2017 07:41 AM

  • Please log in to reply

#1
Lyanheart
Posted 23 February 2017 - 07:41 AM

Lyanheart

    Member

  • Member
  • PipPipPip
  • 136 posts

I have not noticed anything else wrong with my system, yet, but for the past week or two my Malwarebytes Premium has been instantly disabling the real-time protections. At startup it gives me the alert that protections are disabled, but every time I re-enabled them they are instantly switched back off. It goes through this routine each time after finishing a scan as well. 

 

Also.. and this seems new.. I cannot copy-paste my FRST documents in this window. Every time I try it freezes the browser (Chrome) and I have to reload the page. The files are attached instead.

 

Thanks

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017
Ran by Ryan2011 (administrator) on RYAN2011-PC (23-02-2017 08:23:21)
Running from C:\Users\Ryan2011\Desktop\Malware
Loaded Profiles: Ryan2011 (Available Profiles: Ryan2011)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
( ) C:\Windows\System32\dlbkcoms.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Dropbox, Inc.) C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-02] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-30] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
Winlogon\Notify\GoToAssist: 
Winlogon\Notify\igfxcui: 
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [975288 2012-07-02] (Samsung)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-07-02] ()
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5142664 2014-12-21] (Plex, Inc.)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [Google Update] => C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [Dropbox Update] => C:\Users\Ryan2011\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [Yahoo Messenger Updater] => C:\Users\Ryan2011\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115144 2016-08-22] (Yahoo!, Inc.)
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-06-17]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-02-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{288D171A-CEE6-471A-B1B8-884749FB721A}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2DBCD195-5512-4C7A-8C99-29D6593BD0FF}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
SearchScopes: HKLM -> {DC718571-D9D1-419F-8C55-D9E6BD5837E5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {B0774E76-A7A8-4B69-B75F-965BB88F7716} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000 -> {B0774E76-A7A8-4B69-B75F-965BB88F7716} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-12] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-12] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll => No File
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll => No File
BHO-x32: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll => No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} 
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: (Default Manager) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-02-21] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-11-12] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-02-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-07-05] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1237553287-1429794397-2156527687-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1237553287-1429794397-2156527687-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1237553287-1429794397-2156527687-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-14] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1237553287-1429794397-2156527687-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll [No File]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Native Client) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default [2017-02-23]
CHR Extension: (Flip this) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\donljlliiecjcagcenoeohjmabfegkph [2015-07-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Chrome Media Router) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Ryan2011\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
StartMenuInternet: Google Chrome - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 dlbk_device; C:\Windows\system32\dlbkcoms.exe [567024 2007-06-25] ( )
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 CSRBC; C:\Windows\System32\Drivers\csrbc.sys [38400 2011-05-18] (CSR plc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
S3 gtfilter; C:\Windows\System32\DRIVERS\gtfilter.sys [18272 2012-01-03] (Fructel AB)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-01-27] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-02-18] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-18] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-18] (Malwarebytes)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-22 08:26 - 2017-02-22 08:26 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{9FBDE7BD-CC86-434E-964C-B9611DF23F0A}
2017-02-21 10:03 - 2017-02-21 10:03 - 00623947 _____ C:\Users\Ryan2011\Downloads\SonsofAnarchy_v1.3.pdf
2017-02-21 09:47 - 2017-02-21 09:47 - 00074377 _____ C:\Users\Ryan2011\Downloads\Lords_of_Vegas_Pip_Tracker.pdf
2017-02-21 09:39 - 2017-02-21 09:39 - 00937772 _____ C:\Users\Ryan2011\Downloads\Lords_of_Vegas_summary_card_8.8.15.pdf
2017-02-21 08:36 - 2017-02-21 08:36 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{CE6FA1FF-0354-4FE7-8807-DCB391AFDBF0}
2017-02-21 08:19 - 2017-02-21 08:19 - 00373394 _____ C:\Users\Ryan2011\Downloads\Fresco_Mini_Player's_Aid_with_1st_Expansions_color_v12.pdf
2017-02-21 08:18 - 2017-02-21 08:18 - 00195076 _____ C:\Users\Ryan2011\Downloads\Fresco_tuck_boxes.zip
2017-02-21 08:15 - 2017-02-21 08:15 - 01711452 _____ C:\Users\Ryan2011\Downloads\score_lords_of_vegas.pdf
2017-02-21 07:59 - 2017-02-21 07:59 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{5867C5B3-5E9C-42DC-AF8C-46D80DFD2E7D}
2017-02-20 15:02 - 2017-02-20 15:02 - 02870058 _____ C:\Users\Ryan2011\Downloads\Snow_Tails_Track_#3.pdf
2017-02-20 15:01 - 2017-02-20 15:01 - 02823584 _____ C:\Users\Ryan2011\Downloads\Snow_Tails_Track_#2.pdf
2017-02-20 15:01 - 2017-02-20 15:01 - 02656630 _____ C:\Users\Ryan2011\Downloads\Snow_Tails_Track_#1.pdf
2017-02-20 15:00 - 2017-02-20 15:00 - 01295580 _____ C:\Users\Ryan2011\Downloads\Snow_Tails_-_Solo_Sheet_v1.2.pdf
2017-02-20 14:58 - 2017-02-20 14:58 - 00081427 _____ C:\Users\Ryan2011\Downloads\Snow_Tails.pdf
2017-02-20 14:51 - 2017-02-20 14:51 - 00035485 _____ C:\Users\Ryan2011\Downloads\Leonardo_Summary_v2.pdf
2017-02-20 07:53 - 2017-02-20 07:53 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{453F7E38-4DE3-45B8-AFA5-4BD164DD16B0}
2017-02-17 08:37 - 2017-01-05 13:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-02-17 08:37 - 2017-01-05 13:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-02-17 08:37 - 2017-01-05 13:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-02-17 08:37 - 2017-01-05 12:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-02-17 08:37 - 2017-01-05 12:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-02-17 08:37 - 2017-01-05 12:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-02-17 08:37 - 2017-01-05 12:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-02-17 08:37 - 2017-01-05 12:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-02-17 08:37 - 2017-01-05 12:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-02-17 08:37 - 2017-01-05 12:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-02-17 08:37 - 2017-01-05 12:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-02-17 08:32 - 2017-02-17 08:32 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{EDFDB154-3F6A-4EAD-BBCC-527528767432}
2017-02-16 09:43 - 2017-02-16 09:43 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{53AF8641-6332-466B-8EEB-77DC6AEA9D49}
2017-02-15 08:08 - 2017-02-15 08:08 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{305811D2-5A51-4310-93D1-FD09B23BA4AA}
2017-02-14 07:45 - 2017-02-14 07:45 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{1B328615-BBE9-478F-AE2C-80EDC13C9341}
2017-02-13 08:22 - 2017-02-13 08:22 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{E1502A23-3465-4AE6-9E19-555C5DDF802E}
2017-02-10 10:01 - 2017-02-10 10:01 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{DC10B33D-BAA8-435E-B0D8-628F60D55D54}
2017-02-09 09:52 - 2017-02-09 09:52 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{F0224249-23C5-4985-812B-B8F9E94ADB31}
2017-02-08 07:49 - 2017-02-08 07:49 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{24399964-FD16-4056-BF8D-15FB47B64FB7}
2017-02-07 17:08 - 2017-02-07 17:08 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-07 08:08 - 2017-02-07 08:08 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{1B1D081C-C864-47BB-969C-CAA5FB409757}
2017-02-06 10:01 - 2017-02-06 10:01 - 00003624 _____ C:\Users\Ryan2011\Desktop\jeep CL listing.txt
2017-02-06 08:42 - 2017-02-06 08:42 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{BD3E7F85-83BD-42D0-99C0-48C2DFEE2155}
2017-02-03 08:08 - 2017-02-03 08:08 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{0B889842-372D-4C6F-8034-DB14383728A8}
2017-02-02 08:16 - 2017-02-02 08:16 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{D6E8E988-742A-4E16-9882-8D4244662937}
2017-02-01 08:07 - 2017-02-01 08:07 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{8B1DD283-AD58-4944-A73B-8C406D8BD47F}
2017-01-31 08:13 - 2017-01-31 08:13 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{9E1D4590-DA38-43E0-8441-695635DA5D4D}
2017-01-30 11:25 - 2017-01-30 11:25 - 00242005 _____ C:\Users\Ryan2011\Downloads\Zooloretto_Aid_And_Guide_by_Liumas_non-SDJ_2014-04.pdf
2017-01-30 11:17 - 2017-01-30 11:17 - 13503275 _____ C:\Users\Ryan2011\Downloads\INIS_Victory_Conditions_Player_Aid.zip
2017-01-30 11:17 - 2017-01-30 11:17 - 00199526 _____ C:\Users\Ryan2011\Downloads\Inis_Rules_Clarifications.pdf
2017-01-30 11:16 - 2017-01-30 11:16 - 00045019 _____ C:\Users\Ryan2011\Downloads\Inis_-_Advantage_cards.pdf
2017-01-30 11:14 - 2017-01-30 11:14 - 00265786 _____ C:\Users\Ryan2011\Downloads\Clash_and_Victory_(Inis).pdf
2017-01-30 08:34 - 2017-01-30 08:34 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{88965A44-55E9-4559-9339-62D232A666EE}
2017-01-27 14:08 - 2017-02-18 08:44 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-27 14:08 - 2017-02-18 08:44 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-27 14:08 - 2017-02-18 08:44 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-27 14:08 - 2017-01-27 14:08 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-27 14:08 - 2017-01-27 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-27 14:08 - 2017-01-27 14:08 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-27 14:08 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-27 08:30 - 2017-01-27 08:30 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{8DEF7470-D0DE-4EB2-BEBF-11BA8B33C4F6}
2017-01-26 08:24 - 2017-01-26 08:24 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{9B6981D9-0BC1-449B-BCD0-9A699E73CBBC}
2017-01-25 08:53 - 2017-01-25 08:53 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{81B0A074-0AE6-48C3-8700-0AFB15735637}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-23 08:23 - 2015-01-12 08:10 - 00000000 ____D C:\Users\Ryan2011\Desktop\Malware
2017-02-23 08:23 - 2013-10-25 10:19 - 00000000 ____D C:\FRST
2017-02-23 07:47 - 2012-03-30 06:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-23 07:25 - 2015-06-18 06:54 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA.job
2017-02-23 03:14 - 2009-07-13 23:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-23 03:14 - 2009-07-13 23:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-22 22:19 - 2011-01-31 16:14 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E2EFC854-A19B-421C-8245-B34FDE8E3A62}
2017-02-22 08:39 - 2015-06-18 06:54 - 00000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core.job
2017-02-21 10:18 - 2015-02-12 15:18 - 00007891 _____ C:\Windows\BRRBCOM.INI
2017-02-21 10:03 - 2015-04-16 08:19 - 00000000 ____D C:\Users\Ryan2011\Board Game Materials
2017-02-18 08:50 - 2009-07-14 00:13 - 00786472 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-18 08:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-02-18 08:45 - 2012-02-23 12:50 - 00000000 ___RD C:\Users\Ryan2011\Dropbox
2017-02-18 08:44 - 2015-01-12 08:53 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-18 08:43 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-17 12:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-02-17 08:44 - 2013-08-14 11:02 - 00000000 ____D C:\Windows\system32\MRT
2017-02-17 08:38 - 2011-02-01 14:42 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-14 10:48 - 2012-03-30 06:49 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-14 10:48 - 2012-03-30 06:49 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 10:48 - 2011-05-18 06:51 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-14 10:48 - 2011-04-05 15:35 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-14 10:48 - 2010-09-10 02:48 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-07 17:09 - 2012-02-23 12:44 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\Dropbox
2017-02-06 14:05 - 2011-05-03 14:11 - 00002398 _____ C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 14:05 - 2011-05-03 14:11 - 00002390 _____ C:\Users\Ryan2011\Desktop\Google Chrome.lnk
2017-01-27 16:59 - 2016-08-26 15:27 - 02486618 ____H C:\Users\Ryan2011\AppData\Local\IconCache.db.backup
2017-01-27 14:08 - 2012-07-10 07:35 - 00000000 ____D C:\ProgramData\Malwarebytes
 
==================== Files in the root of some directories =======
 
2011-02-10 08:36 - 2015-02-12 14:54 - 0043247 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
2015-02-16 16:25 - 2015-02-16 16:25 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1094705206136404530.dll
2015-02-02 16:45 - 2015-02-02 16:45 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1234892122535289437.dll
2015-01-15 12:32 - 2015-01-15 12:32 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1305930936166307513.dll
2015-03-17 11:46 - 2015-03-17 11:46 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1477935695088929860.dll
2015-03-05 14:20 - 2015-03-05 14:20 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1662811416759938413.dll
2014-12-23 14:57 - 2014-12-23 14:57 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1750950249220935129.dll
2015-03-16 12:28 - 2015-03-16 12:28 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1922564220394928621.dll
2015-07-03 13:22 - 2015-07-03 13:22 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2177761085650802410.dll
2015-03-13 12:50 - 2015-03-13 12:50 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2191506039833144355.dll
2014-12-23 13:24 - 2014-12-23 13:24 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2288585704696943160.dll
2014-12-17 09:39 - 2014-12-17 09:39 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2525721115103601977.dll
2015-03-10 13:15 - 2015-03-10 13:15 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2722276632628636446.dll
2015-03-05 16:06 - 2015-03-05 16:06 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2878454833473033925.dll
2014-12-22 15:12 - 2014-12-22 15:12 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2891692769499953680.dll
2015-03-20 15:17 - 2015-03-20 15:17 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3316157399891243444.dll
2014-12-30 12:21 - 2014-12-30 12:21 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3322206949888591616.dll
2015-01-26 16:51 - 2015-01-26 16:51 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll33660760806898945.dll
2015-03-17 10:14 - 2015-03-17 10:14 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3381574147740508664.dll
2014-12-16 10:54 - 2014-12-16 10:54 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3437955289395833703.dll
2015-02-10 14:49 - 2015-02-10 14:49 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3474294549148471779.dll
2014-12-19 16:30 - 2014-12-19 16:30 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3603963737905416278.dll
2015-06-04 14:01 - 2015-06-04 14:01 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3662528029300492452.dll
2015-01-27 16:26 - 2015-01-27 16:26 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3825244421482017450.dll
2015-03-16 10:22 - 2015-03-16 10:22 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3895602163583237437.dll
2014-12-16 16:05 - 2014-12-16 16:05 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3904093334795893935.dll
2015-02-10 16:11 - 2015-02-10 16:11 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4095048430233985691.dll
2015-03-09 15:38 - 2015-03-09 15:38 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4140298760208167055.dll
2014-12-22 11:27 - 2014-12-22 11:27 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4153732610835489193.dll
2015-03-12 11:39 - 2015-03-12 11:39 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4298542825796865010.dll
2015-03-06 15:53 - 2015-03-06 15:53 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4315774801480525828.dll
2014-12-16 12:48 - 2014-12-16 12:48 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4410255208328184187.dll
2015-02-26 16:40 - 2015-02-26 16:40 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4552636519366260074.dll
2015-02-05 13:13 - 2015-02-05 13:13 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4625050691956842239.dll
2014-12-19 15:11 - 2014-12-19 15:11 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4694294819641030944.dll
2015-03-03 14:27 - 2015-03-03 14:27 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4702655533228940733.dll
2015-03-10 11:14 - 2015-03-10 11:14 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4716270113618199523.dll
2014-12-18 13:40 - 2014-12-18 13:40 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4826736499762481587.dll
2015-03-05 16:32 - 2015-03-05 16:32 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4832285719129521726.dll
2015-03-09 14:04 - 2015-03-09 14:04 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4847538863708923063.dll
2015-05-05 13:17 - 2015-05-05 13:17 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll489048686388158026.dll
2015-11-16 16:16 - 2015-11-16 16:16 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4896887928361525872.dll
2014-12-19 11:25 - 2014-12-19 11:25 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4921865234840115348.dll
2014-12-18 16:47 - 2014-12-18 16:47 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4969838681879398182.dll
2015-03-17 12:17 - 2015-03-17 12:17 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5103841986201854443.dll
2015-01-28 11:32 - 2015-01-28 11:32 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5116706965581881759.dll
2015-01-08 16:35 - 2015-01-08 16:35 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5118748150403154592.dll
2014-12-16 14:48 - 2014-12-16 14:48 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5279013483118320440.dll
2015-01-15 16:43 - 2015-01-15 16:43 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5312093216061575533.dll
2015-03-12 15:15 - 2015-03-12 15:15 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll535969055310820214.dll
2014-12-19 09:33 - 2014-12-19 09:33 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5423977359307857484.dll
2015-07-13 11:25 - 2015-07-13 11:25 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5648395227850570409.dll
2015-03-03 14:11 - 2015-03-03 14:11 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5736166942877262532.dll
2015-03-17 15:42 - 2015-03-17 15:42 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5822297053216011186.dll
2015-03-11 09:42 - 2015-03-11 09:42 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5862354211358584877.dll
2015-03-19 13:06 - 2015-03-19 13:06 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5875523803620366034.dll
2015-02-12 12:01 - 2015-02-12 12:01 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6359087246091873742.dll
2015-03-10 14:57 - 2015-03-10 14:57 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6482911067260101565.dll
2015-03-17 15:23 - 2015-03-17 15:23 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6491647763509399306.dll
2015-03-05 11:33 - 2015-03-05 11:33 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6607264816659145917.dll
2015-01-15 15:51 - 2015-01-15 15:51 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6639412944991037709.dll
2015-06-05 14:30 - 2015-06-05 14:30 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6644692320495610847.dll
2014-12-18 11:22 - 2014-12-18 11:22 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6919705290121585956.dll
2015-03-11 10:46 - 2015-03-11 10:46 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6923187167759227639.dll
2015-07-13 11:58 - 2015-07-13 11:58 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7242828299907620013.dll
2015-03-12 14:13 - 2015-03-12 14:13 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7258431514270775508.dll
2015-03-24 15:32 - 2015-03-24 15:32 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7328402643447464546.dll
2014-12-23 10:15 - 2014-12-23 10:15 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7442992762470252358.dll
2014-12-18 12:04 - 2014-12-18 12:04 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7466110976157898164.dll
2015-03-10 15:38 - 2015-03-10 15:38 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7578726702328802301.dll
2015-01-12 16:34 - 2015-01-12 16:34 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7602493315841084887.dll
2014-12-24 10:05 - 2014-12-24 10:05 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7635361783839240865.dll
2014-12-22 13:16 - 2014-12-22 13:16 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7962454163710303613.dll
2015-02-05 12:16 - 2015-02-05 12:16 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8100565711562063502.dll
2015-06-02 12:27 - 2015-06-02 12:27 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8140050600732972187.dll
2015-06-01 15:34 - 2015-06-01 15:34 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8140708550198523255.dll
2015-02-24 13:47 - 2015-02-24 13:47 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8199923551825153713.dll
2015-03-16 15:14 - 2015-03-16 15:14 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8547915353913272794.dll
2014-12-22 16:17 - 2014-12-22 16:17 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8654906080847629982.dll
2015-01-15 15:35 - 2015-01-15 15:35 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8672067265896875017.dll
2015-03-05 13:38 - 2015-03-05 13:38 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8711881420578433974.dll
2015-02-10 13:36 - 2015-02-10 13:36 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8719657698066397730.dll
2014-12-30 14:13 - 2014-12-30 14:13 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll9070848664574764827.dll
2015-03-10 11:11 - 2015-03-10 11:11 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll914193665277928511.dll
2014-12-19 13:49 - 2014-12-19 13:49 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll970378561671246769.dll
2014-04-10 13:18 - 2015-10-01 11:35 - 0212992 _____ (Sony DADC Austria AG) C:\Users\Ryan2011\AppData\Local\Temp\drm_dyndata_7330014.dll
2015-12-14 08:23 - 2015-12-14 08:23 - 0071168 _____ () C:\Users\Ryan2011\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy2dp_r.dll
2014-11-08 03:33 - 2015-04-08 02:24 - 0606208 _____ () C:\Users\Ryan2011\AppData\Local\Temp\Quarantine.exe
2014-11-08 03:47 - 2014-10-17 06:39 - 0665682 _____ (SQLite Development Team) C:\Users\Ryan2011\AppData\Local\Temp\sqlite3.dll
2006-05-24 12:10 - 2006-05-24 12:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Ryan2011\AppData\Local\Temp\_is98E4.exe
2015-02-12 16:08 - 2006-05-24 12:10 - 0455600 _____ (Macrovision Corporation) C:\Users\Ryan2011\AppData\Local\Temp\_isA746.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-22 00:06
 
==================== End of FRST.txt ============================

Attached Files


  • 0

Advertisements

#2
RKinner
Posted 23 February 2017 - 07:48 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

The hosts file shown in addition.txt is full of garbage so that the file is too long for the forum.

 

Let's have FRST do a quick reset of the hosts file:

 

open notepad.
 
Type:
 
hosts:
 
(hit Enter after the :)
 
File Save As, to the same folder where FRST is, fixlist OK
 
Run FRST (right click and Run as admin) but do not hit SCAN.  Instead hit FIX.  It should reset the hosts file to the default.
 
You will get a fixlog.
 
Run FRST again with addition.txt  checked.  Post the addition.txt file.
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 

  • 0

#3
Lyanheart
Posted 24 February 2017 - 07:10 AM

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
Ran by Ryan2011 (24-02-2017 07:58:09) Run:2
Running from C:\Users\Ryan2011\Desktop\Malware
Loaded Profiles: Ryan2011 (Available Profiles: Ryan2011)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
hosts:
 
*****************
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
==== End of Fixlog 07:58:10 ====
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017 01
Ran by Ryan2011 (administrator) on RYAN2011-PC (24-02-2017 08:01:07)
Running from C:\Users\Ryan2011\Desktop\Malware
Loaded Profiles: Ryan2011 (Available Profiles: Ryan2011)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
( ) C:\Windows\System32\dlbkcoms.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Dropbox, Inc.) C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-02] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-30] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
Winlogon\Notify\GoToAssist: 
Winlogon\Notify\igfxcui: 
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [975288 2012-07-02] (Samsung)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-07-02] ()
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5142664 2014-12-21] (Plex, Inc.)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [Google Update] => C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [Dropbox Update] => C:\Users\Ryan2011\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [Yahoo Messenger Updater] => C:\Users\Ryan2011\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115144 2016-08-22] (Yahoo!, Inc.)
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-06-17]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-02-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{288D171A-CEE6-471A-B1B8-884749FB721A}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2DBCD195-5512-4C7A-8C99-29D6593BD0FF}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
SearchScopes: HKLM -> {DC718571-D9D1-419F-8C55-D9E6BD5837E5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {B0774E76-A7A8-4B69-B75F-965BB88F7716} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000 -> {B0774E76-A7A8-4B69-B75F-965BB88F7716} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-12] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-12] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll => No File
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll => No File
BHO-x32: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll => No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} 
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: (Default Manager) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-02-21] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-11-12] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-02-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-07-05] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1237553287-1429794397-2156527687-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1237553287-1429794397-2156527687-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1237553287-1429794397-2156527687-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-14] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1237553287-1429794397-2156527687-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll [No File]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Native Client) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default [2017-02-24]
CHR Extension: (Flip this) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\donljlliiecjcagcenoeohjmabfegkph [2015-07-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Chrome Media Router) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Ryan2011\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
StartMenuInternet: Google Chrome - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 dlbk_device; C:\Windows\system32\dlbkcoms.exe [567024 2007-06-25] ( )
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 CSRBC; C:\Windows\System32\Drivers\csrbc.sys [38400 2011-05-18] (CSR plc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
S3 gtfilter; C:\Windows\System32\DRIVERS\gtfilter.sys [18272 2012-01-03] (Fructel AB)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-01-27] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-02-18] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-18] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-18] (Malwarebytes)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-24 08:00 - 2017-02-24 08:00 - 02710688 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ryan2011\Desktop\procexp.exe
2017-02-24 07:59 - 2017-02-24 07:59 - 02710688 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ryan2011\Downloads\procexp.exe
2017-02-23 11:57 - 2017-02-23 11:57 - 00950201 _____ C:\Users\Ryan2011\Downloads\Sons_of_anarchy_box (1).pdf
2017-02-23 10:27 - 2017-02-23 10:27 - 01340951 _____ C:\Users\Ryan2011\Downloads\SoA-Tuckbox.pdf
2017-02-23 10:27 - 2017-02-23 10:27 - 00950201 _____ C:\Users\Ryan2011\Downloads\Sons_of_anarchy_box.pdf
2017-02-23 10:23 - 2017-02-23 10:23 - 00404435 _____ C:\Users\Ryan2011\Downloads\santorini-insert-plan.pdf
2017-02-23 08:57 - 2017-02-23 08:57 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{BD4DE5E0-E769-4905-8F97-1F0317231C2D}
2017-02-22 08:26 - 2017-02-22 08:26 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{9FBDE7BD-CC86-434E-964C-B9611DF23F0A}
2017-02-21 10:03 - 2017-02-21 10:03 - 00623947 _____ C:\Users\Ryan2011\Downloads\SonsofAnarchy_v1.3.pdf
2017-02-21 09:47 - 2017-02-21 09:47 - 00074377 _____ C:\Users\Ryan2011\Downloads\Lords_of_Vegas_Pip_Tracker.pdf
2017-02-21 09:39 - 2017-02-21 09:39 - 00937772 _____ C:\Users\Ryan2011\Downloads\Lords_of_Vegas_summary_card_8.8.15.pdf
2017-02-21 08:36 - 2017-02-21 08:36 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{CE6FA1FF-0354-4FE7-8807-DCB391AFDBF0}
2017-02-21 08:19 - 2017-02-21 08:19 - 00373394 _____ C:\Users\Ryan2011\Downloads\Fresco_Mini_Player's_Aid_with_1st_Expansions_color_v12.pdf
2017-02-21 08:18 - 2017-02-21 08:18 - 00195076 _____ C:\Users\Ryan2011\Downloads\Fresco_tuck_boxes.zip
2017-02-21 08:15 - 2017-02-21 08:15 - 01711452 _____ C:\Users\Ryan2011\Downloads\score_lords_of_vegas.pdf
2017-02-21 07:59 - 2017-02-21 07:59 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{5867C5B3-5E9C-42DC-AF8C-46D80DFD2E7D}
2017-02-20 15:02 - 2017-02-20 15:02 - 02870058 _____ C:\Users\Ryan2011\Downloads\Snow_Tails_Track_#3.pdf
2017-02-20 15:01 - 2017-02-20 15:01 - 02823584 _____ C:\Users\Ryan2011\Downloads\Snow_Tails_Track_#2.pdf
2017-02-20 15:01 - 2017-02-20 15:01 - 02656630 _____ C:\Users\Ryan2011\Downloads\Snow_Tails_Track_#1.pdf
2017-02-20 15:00 - 2017-02-20 15:00 - 01295580 _____ C:\Users\Ryan2011\Downloads\Snow_Tails_-_Solo_Sheet_v1.2.pdf
2017-02-20 14:58 - 2017-02-20 14:58 - 00081427 _____ C:\Users\Ryan2011\Downloads\Snow_Tails.pdf
2017-02-20 14:51 - 2017-02-20 14:51 - 00035485 _____ C:\Users\Ryan2011\Downloads\Leonardo_Summary_v2.pdf
2017-02-20 07:53 - 2017-02-20 07:53 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{453F7E38-4DE3-45B8-AFA5-4BD164DD16B0}
2017-02-17 08:37 - 2017-01-05 13:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-02-17 08:37 - 2017-01-05 13:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-02-17 08:37 - 2017-01-05 13:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-02-17 08:37 - 2017-01-05 12:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-02-17 08:37 - 2017-01-05 12:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-02-17 08:37 - 2017-01-05 12:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-02-17 08:37 - 2017-01-05 12:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-02-17 08:37 - 2017-01-05 12:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-02-17 08:37 - 2017-01-05 12:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-02-17 08:37 - 2017-01-05 12:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-02-17 08:37 - 2017-01-05 12:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-02-17 08:32 - 2017-02-17 08:32 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{EDFDB154-3F6A-4EAD-BBCC-527528767432}
2017-02-16 09:43 - 2017-02-16 09:43 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{53AF8641-6332-466B-8EEB-77DC6AEA9D49}
2017-02-15 08:08 - 2017-02-15 08:08 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{305811D2-5A51-4310-93D1-FD09B23BA4AA}
2017-02-14 07:45 - 2017-02-14 07:45 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{1B328615-BBE9-478F-AE2C-80EDC13C9341}
2017-02-13 08:22 - 2017-02-13 08:22 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{E1502A23-3465-4AE6-9E19-555C5DDF802E}
2017-02-10 10:01 - 2017-02-10 10:01 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{DC10B33D-BAA8-435E-B0D8-628F60D55D54}
2017-02-09 09:52 - 2017-02-09 09:52 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{F0224249-23C5-4985-812B-B8F9E94ADB31}
2017-02-08 07:49 - 2017-02-08 07:49 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{24399964-FD16-4056-BF8D-15FB47B64FB7}
2017-02-07 17:08 - 2017-02-07 17:08 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-07 08:08 - 2017-02-07 08:08 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{1B1D081C-C864-47BB-969C-CAA5FB409757}
2017-02-06 10:01 - 2017-02-06 10:01 - 00003624 _____ C:\Users\Ryan2011\Desktop\jeep CL listing.txt
2017-02-06 08:42 - 2017-02-06 08:42 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{BD3E7F85-83BD-42D0-99C0-48C2DFEE2155}
2017-02-03 08:08 - 2017-02-03 08:08 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{0B889842-372D-4C6F-8034-DB14383728A8}
2017-02-02 08:16 - 2017-02-02 08:16 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{D6E8E988-742A-4E16-9882-8D4244662937}
2017-02-01 08:07 - 2017-02-01 08:07 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{8B1DD283-AD58-4944-A73B-8C406D8BD47F}
2017-01-31 08:13 - 2017-01-31 08:13 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{9E1D4590-DA38-43E0-8441-695635DA5D4D}
2017-01-30 11:25 - 2017-01-30 11:25 - 00242005 _____ C:\Users\Ryan2011\Downloads\Zooloretto_Aid_And_Guide_by_Liumas_non-SDJ_2014-04.pdf
2017-01-30 11:17 - 2017-01-30 11:17 - 13503275 _____ C:\Users\Ryan2011\Downloads\INIS_Victory_Conditions_Player_Aid.zip
2017-01-30 11:17 - 2017-01-30 11:17 - 00199526 _____ C:\Users\Ryan2011\Downloads\Inis_Rules_Clarifications.pdf
2017-01-30 11:16 - 2017-01-30 11:16 - 00045019 _____ C:\Users\Ryan2011\Downloads\Inis_-_Advantage_cards.pdf
2017-01-30 11:14 - 2017-01-30 11:14 - 00265786 _____ C:\Users\Ryan2011\Downloads\Clash_and_Victory_(Inis).pdf
2017-01-30 08:34 - 2017-01-30 08:34 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{88965A44-55E9-4559-9339-62D232A666EE}
2017-01-27 14:08 - 2017-02-18 08:44 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-27 14:08 - 2017-02-18 08:44 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-27 14:08 - 2017-02-18 08:44 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-27 14:08 - 2017-01-27 14:08 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-27 14:08 - 2017-01-27 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-27 14:08 - 2017-01-27 14:08 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-27 14:08 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-27 08:30 - 2017-01-27 08:30 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{8DEF7470-D0DE-4EB2-BEBF-11BA8B33C4F6}
2017-01-26 08:24 - 2017-01-26 08:24 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{9B6981D9-0BC1-449B-BCD0-9A699E73CBBC}
2017-01-25 08:53 - 2017-01-25 08:53 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{81B0A074-0AE6-48C3-8700-0AFB15735637}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-24 08:01 - 2013-10-25 10:19 - 00000000 ____D C:\FRST
2017-02-24 07:58 - 2015-01-12 08:10 - 00000000 ____D C:\Users\Ryan2011\Desktop\Malware
2017-02-24 07:47 - 2012-03-30 06:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-24 07:25 - 2015-06-18 06:54 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA.job
2017-02-24 03:06 - 2009-07-13 23:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-24 03:06 - 2009-07-13 23:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-23 23:47 - 2011-01-31 16:14 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E2EFC854-A19B-421C-8245-B34FDE8E3A62}
2017-02-23 12:02 - 2015-02-12 15:18 - 00007891 _____ C:\Windows\BRRBCOM.INI
2017-02-23 11:57 - 2015-04-16 08:19 - 00000000 ____D C:\Users\Ryan2011\Board Game Materials
2017-02-23 08:38 - 2015-06-18 06:54 - 00000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core.job
2017-02-18 08:50 - 2009-07-14 00:13 - 00786472 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-18 08:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-02-18 08:45 - 2012-02-23 12:50 - 00000000 ___RD C:\Users\Ryan2011\Dropbox
2017-02-18 08:44 - 2015-01-12 08:53 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-18 08:43 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-17 12:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-02-17 08:44 - 2013-08-14 11:02 - 00000000 ____D C:\Windows\system32\MRT
2017-02-17 08:38 - 2011-02-01 14:42 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-14 10:48 - 2012-03-30 06:49 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-14 10:48 - 2012-03-30 06:49 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 10:48 - 2011-05-18 06:51 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-14 10:48 - 2011-04-05 15:35 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-14 10:48 - 2010-09-10 02:48 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-07 17:09 - 2012-02-23 12:44 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\Dropbox
2017-02-06 14:05 - 2011-05-03 14:11 - 00002398 _____ C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 14:05 - 2011-05-03 14:11 - 00002390 _____ C:\Users\Ryan2011\Desktop\Google Chrome.lnk
2017-01-27 16:59 - 2016-08-26 15:27 - 02486618 ____H C:\Users\Ryan2011\AppData\Local\IconCache.db.backup
2017-01-27 14:08 - 2012-07-10 07:35 - 00000000 ____D C:\ProgramData\Malwarebytes
 
==================== Files in the root of some directories =======
 
2011-02-10 08:36 - 2015-02-12 14:54 - 0043247 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
2015-02-16 16:25 - 2015-02-16 16:25 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1094705206136404530.dll
2015-02-02 16:45 - 2015-02-02 16:45 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1234892122535289437.dll
2015-01-15 12:32 - 2015-01-15 12:32 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1305930936166307513.dll
2015-03-17 11:46 - 2015-03-17 11:46 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1477935695088929860.dll
2015-03-05 14:20 - 2015-03-05 14:20 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1662811416759938413.dll
2014-12-23 14:57 - 2014-12-23 14:57 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1750950249220935129.dll
2015-03-16 12:28 - 2015-03-16 12:28 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1922564220394928621.dll
2015-07-03 13:22 - 2015-07-03 13:22 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2177761085650802410.dll
2015-03-13 12:50 - 2015-03-13 12:50 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2191506039833144355.dll
2014-12-23 13:24 - 2014-12-23 13:24 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2288585704696943160.dll
2014-12-17 09:39 - 2014-12-17 09:39 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2525721115103601977.dll
2015-03-10 13:15 - 2015-03-10 13:15 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2722276632628636446.dll
2015-03-05 16:06 - 2015-03-05 16:06 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2878454833473033925.dll
2014-12-22 15:12 - 2014-12-22 15:12 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2891692769499953680.dll
2015-03-20 15:17 - 2015-03-20 15:17 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3316157399891243444.dll
2014-12-30 12:21 - 2014-12-30 12:21 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3322206949888591616.dll
2015-01-26 16:51 - 2015-01-26 16:51 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll33660760806898945.dll
2015-03-17 10:14 - 2015-03-17 10:14 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3381574147740508664.dll
2014-12-16 10:54 - 2014-12-16 10:54 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3437955289395833703.dll
2015-02-10 14:49 - 2015-02-10 14:49 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3474294549148471779.dll
2014-12-19 16:30 - 2014-12-19 16:30 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3603963737905416278.dll
2015-06-04 14:01 - 2015-06-04 14:01 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3662528029300492452.dll
2015-01-27 16:26 - 2015-01-27 16:26 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3825244421482017450.dll
2015-03-16 10:22 - 2015-03-16 10:22 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3895602163583237437.dll
2014-12-16 16:05 - 2014-12-16 16:05 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3904093334795893935.dll
2015-02-10 16:11 - 2015-02-10 16:11 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4095048430233985691.dll
2015-03-09 15:38 - 2015-03-09 15:38 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4140298760208167055.dll
2014-12-22 11:27 - 2014-12-22 11:27 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4153732610835489193.dll
2015-03-12 11:39 - 2015-03-12 11:39 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4298542825796865010.dll
2015-03-06 15:53 - 2015-03-06 15:53 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4315774801480525828.dll
2014-12-16 12:48 - 2014-12-16 12:48 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4410255208328184187.dll
2015-02-26 16:40 - 2015-02-26 16:40 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4552636519366260074.dll
2015-02-05 13:13 - 2015-02-05 13:13 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4625050691956842239.dll
2014-12-19 15:11 - 2014-12-19 15:11 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4694294819641030944.dll
2015-03-03 14:27 - 2015-03-03 14:27 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4702655533228940733.dll
2015-03-10 11:14 - 2015-03-10 11:14 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4716270113618199523.dll
2014-12-18 13:40 - 2014-12-18 13:40 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4826736499762481587.dll
2015-03-05 16:32 - 2015-03-05 16:32 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4832285719129521726.dll
2015-03-09 14:04 - 2015-03-09 14:04 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4847538863708923063.dll
2015-05-05 13:17 - 2015-05-05 13:17 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll489048686388158026.dll
2015-11-16 16:16 - 2015-11-16 16:16 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4896887928361525872.dll
2014-12-19 11:25 - 2014-12-19 11:25 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4921865234840115348.dll
2014-12-18 16:47 - 2014-12-18 16:47 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4969838681879398182.dll
2015-03-17 12:17 - 2015-03-17 12:17 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5103841986201854443.dll
2015-01-28 11:32 - 2015-01-28 11:32 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5116706965581881759.dll
2015-01-08 16:35 - 2015-01-08 16:35 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5118748150403154592.dll
2014-12-16 14:48 - 2014-12-16 14:48 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5279013483118320440.dll
2015-01-15 16:43 - 2015-01-15 16:43 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5312093216061575533.dll
2015-03-12 15:15 - 2015-03-12 15:15 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll535969055310820214.dll
2014-12-19 09:33 - 2014-12-19 09:33 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5423977359307857484.dll
2015-07-13 11:25 - 2015-07-13 11:25 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5648395227850570409.dll
2015-03-03 14:11 - 2015-03-03 14:11 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5736166942877262532.dll
2015-03-17 15:42 - 2015-03-17 15:42 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5822297053216011186.dll
2015-03-11 09:42 - 2015-03-11 09:42 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5862354211358584877.dll
2015-03-19 13:06 - 2015-03-19 13:06 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5875523803620366034.dll
2015-02-12 12:01 - 2015-02-12 12:01 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6359087246091873742.dll
2015-03-10 14:57 - 2015-03-10 14:57 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6482911067260101565.dll
2015-03-17 15:23 - 2015-03-17 15:23 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6491647763509399306.dll
2015-03-05 11:33 - 2015-03-05 11:33 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6607264816659145917.dll
2015-01-15 15:51 - 2015-01-15 15:51 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6639412944991037709.dll
2015-06-05 14:30 - 2015-06-05 14:30 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6644692320495610847.dll
2014-12-18 11:22 - 2014-12-18 11:22 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6919705290121585956.dll
2015-03-11 10:46 - 2015-03-11 10:46 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6923187167759227639.dll
2015-07-13 11:58 - 2015-07-13 11:58 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7242828299907620013.dll
2015-03-12 14:13 - 2015-03-12 14:13 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7258431514270775508.dll
2015-03-24 15:32 - 2015-03-24 15:32 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7328402643447464546.dll
2014-12-23 10:15 - 2014-12-23 10:15 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7442992762470252358.dll
2014-12-18 12:04 - 2014-12-18 12:04 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7466110976157898164.dll
2015-03-10 15:38 - 2015-03-10 15:38 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7578726702328802301.dll
2015-01-12 16:34 - 2015-01-12 16:34 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7602493315841084887.dll
2014-12-24 10:05 - 2014-12-24 10:05 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7635361783839240865.dll
2014-12-22 13:16 - 2014-12-22 13:16 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7962454163710303613.dll
2015-02-05 12:16 - 2015-02-05 12:16 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8100565711562063502.dll
2015-06-02 12:27 - 2015-06-02 12:27 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8140050600732972187.dll
2015-06-01 15:34 - 2015-06-01 15:34 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8140708550198523255.dll
2015-02-24 13:47 - 2015-02-24 13:47 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8199923551825153713.dll
2015-03-16 15:14 - 2015-03-16 15:14 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8547915353913272794.dll
2014-12-22 16:17 - 2014-12-22 16:17 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8654906080847629982.dll
2015-01-15 15:35 - 2015-01-15 15:35 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8672067265896875017.dll
2015-03-05 13:38 - 2015-03-05 13:38 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8711881420578433974.dll
2015-02-10 13:36 - 2015-02-10 13:36 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8719657698066397730.dll
2014-12-30 14:13 - 2014-12-30 14:13 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll9070848664574764827.dll
2015-03-10 11:11 - 2015-03-10 11:11 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll914193665277928511.dll
2014-12-19 13:49 - 2014-12-19 13:49 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll970378561671246769.dll
2014-04-10 13:18 - 2015-10-01 11:35 - 0212992 _____ (Sony DADC Austria AG) C:\Users\Ryan2011\AppData\Local\Temp\drm_dyndata_7330014.dll
2015-12-14 08:23 - 2015-12-14 08:23 - 0071168 _____ () C:\Users\Ryan2011\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy2dp_r.dll
2014-11-08 03:33 - 2015-04-08 02:24 - 0606208 _____ () C:\Users\Ryan2011\AppData\Local\Temp\Quarantine.exe
2014-11-08 03:47 - 2014-10-17 06:39 - 0665682 _____ (SQLite Development Team) C:\Users\Ryan2011\AppData\Local\Temp\sqlite3.dll
2006-05-24 12:10 - 2006-05-24 12:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Ryan2011\AppData\Local\Temp\_is98E4.exe
2015-02-12 16:08 - 2006-05-24 12:10 - 0455600 _____ (Macrovision Corporation) C:\Users\Ryan2011\AppData\Local\Temp\_isA746.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-22 00:06
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
Ran by Ryan2011 (24-02-2017 08:01:55)
Running from C:\Users\Ryan2011\Desktop\Malware
Windows 7 Home Premium Service Pack 1 (X64) (2011-01-31 17:32:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1237553287-1429794397-2156527687-500 - Administrator - Disabled)
Guest (S-1-5-21-1237553287-1429794397-2156527687-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1237553287-1429794397-2156527687-1008 - Limited - Enabled)
Ryan2011 (S-1-5-21-1237553287-1429794397-2156527687-1000 - Administrator - Enabled) => C:\Users\Ryan2011
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader 9.4.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.0 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.15 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.0.1 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.0.1 - Amazon Services LLC) Hidden
A-PDF Page Cut (HKLM-x32\...\A-PDF Page Cut_is1) (Version:  - A-PDF Solution)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Brother MFL-Pro Suite MFC-J870DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
Carcassonne (HKLM-x32\...\{8033CA80-B44F-40F9-8D0A-957211442C19}) (Version: 1.0 - Deep Silver)
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Cole2k Media - Codec Pack (Advanced) 8.0.2 (HKLM-x32\...\Cole2k Media - Codec Pack) (Version: 8.0.2 - Cole2k Media)
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CutList Plus Express (HKLM-x32\...\{29C0946B-850E-4E9A-8DE3-AFB7109CC86C}) (Version: 1.1.3 - Bridgewood Design)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Desktop Icon Position Saver (64-bit) (HKLM-x32\...\dips64) (Version:  - )
Dominion (HKLM-x32\...\Dominion) (Version: 2.00.47.11 - MakingFun)
Dropbox (HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.17 - NCH Software)
FastImageResizer (remove only) (HKLM-x32\...\FastImageResizer) (Version:  - )
Free AVI Player (HKLM-x32\...\{7DED55EA-FB69-4101-AD5D-3D7F985E68A7}) (Version: 1.00.0000 - Media Freeware)
Gametel Configuration Tool 64-bit (HKLM\...\{7B83120F-92B3-45D7-A3A6-B034EF7AC5A9}) (Version: 1.2.1.0 - Fructel AB)
Google Chrome (HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.165 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Hoyle Casino (HKLM-x32\...\{3F99D180-34C3-4151-8C6C-86FC5D7BDFBD}) (Version: 1.0.0 - Encore)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Informatik (HKLM-x32\...\Informatik_is1) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 7 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java™ 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LibreOffice 4.3.7.2 (HKLM-x32\...\{8ED4A1FC-56CF-414C-A9AB-A37714AA9EA7}) (Version: 4.3.7.2 - The Document Foundation)
Magic Online (HKLM-x32\...\{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}) (Version: 3.00.0000 - Wizards of the Coast)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mansions of Madness (HKLM\...\Steam App 478980) (Version:  - Fantasy Flight Games)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\{4a461520-05cf-4df1-8957-844b4a811ff4}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mp3tag v2.52 (HKLM-x32\...\Mp3tag) (Version: v2.52 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Palace of Chance (HKLM-x32\...\{f51a5449-9174-4e90-a0b2-bd67e0a9a87e}) (Version: 12.0.0 - RealTimeGaming Software)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Plex Media Server (HKLM-x32\...\{7425d872-d65d-42c9-8c6d-7a8a529a4b50}) (Version: 0.9.1107 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1107 - Plex, Inc.) Hidden
PosteRazor (HKLM-x32\...\PosteRazor_is1) (Version: 1.5.2 - Alessandro Portale)
Prism Video File Converter (HKLM-x32\...\Prism) (Version:  - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5963 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon Deluxe (HKLM-x32\...\GOGPACKRTC_is1) (Version: 2.1.0.18 - GOG.com)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12064_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.2.12064_9 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
SCARM 0.9.24 beta (HKLM-x32\...\{9BF3D390-A0AD-4733-AFC8-18E306B8E219}_is1) (Version: 0.9.24 - Milen Peev)
SketchUp 2013 (HKLM-x32\...\{72B622C9-AA10-47D7-A10C-377CF9BC8502}) (Version: 13.0.4124 - Trimble Navigation Limited)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Small World 2 (HKLM-x32\...\Steam App 235620) (Version:  - Days of Wonder)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Strange Eons 3745 (HKLM\...\0581-5195-2362-0248) (Version: 3745 - Christopher G. Jennings)
Talisman: Prologue (HKLM-x32\...\Steam App 258200) (Version:  - )
Ticket to Ride (HKLM-x32\...\Steam App 108200) (Version:  - Days of Wonder)
TQ Defiler.NET (HKLM-x32\...\{F4CB0C1E-A88F-46D7-AC9A-03B349A8D64F}) (Version: 1.3.7 - Soul's Software)
Unity Web Player (HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Virtual Pool 3 DL (HKLM-x32\...\{7B4873B0-71FF-4BAA-8072-1DEE154C54E4}) (Version: 3.3.1.1 - Celeris)
Virtual Pool 3 Preview (HKLM-x32\...\{70E9BAF7-FCAF-465D-AF60-7C25F68D015C}) (Version: 3.2.3.9 - Celeris)
Virtual Pool 4 Demo (HKLM-x32\...\{76EA761E-E91A-4715-8511-12B7707E53BF}) (Version: 4.1.1.7 - Celeris)
Visual Pinball VPInstaller 1.0.3 (HKLM-x32\...\Visual Pinball) (Version: VPInstaller 1.0.3 - VPForums.org)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Volume Activation Management Tool 2.0 (HKLM-x32\...\{EE010C18-9A1A-4F0E-B46E-884CA113232E}) (Version: 2.0.67.0 - Microsoft Corporation)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (02/03/2011 2.4.0.0) (HKLM\...\88C277C6E63CBDAF35A096E80A5B97A29A619D3A) (Version: 02/03/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Fructel AB (usbser) Ports  (11/04/2011 1.0.0.0) (HKLM\...\CD721827CE36C3AEAB693B6DFF32C57AC19F2425) (Version: 11/04/2011 1.0.0.0 - Fructel AB)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR 4.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Yahoo Messenger (HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\yahoomessenger) (Version: 0.8.269 - Yahoo! Inc)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\ChromeHTML: -> C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{799ff11c-a966-4c28-b7c4-b7d0ed801240}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{dd0949d3-a983-45b9-ad90-679bc855b724}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {11B44973-C307-410E-B060-BC52D00099B6} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA => C:\Users\Ryan2011\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {64506389-48FD-4A6D-B4D1-13ED5817E66E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA => C:\Users\Ryan2011\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {757CC069-530F-4A09-95CD-861F832C0212} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core => C:\Users\Ryan2011\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7F2810AD-1DC0-460F-BE58-B542A4D14CB3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core => C:\Users\Ryan2011\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {B79D8C7E-C15B-4956-AE46-57EC93BB4A2B} - System32\Tasks\{8772C729-F57A-4E77-92C9-867937DB8FBC} => pcalua.exe -a "C:\Users\Ryan2011\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N4DH6KQR\converter[1].exe" -d C:\Users\Ryan2011\Desktop
Task: {CD96F50D-D4B2-4040-B732-45D70ECF4195} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {E956ACFD-B423-47F8-8B1D-BFE24FF7D8EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {ECC21FC9-D70C-4F41-91D8-C96DFC8A8B50} - System32\Tasks\{730F5265-3543-43CD-B456-02F5030351B3} => C:\Program Files (x86)\Visual Pinball\VPinball_9_0_2.exe [2009-02-09] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core.job => C:\Users\Ryan2011\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA.job => C:\Users\Ryan2011\AppData\Local\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-02-02 10:40 - 2009-11-05 07:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2011-02-01 14:35 - 2007-02-28 08:53 - 00116224 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dlbkpp6c.dll
2017-01-27 14:08 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-27 14:08 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-27 14:08 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2012-07-02 16:12 - 2012-07-02 16:12 - 00021432 _____ () C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
2013-11-12 11:26 - 2013-11-12 11:26 - 00115137 _____ () C:\Users\Ryan2011\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2017-02-07 17:08 - 2017-02-06 23:48 - 00801600 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2015-12-14 08:26 - 2017-01-13 18:53 - 00035792 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-14 08:26 - 2017-01-13 18:53 - 00100296 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-14 08:26 - 2017-01-13 18:53 - 00018888 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-14 08:26 - 2017-02-06 23:50 - 00019776 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-14 08:26 - 2017-01-13 18:53 - 00694224 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00020824 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-14 08:26 - 2017-01-13 18:54 - 00123856 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 01682768 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00020816 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-02-07 17:08 - 2017-01-13 18:53 - 00145864 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-02-07 17:08 - 2017-01-13 18:54 - 00019408 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-02-07 17:08 - 2017-01-13 18:53 - 00116688 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-14 08:26 - 2017-01-13 18:56 - 00105928 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-08-05 14:18 - 2017-02-06 23:50 - 00022864 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00052544 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00038712 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-02-07 17:08 - 2017-01-13 18:53 - 00392144 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-02-07 17:08 - 2017-01-13 18:56 - 00020936 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-14 08:26 - 2017-01-13 18:56 - 00024528 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00116176 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-14 08:26 - 2017-02-06 23:50 - 00381760 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-14 08:26 - 2017-01-13 18:56 - 00124880 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-08-05 14:18 - 2017-02-06 23:50 - 00026456 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-14 08:26 - 2017-01-13 18:56 - 00024016 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-14 08:26 - 2017-01-13 18:56 - 00175560 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00030160 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00043472 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00048592 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-14 08:26 - 2017-01-13 18:56 - 00057808 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00024016 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00246608 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00027488 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-05 14:18 - 2017-01-13 18:55 - 00241104 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00022336 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00028616 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 01826104 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-14 08:26 - 2017-01-13 18:54 - 00083912 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\sip.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 01972536 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 03928896 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00531264 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-14 08:26 - 2017-02-06 23:50 - 00025432 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00133432 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00224064 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00207680 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-01-23 17:23 - 2017-02-06 23:50 - 00021840 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-01-23 17:23 - 2017-02-06 23:50 - 00022872 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 17:23 - 2017-02-06 23:50 - 00021848 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 17:23 - 2017-02-06 23:50 - 00022872 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00350152 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-11 16:01 - 2017-02-06 23:50 - 00023896 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00025936 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-02-07 17:08 - 2017-01-13 18:51 - 00036296 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\librsync.dll
2017-02-07 17:08 - 2017-02-06 23:50 - 00084288 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-02-07 17:08 - 2017-01-13 19:02 - 00017864 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-02-07 17:08 - 2017-01-13 19:02 - 01631184 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-02-07 17:08 - 2017-02-06 23:50 - 00042816 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00171336 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00357688 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00060880 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-08-05 14:18 - 2017-02-06 23:50 - 00026456 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00546104 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-02-12 16:19 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-08-08 14:10 - 2016-08-08 14:10 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5d3fdf7962e3a154830b603096be4216\IsdiInterop.ni.dll
2010-09-10 02:49 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2017-02-06 14:05 - 2017-02-01 04:01 - 01870168 _____ () C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 14:05 - 2017-02-01 04:01 - 00085848 _____ () C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7907 more sites.
 
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\foragentsonly.com -> foragentsonly.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\123simsen.com -> www.123simsen.com
 
There are 7907 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2017-02-24 07:58 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryan2011\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{F859B18D-11B4-47A0-98AF-6CBF61886FDB}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{EB4D2780-8883-4487-A163-5C2131EAA1FD}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [TCP Query User{706C019A-2431-4162-9BE9-3D95F25C8A0B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{B309CC84-66C2-4C1F-8B0A-E7AB183731EC}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{78BBEBB9-98AA-4E78-8D46-EC7EAF903828}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3437AB37-5A67-409F-98F0-B61BEF40A4C9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0C838C23-32AC-4619-86BB-1DB626541975}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{25D253B2-BC06-4D73-A7F3-48712F166FF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{E8FA111B-E1AF-425A-B972-E46846F3F7E4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{6C7B2DD2-4B1C-4DC4-B3AB-39EAFF52A5A7}C:\program files (x86)\deep silver\carcassonne\carcassonne.exe] => (Allow) C:\program files (x86)\deep silver\carcassonne\carcassonne.exe
FirewallRules: [UDP Query User{07157617-7AA8-4622-B84F-2D8947BACD07}C:\program files (x86)\deep silver\carcassonne\carcassonne.exe] => (Allow) C:\program files (x86)\deep silver\carcassonne\carcassonne.exe
FirewallRules: [{5863A6E2-0C37-4502-BADB-F939EB468D5B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{ABC21109-BD1E-4626-A1F6-28A4BB8A8777}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{511A2E9D-8654-47EB-8EEF-C36E8B3F935B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ticket to Ride\Ticket to Ride.exe
FirewallRules: [{205DE729-8951-44CA-A00B-1F6F3BF3D44D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ticket to Ride\Ticket to Ride.exe
FirewallRules: [{DE05B080-623A-4848-8845-8660795299CF}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{95EE5139-0793-4277-B0A1-87D7CD0CBDC9}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{A75C42EA-3872-4AE8-AB11-4EBAFC36B12A}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [TCP Query User{0FB0D458-2F27-4D39-9678-02304DD1733A}C:\users\ryan2011\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ryan2011\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{8D858DBB-F379-4190-9CC0-09C6F936B260}C:\users\ryan2011\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ryan2011\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{97DDF85E-6573-4675-AC52-CDCA0A1CD552}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SmallWorld2\SW2Executable.app\Contents\Win32\SW2Executable.exe
FirewallRules: [{E72A7AFA-C105-4A25-BE5E-053EDA3E0A05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SmallWorld2\SW2Executable.app\Contents\Win32\SW2Executable.exe
FirewallRules: [TCP Query User{3FA02E10-686E-4CFA-8898-496B88373867}C:\users\ryan2011\appdata\local\temp\rar$exa0.606\overland.exe] => (Allow) C:\users\ryan2011\appdata\local\temp\rar$exa0.606\overland.exe
FirewallRules: [UDP Query User{2E96CC84-3BBF-4F2E-AA8A-39871170E0BF}C:\users\ryan2011\appdata\local\temp\rar$exa0.606\overland.exe] => (Allow) C:\users\ryan2011\appdata\local\temp\rar$exa0.606\overland.exe
FirewallRules: [TCP Query User{ED39554A-1E4B-4FCC-AF98-972C6A2A1346}C:\users\ryan2011\overland\overland.exe] => (Allow) C:\users\ryan2011\overland\overland.exe
FirewallRules: [UDP Query User{C12A1365-EF38-446B-8DF1-717F1CAED693}C:\users\ryan2011\overland\overland.exe] => (Allow) C:\users\ryan2011\overland\overland.exe
FirewallRules: [{E6D07D41-F769-4575-ABA6-7AB9A923C059}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mansions of Madness\Mansions of Madness.exe
FirewallRules: [{8682DD35-F884-4BB5-93BC-792A4913AC8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mansions of Madness\Mansions of Madness.exe
FirewallRules: [{AFA8A48F-97B8-470B-85C7-6F550C2E6437}] => (Allow) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
18-01-2017 14:16:35 Scheduled Checkpoint
26-01-2017 00:00:04 Scheduled Checkpoint
03-02-2017 00:00:03 Scheduled Checkpoint
13-02-2017 14:11:29 Scheduled Checkpoint
17-02-2017 08:37:11 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/24/2017 06:16:45 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (02/23/2017 11:46:59 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (02/22/2017 04:30:07 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (02/22/2017 09:08:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18538, time stamp: 0x58274b59
Faulting module name: IEFRAME.dll, version: 11.0.9600.18538, time stamp: 0x582753cc
Exception code: 0xc0000005
Fault offset: 0x000000000026b83b
Faulting process id: 0xfec
Faulting application start time: 0x01d28d13a9fa4d64
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\system32\IEFRAME.dll
Report Id: 6834a177-f908-11e6-92fa-000acd21436e
 
Error: (02/21/2017 09:48:55 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (02/21/2017 02:26:53 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (02/20/2017 07:18:44 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (02/19/2017 12:19:48 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (02/18/2017 05:32:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (02/18/2017 09:30:18 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
 
System errors:
=============
Error: (02/23/2017 08:16:57 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (02/18/2017 08:47:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error: 
The specified module could not be found.
 
Error: (02/18/2017 08:45:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (02/17/2017 10:00:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error: 
The specified module could not be found.
 
Error: (02/17/2017 10:00:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (02/13/2017 08:23:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error: 
The specified module could not be found.
 
Error: (02/13/2017 08:22:56 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP Network Devices Support service hung on starting.
 
Error: (02/13/2017 08:20:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (02/06/2017 08:26:42 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error: 
The specified module could not be found.
 
Error: (02/06/2017 08:26:39 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP Network Devices Support service hung on starting.
 
 
CodeIntegrity:
===================================
  Date: 2013-11-04 16:43:34.593
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-04 16:43:34.390
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-04 16:43:34.187
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-04 16:43:34.000
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-04 16:05:22.392
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-04 16:05:22.189
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-04 16:05:21.986
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-04 16:05:21.784
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-01 11:50:27.955
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-01 11:50:27.753
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 57%
Total physical RAM: 4060.98 MB
Available physical RAM: 1742.77 MB
Total Virtual: 8120.15 MB
Available Virtual: 5483.66 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:453.69 GB) (Free:302.01 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 86C69001)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 85.76 0 K 24 K 0
procexp64.exe 4.15 26,376 K 48,180 K 1672 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
TeaTimer.exe 2.19 54,716 K 51,868 K 2400 System settings protector Safer-Networking Ltd. (No signature was present in the subject) Safer-Networking Ltd.
dwm.exe 1.08 71,656 K 46,456 K 1800 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 0.78 0 K 0 K n/a Hardware Interrupts and DPCs
KiesPDLR.exe 0.66 30,200 K 24,536 K 2620 KiesPDLR (Verified) Samsung Electronics CO.
chrome.exe 0.44 64,584 K 83,608 K 2456 Google Chrome Google Inc. (Verified) Google Inc
csrss.exe 0.37 3,120 K 35,472 K 512 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
System 0.36 264 K 6,396 K 4
Dropbox.exe 0.26 144,060 K 114,692 K 3856 Dropbox Dropbox, Inc. (Verified) Dropbox
MBAMService.exe 0.21 393,780 K 362,848 K 1920 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Corporation
Kies.exe 0.15 25,688 K 20,264 K 2432 Kies Samsung (Verified) Samsung Electronics CO.
svchost.exe 0.12 8,052 K 12,180 K 1988 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.09 51,784 K 64,852 K 1848 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
PlexScriptHost.exe 0.07 29,908 K 29,040 K 3848 Python Python Software Foundation (Verified) Plex
chrome.exe 0.06 67,232 K 128,428 K 4592 Google Chrome Google Inc. (Verified) Google Inc
PlexDlnaServer.exe 0.03 18,864 K 21,228 K 4336 Plex Media Server DLNA Service Plex, Inc. (Verified) Plex
svchost.exe 0.02 19,184 K 19,276 K 964 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
IAStorDataMgrSvc.exe 0.02 23,652 K 16,132 K 2760 IAStorDataSvc Intel Corporation (Verified) Intel Corporation
svchost.exe 0.02 20,996 K 19,908 K 892 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 12,032 K 13,948 K 3224 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 7,752 K 11,044 K 1512 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 54,736 K 58,436 K 1012 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
BrYNSvc.exe 0.01 4,024 K 7,568 K 3684 BrYNCSvc Brother Industries, Ltd. (No signature was present in the subject) Brother Industries, Ltd.
Plex Media Server.exe 0.01 21,264 K 16,900 K 2808 Plex Media Server Plex, Inc. (Verified) Plex
svchost.exe < 0.01 3,568 K 6,368 K 2328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe < 0.01 16,228 K 20,032 K 1732 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
PDFProFiltSrvPP.exe < 0.01 1,320 K 3,600 K 1628 PDFPro IFilter Service Nuance Communications, Inc. (Verified) Nuance Communications
svchost.exe < 0.01 21,572 K 23,336 K 980 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE < 0.01 7,072 K 10,856 K 1288 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
csrss.exe < 0.01 2,536 K 4,336 K 440 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 53,760 K 33,992 K 1164 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
IAStorIcon.exe < 0.01 24,520 K 15,828 K 3588 IAStorIcon Intel Corporation (Verified) Intel Corporation
svchost.exe < 0.01 149,912 K 148,912 K 940 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
KiesTrayAgent.exe < 0.01 9,392 K 13,468 K 3620 Kies TrayAgent Application Samsung Electronics Co., Ltd. (Verified) Samsung Electronics CO.
WUDFHost.exe 2,112 K 3,752 K 2664 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
wuauclt.exe 1,924 K 6,716 K 5316 Windows Update Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 12,476 K 13,384 K 3296 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,636 K 6,440 K 3160 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 1,196 K 2,656 K 1612 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
winlogon.exe 2,696 K 5,256 K 564 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,484 K 3,856 K 496 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 5,948 K 12,008 K 4172 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 6,256 K 7,640 K 5576 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 8,336 K 9,176 K 1224 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,936 K 8,952 K 724 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,312 K 8,664 K 796 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,152 K 3,168 K 1576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,136 K 3,172 K 1900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,932 K 5,336 K 424 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 7,532 K 11,752 K 1420 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 14,408 K 18,320 K 1188 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 448 K 1,060 K 300 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 6,104 K 7,884 K 600 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
RAVCpl64.exe 8,172 K 6,964 K 2448 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
procexp.exe 2,468 K 7,640 K 6100 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
pptd40nt.exe 1,484 K 4,056 K 3892 PaperPort Print to Desktop for NT Nuance Communications, Inc. (Verified) Nuance Communications
pdfPro5Hook.exe 1,544 K 4,584 K 3936 PdfCreateHook Application Nuance Communications, Inc. (Verified) Nuance Communications
mbamtray.exe 20,232 K 26,304 K 2128 Malwarebytes Tray Application Malwarebytes (Verified) Malwarebytes Corporation
lsm.exe 2,572 K 4,024 K 632 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 11,064 K 17,068 K 616 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
ISUSPM.exe 3,172 K 8,112 K 1008 Acresso Software Manager Acresso Corporation (Verified) Acresso Software Inc.
igfxpers.exe 2,716 K 7,160 K 1476 persistence Module Intel Corporation (Verified) Intel Corporation
hkcmd.exe 2,888 K 8,248 K 3044 hkcmd Module Intel Corporation (Verified) Intel Corporation
dllhost.exe 2,008 K 5,884 K 6932 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 2,360 K 6,516 K 4584 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dlbkcoms.exe 1,492 K 3,808 K 1444 Printer Communication System (Verified) Dell Inc.
conhost.exe 1,456 K 3,860 K 4000 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 25,084 K 30,668 K 6348 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 68,700 K 63,296 K 3660 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 3,652 K 7,824 K 6852 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 3,740 K 9,084 K 3836 Google Chrome Google Inc. (Verified) Google Inc
BrStMonW.exe 202,928 K 122,300 K 4052 Status Monitor Application Brother Industries, Ltd. (No signature was present in the subject) Brother Industries, Ltd.
BrCtrlCntr.exe 3,248 K 9,856 K 3408 ControlCenter Main Process Brother Industries, Ltd. (No signature was present in the subject) Brother Industries, Ltd.
BrCcUxSys.exe 1,724 K 5,836 K 2868 ControlCenter UX System Brother Industries, Ltd. (No signature was present in the subject) Brother Industries, Ltd.
 
 

  • 0

#4
RKinner
Posted 24 February 2017 - 08:01 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Uninstall:

 

Spybot - Search & Destroy  (remove any immunizations it has done)

Java 7 Update 13 

Java 7 Update 45 
Java™ 6 Update 20 
Java™ 6 Update 31 
JavaFX 2.1.1 
 
Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
 
If you feel you must have Java:
Get the latest Java at:
 
Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
 

**************************

 

start the control panel (View by, Large icons) and click Action Center > Change Action Center settings.
 
Click Customer Experience Improvement Program settings.
 
Select No, I don't want to participate in the program and click Save changes.
 
Start the control panel and click Administrative Tools > Task Scheduler.
 
In the Task Scheduler (Local) pane of the Task Scheduler dialog box, expand the Task Scheduler Library > Microsoft > Windows nodes and open the Application Experience folder.
 
Disable the AITAgent and ProgramDataUpdater tasks.
 
In the Task Scheduler Library > Microsoft > Windows node, open the Customer Experience Improvement Program folder.
 
Disable the Consolidator, KernelCEIPTask, and Use CEIP tasks.
 
*********************
(Start), Devices and Printers.  Locate the Photosmart D110 printer, right click and Remove Device.
 
****************** 
Search for:
 
services.msc
 
hit Enter
 
Scroll down until you find:
 
HP Network Devices Support service 
 
Right click and select Properties then change the Startup Type: to Disabled.  OK.  Close the Services window.
 
*******************
 
 
Download the attached fixlist.txt to the same location as FRST
 
 
 
Run FRST and press Fix
A fix log will be generated please post that 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 
 

  • 0

#5
Lyanheart
Posted 24 February 2017 - 09:46 AM

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

Thanks for the support. Just about to run the FRST fix and will post results. 

 

The only thing I could not do was delete the D110 HP printer. It does not appear in my devices. It has been several years since I have had that printer.


  • 0

#6
RKinner
Posted 24 February 2017 - 10:09 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

OK.  It's still in there somewhere.  Perhaps in device manager:

 

Right click on Computer and select Manage and then Device Manager then View, Show Hidden Drivers.  Now look in the right pane for yellow flagged devices.  Right click on one and select properties then click on the Details tab.  Change Property to Hardware IDs.  Click on the top one then right click and copy.  Paste that into a reply.  Repeat for all yellow flagged devices.


  • 0

#7
Lyanheart
Posted 24 February 2017 - 10:20 AM

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Device manager stuff:
 
Photosmart_D110_series&HPSLP
Photosmart_D110_series&HPSLP
Photosmart_D110_series&HPSLP
 
It is listed 3 times under "other devices" with the yellow flag.
 
FRST logs will be in next post.
 
 
 

  • 0

#8
Lyanheart
Posted 24 February 2017 - 10:20 AM

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017 01
Ran by Ryan2011 (administrator) on RYAN2011-PC (24-02-2017 11:13:55)
Running from C:\Users\Ryan2011\Desktop\Malware
Loaded Profiles: Ryan2011 (Available Profiles: Ryan2011)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
( ) C:\Windows\System32\dlbkcoms.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Dropbox, Inc.) C:\Users\Ryan2011\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-02] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-30] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
Winlogon\Notify\GoToAssist: 
Winlogon\Notify\igfxcui: 
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [975288 2012-07-02] (Samsung)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-07-02] ()
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5142664 2014-12-21] (Plex, Inc.)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [Google Update] => C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [Dropbox Update] => C:\Users\Ryan2011\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [Yahoo Messenger Updater] => C:\Users\Ryan2011\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115144 2016-08-22] (Yahoo!, Inc.)
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-06-17]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-02-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{288D171A-CEE6-471A-B1B8-884749FB721A}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2DBCD195-5512-4C7A-8C99-29D6593BD0FF}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
SearchScopes: HKLM -> {DC718571-D9D1-419F-8C55-D9E6BD5837E5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {B0774E76-A7A8-4B69-B75F-965BB88F7716} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} 
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: (Default Manager) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-02-21] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @java.com/DTPlugin -> C:\Program Files\Java\jre6\bin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1237553287-1429794397-2156527687-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1237553287-1429794397-2156527687-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1237553287-1429794397-2156527687-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-14] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Native Client) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default [2017-02-24]
CHR Extension: (Flip this) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\donljlliiecjcagcenoeohjmabfegkph [2015-07-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Chrome Media Router) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
StartMenuInternet: Google Chrome - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 dlbk_device; C:\Windows\system32\dlbkcoms.exe [567024 2007-06-25] ( )
S4 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 CSRBC; C:\Windows\System32\Drivers\csrbc.sys [38400 2011-05-18] (CSR plc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
S3 gtfilter; C:\Windows\System32\DRIVERS\gtfilter.sys [18272 2012-01-03] (Fructel AB)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-01-27] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-02-24] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-24] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-24] (Malwarebytes)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-24 09:29 - 2017-02-24 09:29 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{E1F539AD-A6D5-407D-8371-BE7D2351FADD}
2017-02-24 07:59 - 2017-02-24 07:59 - 02710688 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ryan2011\Downloads\procexp.exe
2017-02-23 11:57 - 2017-02-23 11:57 - 00950201 _____ C:\Users\Ryan2011\Downloads\Sons_of_anarchy_box (1).pdf
2017-02-23 10:27 - 2017-02-23 10:27 - 01340951 _____ C:\Users\Ryan2011\Downloads\SoA-Tuckbox.pdf
2017-02-23 10:27 - 2017-02-23 10:27 - 00950201 _____ C:\Users\Ryan2011\Downloads\Sons_of_anarchy_box.pdf
2017-02-23 10:23 - 2017-02-23 10:23 - 00404435 _____ C:\Users\Ryan2011\Downloads\santorini-insert-plan.pdf
2017-02-23 08:57 - 2017-02-23 08:57 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{BD4DE5E0-E769-4905-8F97-1F0317231C2D}
2017-02-22 08:26 - 2017-02-22 08:26 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{9FBDE7BD-CC86-434E-964C-B9611DF23F0A}
2017-02-21 10:03 - 2017-02-21 10:03 - 00623947 _____ C:\Users\Ryan2011\Downloads\SonsofAnarchy_v1.3.pdf
2017-02-21 09:47 - 2017-02-21 09:47 - 00074377 _____ C:\Users\Ryan2011\Downloads\Lords_of_Vegas_Pip_Tracker.pdf
2017-02-21 09:39 - 2017-02-21 09:39 - 00937772 _____ C:\Users\Ryan2011\Downloads\Lords_of_Vegas_summary_card_8.8.15.pdf
2017-02-21 08:36 - 2017-02-21 08:36 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{CE6FA1FF-0354-4FE7-8807-DCB391AFDBF0}
2017-02-21 08:19 - 2017-02-21 08:19 - 00373394 _____ C:\Users\Ryan2011\Downloads\Fresco_Mini_Player's_Aid_with_1st_Expansions_color_v12.pdf
2017-02-21 08:18 - 2017-02-21 08:18 - 00195076 _____ C:\Users\Ryan2011\Downloads\Fresco_tuck_boxes.zip
2017-02-21 08:15 - 2017-02-21 08:15 - 01711452 _____ C:\Users\Ryan2011\Downloads\score_lords_of_vegas.pdf
2017-02-21 07:59 - 2017-02-21 07:59 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{5867C5B3-5E9C-42DC-AF8C-46D80DFD2E7D}
2017-02-20 15:02 - 2017-02-20 15:02 - 02870058 _____ C:\Users\Ryan2011\Downloads\Snow_Tails_Track_#3.pdf
2017-02-20 15:01 - 2017-02-20 15:01 - 02823584 _____ C:\Users\Ryan2011\Downloads\Snow_Tails_Track_#2.pdf
2017-02-20 15:01 - 2017-02-20 15:01 - 02656630 _____ C:\Users\Ryan2011\Downloads\Snow_Tails_Track_#1.pdf
2017-02-20 15:00 - 2017-02-20 15:00 - 01295580 _____ C:\Users\Ryan2011\Downloads\Snow_Tails_-_Solo_Sheet_v1.2.pdf
2017-02-20 14:58 - 2017-02-20 14:58 - 00081427 _____ C:\Users\Ryan2011\Downloads\Snow_Tails.pdf
2017-02-20 14:51 - 2017-02-20 14:51 - 00035485 _____ C:\Users\Ryan2011\Downloads\Leonardo_Summary_v2.pdf
2017-02-17 08:37 - 2017-01-05 13:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-02-17 08:37 - 2017-01-05 13:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-02-17 08:37 - 2017-01-05 13:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-02-17 08:37 - 2017-01-05 12:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-02-17 08:37 - 2017-01-05 12:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-02-17 08:37 - 2017-01-05 12:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-02-17 08:37 - 2017-01-05 12:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-02-17 08:37 - 2017-01-05 12:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-02-17 08:37 - 2017-01-05 12:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-02-17 08:37 - 2017-01-05 12:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-02-17 08:37 - 2017-01-05 12:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-02-17 08:32 - 2017-02-17 08:32 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{EDFDB154-3F6A-4EAD-BBCC-527528767432}
2017-02-16 09:43 - 2017-02-16 09:43 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{53AF8641-6332-466B-8EEB-77DC6AEA9D49}
2017-02-15 08:08 - 2017-02-15 08:08 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{305811D2-5A51-4310-93D1-FD09B23BA4AA}
2017-02-14 07:45 - 2017-02-14 07:45 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{1B328615-BBE9-478F-AE2C-80EDC13C9341}
2017-02-13 08:22 - 2017-02-13 08:22 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{E1502A23-3465-4AE6-9E19-555C5DDF802E}
2017-02-10 10:01 - 2017-02-10 10:01 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{DC10B33D-BAA8-435E-B0D8-628F60D55D54}
2017-02-09 09:52 - 2017-02-09 09:52 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{F0224249-23C5-4985-812B-B8F9E94ADB31}
2017-02-08 07:49 - 2017-02-08 07:49 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{24399964-FD16-4056-BF8D-15FB47B64FB7}
2017-02-07 17:08 - 2017-02-07 17:08 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-07 08:08 - 2017-02-07 08:08 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{1B1D081C-C864-47BB-969C-CAA5FB409757}
2017-02-06 10:01 - 2017-02-06 10:01 - 00003624 _____ C:\Users\Ryan2011\Desktop\jeep CL listing.txt
2017-02-06 08:42 - 2017-02-06 08:42 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{BD3E7F85-83BD-42D0-99C0-48C2DFEE2155}
2017-02-03 08:08 - 2017-02-03 08:08 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{0B889842-372D-4C6F-8034-DB14383728A8}
2017-02-02 08:16 - 2017-02-02 08:16 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{D6E8E988-742A-4E16-9882-8D4244662937}
2017-02-01 08:07 - 2017-02-01 08:07 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{8B1DD283-AD58-4944-A73B-8C406D8BD47F}
2017-01-31 08:13 - 2017-01-31 08:13 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{9E1D4590-DA38-43E0-8441-695635DA5D4D}
2017-01-30 11:25 - 2017-01-30 11:25 - 00242005 _____ C:\Users\Ryan2011\Downloads\Zooloretto_Aid_And_Guide_by_Liumas_non-SDJ_2014-04.pdf
2017-01-30 11:17 - 2017-01-30 11:17 - 13503275 _____ C:\Users\Ryan2011\Downloads\INIS_Victory_Conditions_Player_Aid.zip
2017-01-30 11:17 - 2017-01-30 11:17 - 00199526 _____ C:\Users\Ryan2011\Downloads\Inis_Rules_Clarifications.pdf
2017-01-30 11:16 - 2017-01-30 11:16 - 00045019 _____ C:\Users\Ryan2011\Downloads\Inis_-_Advantage_cards.pdf
2017-01-30 11:14 - 2017-01-30 11:14 - 00265786 _____ C:\Users\Ryan2011\Downloads\Clash_and_Victory_(Inis).pdf
2017-01-30 08:34 - 2017-01-30 08:34 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{88965A44-55E9-4559-9339-62D232A666EE}
2017-01-27 14:08 - 2017-02-24 10:59 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-27 14:08 - 2017-02-24 10:59 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-27 14:08 - 2017-02-18 08:44 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-27 14:08 - 2017-01-27 14:08 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-27 14:08 - 2017-01-27 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-27 14:08 - 2017-01-27 14:08 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-27 14:08 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-27 08:30 - 2017-01-27 08:30 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{8DEF7470-D0DE-4EB2-BEBF-11BA8B33C4F6}
2017-01-26 08:24 - 2017-01-26 08:24 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{9B6981D9-0BC1-449B-BCD0-9A699E73CBBC}
2017-01-25 08:53 - 2017-01-25 08:53 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{81B0A074-0AE6-48C3-8700-0AFB15735637}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-24 11:13 - 2013-10-25 10:19 - 00000000 ____D C:\FRST
2017-02-24 11:07 - 2009-07-13 23:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-24 11:07 - 2009-07-13 23:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-24 11:05 - 2009-07-14 00:13 - 00786472 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-24 11:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-02-24 11:00 - 2012-02-23 12:50 - 00000000 ___RD C:\Users\Ryan2011\Dropbox
2017-02-24 10:59 - 2015-01-12 08:53 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-24 10:58 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-24 10:56 - 2015-01-12 08:10 - 00000000 ____D C:\Users\Ryan2011\Desktop\Malware
2017-02-24 09:33 - 2010-09-10 02:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-24 09:31 - 2010-09-10 02:49 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-24 09:20 - 2012-07-10 07:52 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-24 09:19 - 2012-07-10 07:52 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2017-02-23 23:47 - 2011-01-31 16:14 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E2EFC854-A19B-421C-8245-B34FDE8E3A62}
2017-02-23 12:02 - 2015-02-12 15:18 - 00007891 _____ C:\Windows\BRRBCOM.INI
2017-02-23 11:57 - 2015-04-16 08:19 - 00000000 ____D C:\Users\Ryan2011\Board Game Materials
2017-02-17 12:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-02-17 08:44 - 2013-08-14 11:02 - 00000000 ____D C:\Windows\system32\MRT
2017-02-17 08:38 - 2011-02-01 14:42 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-14 10:48 - 2012-03-30 06:49 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-14 10:48 - 2012-03-30 06:49 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 10:48 - 2011-05-18 06:51 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-14 10:48 - 2011-04-05 15:35 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-14 10:48 - 2010-09-10 02:48 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-07 17:09 - 2012-02-23 12:44 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\Dropbox
2017-02-06 14:05 - 2011-05-03 14:11 - 00002398 _____ C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 14:05 - 2011-05-03 14:11 - 00002390 _____ C:\Users\Ryan2011\Desktop\Google Chrome.lnk
2017-01-27 16:59 - 2016-08-26 15:27 - 02486618 ____H C:\Users\Ryan2011\AppData\Local\IconCache.db.backup
2017-01-27 14:08 - 2012-07-10 07:35 - 00000000 ____D C:\ProgramData\Malwarebytes
 
==================== Files in the root of some directories =======
 
2011-02-10 08:36 - 2015-02-12 14:54 - 0043247 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-22 00:06
 
==================== End of FRST.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
Ran by Ryan2011 (24-02-2017 11:14:55)
Running from C:\Users\Ryan2011\Desktop\Malware
Windows 7 Home Premium Service Pack 1 (X64) (2011-01-31 17:32:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1237553287-1429794397-2156527687-500 - Administrator - Disabled)
Guest (S-1-5-21-1237553287-1429794397-2156527687-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1237553287-1429794397-2156527687-1008 - Limited - Enabled)
Ryan2011 (S-1-5-21-1237553287-1429794397-2156527687-1000 - Administrator - Enabled) => C:\Users\Ryan2011
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader 9.4.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.0 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.15 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.0.1 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.0.1 - Amazon Services LLC) Hidden
A-PDF Page Cut (HKLM-x32\...\A-PDF Page Cut_is1) (Version:  - A-PDF Solution)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Brother MFL-Pro Suite MFC-J870DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
Carcassonne (HKLM-x32\...\{8033CA80-B44F-40F9-8D0A-957211442C19}) (Version: 1.0 - Deep Silver)
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Cole2k Media - Codec Pack (Advanced) 8.0.2 (HKLM-x32\...\Cole2k Media - Codec Pack) (Version: 8.0.2 - Cole2k Media)
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CutList Plus Express (HKLM-x32\...\{29C0946B-850E-4E9A-8DE3-AFB7109CC86C}) (Version: 1.1.3 - Bridgewood Design)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Desktop Icon Position Saver (64-bit) (HKLM-x32\...\dips64) (Version:  - )
Dominion (HKLM-x32\...\Dominion) (Version: 2.00.47.11 - MakingFun)
Dropbox (HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.17 - NCH Software)
FastImageResizer (remove only) (HKLM-x32\...\FastImageResizer) (Version:  - )
Free AVI Player (HKLM-x32\...\{7DED55EA-FB69-4101-AD5D-3D7F985E68A7}) (Version: 1.00.0000 - Media Freeware)
Gametel Configuration Tool 64-bit (HKLM\...\{7B83120F-92B3-45D7-A3A6-B034EF7AC5A9}) (Version: 1.2.1.0 - Fructel AB)
Google Chrome (HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.165 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Hoyle Casino (HKLM-x32\...\{3F99D180-34C3-4151-8C6C-86FC5D7BDFBD}) (Version: 1.0.0 - Encore)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Informatik (HKLM-x32\...\Informatik_is1) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LibreOffice 4.3.7.2 (HKLM-x32\...\{8ED4A1FC-56CF-414C-A9AB-A37714AA9EA7}) (Version: 4.3.7.2 - The Document Foundation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mansions of Madness (HKLM\...\Steam App 478980) (Version:  - Fantasy Flight Games)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\{4a461520-05cf-4df1-8957-844b4a811ff4}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mp3tag v2.52 (HKLM-x32\...\Mp3tag) (Version: v2.52 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Palace of Chance (HKLM-x32\...\{f51a5449-9174-4e90-a0b2-bd67e0a9a87e}) (Version: 12.0.0 - RealTimeGaming Software)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Plex Media Server (HKLM-x32\...\{7425d872-d65d-42c9-8c6d-7a8a529a4b50}) (Version: 0.9.1107 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1107 - Plex, Inc.) Hidden
PosteRazor (HKLM-x32\...\PosteRazor_is1) (Version: 1.5.2 - Alessandro Portale)
Prism Video File Converter (HKLM-x32\...\Prism) (Version:  - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5963 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon Deluxe (HKLM-x32\...\GOGPACKRTC_is1) (Version: 2.1.0.18 - GOG.com)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12064_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.2.12064_9 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
SCARM 0.9.24 beta (HKLM-x32\...\{9BF3D390-A0AD-4733-AFC8-18E306B8E219}_is1) (Version: 0.9.24 - Milen Peev)
SketchUp 2013 (HKLM-x32\...\{72B622C9-AA10-47D7-A10C-377CF9BC8502}) (Version: 13.0.4124 - Trimble Navigation Limited)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Small World 2 (HKLM-x32\...\Steam App 235620) (Version:  - Days of Wonder)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Strange Eons 3745 (HKLM\...\0581-5195-2362-0248) (Version: 3745 - Christopher G. Jennings)
Talisman: Prologue (HKLM-x32\...\Steam App 258200) (Version:  - )
Ticket to Ride (HKLM-x32\...\Steam App 108200) (Version:  - Days of Wonder)
TQ Defiler.NET (HKLM-x32\...\{F4CB0C1E-A88F-46D7-AC9A-03B349A8D64F}) (Version: 1.3.7 - Soul's Software)
Unity Web Player (HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Virtual Pool 3 DL (HKLM-x32\...\{7B4873B0-71FF-4BAA-8072-1DEE154C54E4}) (Version: 3.3.1.1 - Celeris)
Virtual Pool 3 Preview (HKLM-x32\...\{70E9BAF7-FCAF-465D-AF60-7C25F68D015C}) (Version: 3.2.3.9 - Celeris)
Virtual Pool 4 Demo (HKLM-x32\...\{76EA761E-E91A-4715-8511-12B7707E53BF}) (Version: 4.1.1.7 - Celeris)
Visual Pinball VPInstaller 1.0.3 (HKLM-x32\...\Visual Pinball) (Version: VPInstaller 1.0.3 - VPForums.org)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Volume Activation Management Tool 2.0 (HKLM-x32\...\{EE010C18-9A1A-4F0E-B46E-884CA113232E}) (Version: 2.0.67.0 - Microsoft Corporation)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (02/03/2011 2.4.0.0) (HKLM\...\88C277C6E63CBDAF35A096E80A5B97A29A619D3A) (Version: 02/03/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Fructel AB (usbser) Ports  (11/04/2011 1.0.0.0) (HKLM\...\CD721827CE36C3AEAB693B6DFF32C57AC19F2425) (Version: 11/04/2011 1.0.0.0 - Fructel AB)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR 4.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Yahoo Messenger (HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\yahoomessenger) (Version: 0.8.269 - Yahoo! Inc)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{799ff11c-a966-4c28-b7c4-b7d0ed801240}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{dd0949d3-a983-45b9-ad90-679bc855b724}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {11B44973-C307-410E-B060-BC52D00099B6} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA => C:\Users\Ryan2011\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {64506389-48FD-4A6D-B4D1-13ED5817E66E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA => C:\Users\Ryan2011\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {757CC069-530F-4A09-95CD-861F832C0212} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core => C:\Users\Ryan2011\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7F2810AD-1DC0-460F-BE58-B542A4D14CB3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core => C:\Users\Ryan2011\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {CD96F50D-D4B2-4040-B732-45D70ECF4195} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {E956ACFD-B423-47F8-8B1D-BFE24FF7D8EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {ECC21FC9-D70C-4F41-91D8-C96DFC8A8B50} - System32\Tasks\{730F5265-3543-43CD-B456-02F5030351B3} => C:\Program Files (x86)\Visual Pinball\VPinball_9_0_2.exe [2009-02-09] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-02-02 10:40 - 2009-11-05 07:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2011-02-01 14:35 - 2007-02-28 08:53 - 00116224 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dlbkpp6c.dll
2017-01-27 14:08 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-27 14:08 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2012-07-02 16:12 - 2012-07-02 16:12 - 00021432 _____ () C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
2017-02-24 10:59 - 2017-02-24 10:59 - 00115137 _____ () C:\Users\Ryan2011\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2017-02-07 17:08 - 2017-02-06 23:48 - 00801600 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2015-12-14 08:26 - 2017-01-13 18:53 - 00035792 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-14 08:26 - 2017-01-13 18:53 - 00100296 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-14 08:26 - 2017-01-13 18:53 - 00018888 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-14 08:26 - 2017-02-06 23:50 - 00019776 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-14 08:26 - 2017-01-13 18:53 - 00694224 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00020824 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-14 08:26 - 2017-01-13 18:54 - 00123856 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 01682768 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00020816 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-02-07 17:08 - 2017-01-13 18:53 - 00145864 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-02-07 17:08 - 2017-01-13 18:54 - 00019408 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-02-07 17:08 - 2017-01-13 18:53 - 00116688 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-14 08:26 - 2017-01-13 18:56 - 00105928 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-08-05 14:18 - 2017-02-06 23:50 - 00022864 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00052544 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00038712 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-02-07 17:08 - 2017-01-13 18:53 - 00392144 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-02-07 17:08 - 2017-01-13 18:56 - 00020936 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-14 08:26 - 2017-01-13 18:56 - 00024528 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00116176 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-14 08:26 - 2017-02-06 23:50 - 00381760 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-14 08:26 - 2017-01-13 18:56 - 00124880 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-08-05 14:18 - 2017-02-06 23:50 - 00026456 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-14 08:26 - 2017-01-13 18:56 - 00024016 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-14 08:26 - 2017-01-13 18:56 - 00175560 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00030160 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00043472 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00048592 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-14 08:26 - 2017-01-13 18:56 - 00057808 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00024016 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00246608 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00027488 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-05 14:18 - 2017-01-13 18:55 - 00241104 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00022336 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00028616 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 01826104 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-14 08:26 - 2017-01-13 18:54 - 00083912 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\sip.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 01972536 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 03928896 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00531264 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-14 08:26 - 2017-02-06 23:50 - 00025432 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00133432 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00224064 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00207680 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-01-23 17:23 - 2017-02-06 23:50 - 00021840 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-01-23 17:23 - 2017-02-06 23:50 - 00022872 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 17:23 - 2017-02-06 23:50 - 00021848 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 17:23 - 2017-02-06 23:50 - 00022872 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00350152 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-11 16:01 - 2017-02-06 23:50 - 00023896 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00025936 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-02-07 17:08 - 2017-01-13 18:51 - 00036296 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\librsync.dll
2017-02-07 17:08 - 2017-02-06 23:50 - 00084288 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-02-07 17:08 - 2017-01-13 19:02 - 00017864 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-02-07 17:08 - 2017-01-13 19:02 - 01631184 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-02-07 17:08 - 2017-02-06 23:50 - 00042816 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00171336 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00357688 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00060880 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-08-05 14:18 - 2017-02-06 23:50 - 00026456 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00546104 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-02-12 16:19 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-08-08 14:10 - 2016-08-08 14:10 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5d3fdf7962e3a154830b603096be4216\IsdiInterop.ni.dll
2010-09-10 02:49 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2017-02-06 14:05 - 2017-02-01 04:01 - 01870168 _____ () C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 14:05 - 2017-02-01 04:01 - 00085848 _____ () C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7907 more sites.
 
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\foragentsonly.com -> foragentsonly.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\123simsen.com -> www.123simsen.com
 
There are 7907 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2017-02-24 07:58 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryan2011\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{F859B18D-11B4-47A0-98AF-6CBF61886FDB}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{EB4D2780-8883-4487-A163-5C2131EAA1FD}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [TCP Query User{706C019A-2431-4162-9BE9-3D95F25C8A0B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{B309CC84-66C2-4C1F-8B0A-E7AB183731EC}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{78BBEBB9-98AA-4E78-8D46-EC7EAF903828}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3437AB37-5A67-409F-98F0-B61BEF40A4C9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0C838C23-32AC-4619-86BB-1DB626541975}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{25D253B2-BC06-4D73-A7F3-48712F166FF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{E8FA111B-E1AF-425A-B972-E46846F3F7E4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{6C7B2DD2-4B1C-4DC4-B3AB-39EAFF52A5A7}C:\program files (x86)\deep silver\carcassonne\carcassonne.exe] => (Allow) C:\program files (x86)\deep silver\carcassonne\carcassonne.exe
FirewallRules: [UDP Query User{07157617-7AA8-4622-B84F-2D8947BACD07}C:\program files (x86)\deep silver\carcassonne\carcassonne.exe] => (Allow) C:\program files (x86)\deep silver\carcassonne\carcassonne.exe
FirewallRules: [{5863A6E2-0C37-4502-BADB-F939EB468D5B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{ABC21109-BD1E-4626-A1F6-28A4BB8A8777}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{511A2E9D-8654-47EB-8EEF-C36E8B3F935B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ticket to Ride\Ticket to Ride.exe
FirewallRules: [{205DE729-8951-44CA-A00B-1F6F3BF3D44D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ticket to Ride\Ticket to Ride.exe
FirewallRules: [{DE05B080-623A-4848-8845-8660795299CF}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{95EE5139-0793-4277-B0A1-87D7CD0CBDC9}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{A75C42EA-3872-4AE8-AB11-4EBAFC36B12A}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [TCP Query User{0FB0D458-2F27-4D39-9678-02304DD1733A}C:\users\ryan2011\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ryan2011\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{8D858DBB-F379-4190-9CC0-09C6F936B260}C:\users\ryan2011\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ryan2011\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{97DDF85E-6573-4675-AC52-CDCA0A1CD552}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SmallWorld2\SW2Executable.app\Contents\Win32\SW2Executable.exe
FirewallRules: [{E72A7AFA-C105-4A25-BE5E-053EDA3E0A05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SmallWorld2\SW2Executable.app\Contents\Win32\SW2Executable.exe
FirewallRules: [TCP Query User{3FA02E10-686E-4CFA-8898-496B88373867}C:\users\ryan2011\appdata\local\temp\rar$exa0.606\overland.exe] => (Allow) C:\users\ryan2011\appdata\local\temp\rar$exa0.606\overland.exe
FirewallRules: [UDP Query User{2E96CC84-3BBF-4F2E-AA8A-39871170E0BF}C:\users\ryan2011\appdata\local\temp\rar$exa0.606\overland.exe] => (Allow) C:\users\ryan2011\appdata\local\temp\rar$exa0.606\overland.exe
FirewallRules: [TCP Query User{ED39554A-1E4B-4FCC-AF98-972C6A2A1346}C:\users\ryan2011\overland\overland.exe] => (Allow) C:\users\ryan2011\overland\overland.exe
FirewallRules: [UDP Query User{C12A1365-EF38-446B-8DF1-717F1CAED693}C:\users\ryan2011\overland\overland.exe] => (Allow) C:\users\ryan2011\overland\overland.exe
FirewallRules: [{E6D07D41-F769-4575-ABA6-7AB9A923C059}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mansions of Madness\Mansions of Madness.exe
FirewallRules: [{8682DD35-F884-4BB5-93BC-792A4913AC8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mansions of Madness\Mansions of Madness.exe
FirewallRules: [{AFA8A48F-97B8-470B-85C7-6F550C2E6437}] => (Allow) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
03-02-2017 00:00:03 Scheduled Checkpoint
13-02-2017 14:11:29 Scheduled Checkpoint
17-02-2017 08:37:11 Windows Update
24-02-2017 09:20:56 Removed Java 7 Update 13
24-02-2017 09:21:56 Removed Java 7 Update 45 (64-bit)
24-02-2017 09:28:15 Removed Java™ 6 Update 20 (64-bit)
24-02-2017 09:30:45 Removed Java™ 6 Update 31
24-02-2017 09:31:23 Removed JavaFX 2.1.1
24-02-2017 09:32:02 Removed Magic Online
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 46%
Total physical RAM: 4060.98 MB
Available physical RAM: 2170.55 MB
Total Virtual: 8120.15 MB
Available Virtual: 6128.87 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:453.69 GB) (Free:309.9 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 86C69001)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#9
Lyanheart
Posted 24 February 2017 - 10:22 AM

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
Ran by Ryan2011 (24-02-2017 10:46:56) Run:3
Running from C:\Users\Ryan2011\Desktop\Malware
Loaded Profiles: Ryan2011 (Available Profiles: Ryan2011)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000 -> {B0774E76-A7A8-4B69-B75F-965BB88F7716} URL = 
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll => No File
BHO-x32: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll => No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-11-12] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-02-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-07-05] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1237553287-1429794397-2156527687-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll [No File]
CHR Plugin: (Native Client) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Ryan2011\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]
2017-02-20 07:53 - 2017-02-20 07:53 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{453F7E38-4DE3-45B8-AFA5-4BD164DD16B0}
2015-02-16 16:25 - 2015-02-16 16:25 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1094705206136404530.dll
2015-02-02 16:45 - 2015-02-02 16:45 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1234892122535289437.dll
2015-01-15 12:32 - 2015-01-15 12:32 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1305930936166307513.dll
2015-03-17 11:46 - 2015-03-17 11:46 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1477935695088929860.dll
2015-03-05 14:20 - 2015-03-05 14:20 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1662811416759938413.dll
2014-12-23 14:57 - 2014-12-23 14:57 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1750950249220935129.dll
2015-03-16 12:28 - 2015-03-16 12:28 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1922564220394928621.dll
2015-07-03 13:22 - 2015-07-03 13:22 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2177761085650802410.dll
2015-03-13 12:50 - 2015-03-13 12:50 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2191506039833144355.dll
2014-12-23 13:24 - 2014-12-23 13:24 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2288585704696943160.dll
2014-12-17 09:39 - 2014-12-17 09:39 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2525721115103601977.dll
2015-03-10 13:15 - 2015-03-10 13:15 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2722276632628636446.dll
2015-03-05 16:06 - 2015-03-05 16:06 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2878454833473033925.dll
2014-12-22 15:12 - 2014-12-22 15:12 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2891692769499953680.dll
2015-03-20 15:17 - 2015-03-20 15:17 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3316157399891243444.dll
2014-12-30 12:21 - 2014-12-30 12:21 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3322206949888591616.dll
2015-01-26 16:51 - 2015-01-26 16:51 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll33660760806898945.dll
2015-03-17 10:14 - 2015-03-17 10:14 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3381574147740508664.dll
2014-12-16 10:54 - 2014-12-16 10:54 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3437955289395833703.dll
2015-02-10 14:49 - 2015-02-10 14:49 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3474294549148471779.dll
2014-12-19 16:30 - 2014-12-19 16:30 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3603963737905416278.dll
2015-06-04 14:01 - 2015-06-04 14:01 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3662528029300492452.dll
2015-01-27 16:26 - 2015-01-27 16:26 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3825244421482017450.dll
2015-03-16 10:22 - 2015-03-16 10:22 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3895602163583237437.dll
2014-12-16 16:05 - 2014-12-16 16:05 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3904093334795893935.dll
2015-02-10 16:11 - 2015-02-10 16:11 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4095048430233985691.dll
2015-03-09 15:38 - 2015-03-09 15:38 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4140298760208167055.dll
2014-12-22 11:27 - 2014-12-22 11:27 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4153732610835489193.dll
2015-03-12 11:39 - 2015-03-12 11:39 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4298542825796865010.dll
2015-03-06 15:53 - 2015-03-06 15:53 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4315774801480525828.dll
2014-12-16 12:48 - 2014-12-16 12:48 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4410255208328184187.dll
2015-02-26 16:40 - 2015-02-26 16:40 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4552636519366260074.dll
2015-02-05 13:13 - 2015-02-05 13:13 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4625050691956842239.dll
2014-12-19 15:11 - 2014-12-19 15:11 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4694294819641030944.dll
2015-03-03 14:27 - 2015-03-03 14:27 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4702655533228940733.dll
2015-03-10 11:14 - 2015-03-10 11:14 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4716270113618199523.dll
2014-12-18 13:40 - 2014-12-18 13:40 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4826736499762481587.dll
2015-03-05 16:32 - 2015-03-05 16:32 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4832285719129521726.dll
2015-03-09 14:04 - 2015-03-09 14:04 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4847538863708923063.dll
2015-05-05 13:17 - 2015-05-05 13:17 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll489048686388158026.dll
2015-11-16 16:16 - 2015-11-16 16:16 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4896887928361525872.dll
2014-12-19 11:25 - 2014-12-19 11:25 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4921865234840115348.dll
2014-12-18 16:47 - 2014-12-18 16:47 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4969838681879398182.dll
2015-03-17 12:17 - 2015-03-17 12:17 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5103841986201854443.dll
2015-01-28 11:32 - 2015-01-28 11:32 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5116706965581881759.dll
2015-01-08 16:35 - 2015-01-08 16:35 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5118748150403154592.dll
2014-12-16 14:48 - 2014-12-16 14:48 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5279013483118320440.dll
2015-01-15 16:43 - 2015-01-15 16:43 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5312093216061575533.dll
2015-03-12 15:15 - 2015-03-12 15:15 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll535969055310820214.dll
2014-12-19 09:33 - 2014-12-19 09:33 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5423977359307857484.dll
2015-07-13 11:25 - 2015-07-13 11:25 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5648395227850570409.dll
2015-03-03 14:11 - 2015-03-03 14:11 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5736166942877262532.dll
2015-03-17 15:42 - 2015-03-17 15:42 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5822297053216011186.dll
2015-03-11 09:42 - 2015-03-11 09:42 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5862354211358584877.dll
2015-03-19 13:06 - 2015-03-19 13:06 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5875523803620366034.dll
2015-02-12 12:01 - 2015-02-12 12:01 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6359087246091873742.dll
2015-03-10 14:57 - 2015-03-10 14:57 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6482911067260101565.dll
2015-03-17 15:23 - 2015-03-17 15:23 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6491647763509399306.dll
2015-03-05 11:33 - 2015-03-05 11:33 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6607264816659145917.dll
2015-01-15 15:51 - 2015-01-15 15:51 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6639412944991037709.dll
2015-06-05 14:30 - 2015-06-05 14:30 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6644692320495610847.dll
2014-12-18 11:22 - 2014-12-18 11:22 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6919705290121585956.dll
2015-03-11 10:46 - 2015-03-11 10:46 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6923187167759227639.dll
2015-07-13 11:58 - 2015-07-13 11:58 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7242828299907620013.dll
2015-03-12 14:13 - 2015-03-12 14:13 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7258431514270775508.dll
2015-03-24 15:32 - 2015-03-24 15:32 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7328402643447464546.dll
2014-12-23 10:15 - 2014-12-23 10:15 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7442992762470252358.dll
2014-12-18 12:04 - 2014-12-18 12:04 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7466110976157898164.dll
2015-03-10 15:38 - 2015-03-10 15:38 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7578726702328802301.dll
2015-01-12 16:34 - 2015-01-12 16:34 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7602493315841084887.dll
2014-12-24 10:05 - 2014-12-24 10:05 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7635361783839240865.dll
2014-12-22 13:16 - 2014-12-22 13:16 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7962454163710303613.dll
2015-02-05 12:16 - 2015-02-05 12:16 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8100565711562063502.dll
2015-06-02 12:27 - 2015-06-02 12:27 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8140050600732972187.dll
2015-06-01 15:34 - 2015-06-01 15:34 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8140708550198523255.dll
2015-02-24 13:47 - 2015-02-24 13:47 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8199923551825153713.dll
2015-03-16 15:14 - 2015-03-16 15:14 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8547915353913272794.dll
2014-12-22 16:17 - 2014-12-22 16:17 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8654906080847629982.dll
2015-01-15 15:35 - 2015-01-15 15:35 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8672067265896875017.dll
2015-03-05 13:38 - 2015-03-05 13:38 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8711881420578433974.dll
2015-02-10 13:36 - 2015-02-10 13:36 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8719657698066397730.dll
2014-12-30 14:13 - 2014-12-30 14:13 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll9070848664574764827.dll
2015-03-10 11:11 - 2015-03-10 11:11 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll914193665277928511.dll
2014-12-19 13:49 - 2014-12-19 13:49 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll970378561671246769.dll
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\ChromeHTML: -> C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {B79D8C7E-C15B-4956-AE46-57EC93BB4A2B} - System32\Tasks\{8772C729-F57A-4E77-92C9-867937DB8FBC} => pcalua.exe -a "C:\Users\Ryan2011\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N4DH6KQR\converter[1].exe" -d C:\Users\Ryan2011\Desktop
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core.job => C:\Users\Ryan2011\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA.job => C:\Users\Ryan2011\AppData\Local\Dropbox\Update\DropboxUpdate.exe
EmptyTemp:
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
 
*****************
 
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found. 
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B0774E76-A7A8-4B69-B75F-965BB88F7716} => key removed successfully
HKCR\CLSID\{B0774E76-A7A8-4B69-B75F-965BB88F7716} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} => key removed successfully
HKCR\Wow6432Node\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found. 
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => key removed successfully
HKCR\Wow6432Node\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key removed successfully
HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found. 
HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2 => key not found. 
"C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll" => not found.
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2 => key not found. 
"C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.13.2 => key removed successfully
C:\Windows\SysWOW64\npDeployJava1.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1 => key not found. 
C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin => key removed successfully
C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll => not found.
C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => not found.
C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\pdf.dll => not found.
C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => not found.
C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found.
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf => key removed successfully
HKLM\System\CurrentControlSet\Services\gupdate => key removed successfully
gupdate => service removed successfully
HKLM\System\CurrentControlSet\Services\gupdatem => key removed successfully
gupdatem => service removed successfully
HKLM\System\CurrentControlSet\Services\WinDefend => key removed successfully
WinDefend => service removed successfully
C:\Users\Ryan2011\AppData\Local\{453F7E38-4DE3-45B8-AFA5-4BD164DD16B0} => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1094705206136404530.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1234892122535289437.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1305930936166307513.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1477935695088929860.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1662811416759938413.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1750950249220935129.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1922564220394928621.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2177761085650802410.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2191506039833144355.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2288585704696943160.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2525721115103601977.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2722276632628636446.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2878454833473033925.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2891692769499953680.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3316157399891243444.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3322206949888591616.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll33660760806898945.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3381574147740508664.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3437955289395833703.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3474294549148471779.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3603963737905416278.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3662528029300492452.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3825244421482017450.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3895602163583237437.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3904093334795893935.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4095048430233985691.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4140298760208167055.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4153732610835489193.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4298542825796865010.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4315774801480525828.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4410255208328184187.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4552636519366260074.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4625050691956842239.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4694294819641030944.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4702655533228940733.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4716270113618199523.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4826736499762481587.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4832285719129521726.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4847538863708923063.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll489048686388158026.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4896887928361525872.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4921865234840115348.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4969838681879398182.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5103841986201854443.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5116706965581881759.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5118748150403154592.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5279013483118320440.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5312093216061575533.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll535969055310820214.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5423977359307857484.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5648395227850570409.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5736166942877262532.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5822297053216011186.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5862354211358584877.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5875523803620366034.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6359087246091873742.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6482911067260101565.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6491647763509399306.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6607264816659145917.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6639412944991037709.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6644692320495610847.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6919705290121585956.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6923187167759227639.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7242828299907620013.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7258431514270775508.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7328402643447464546.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7442992762470252358.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7466110976157898164.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7578726702328802301.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7602493315841084887.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7635361783839240865.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7962454163710303613.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8100565711562063502.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8140050600732972187.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8140708550198523255.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8199923551825153713.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8547915353913272794.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8654906080847629982.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8672067265896875017.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8711881420578433974.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8719657698066397730.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll9070848664574764827.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll914193665277928511.dll => moved successfully
C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll970378561671246769.dll => moved successfully
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\ChromeHTML => key removed successfully
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736} => key removed successfully
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key removed successfully
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key removed successfully
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key removed successfully
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key removed successfully
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key removed successfully
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => key removed successfully
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key removed successfully
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B79D8C7E-C15B-4956-AE46-57EC93BB4A2B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B79D8C7E-C15B-4956-AE46-57EC93BB4A2B} => key removed successfully
C:\Windows\System32\Tasks\{8772C729-F57A-4E77-92C9-867937DB8FBC} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8772C729-F57A-4E77-92C9-867937DB8FBC} => key removed successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core.job => moved successfully
C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA.job => moved successfully
 
========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 168391298 B
Java, Flash, Steam htmlcache => 371448078 B
Windows/system/drivers => 782571949 B
Edge => 0 B
Chrome => 878149342 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 100900 B
systemprofile32 => 123729698 B
LocalService => 173204 B
NetworkService => 2141800 B
Ryan2011 => 1758635640 B
 
RecycleBin => 0 B
EmptyTemp: => 3.8 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:56:29 ====

  • 0

#10
RKinner
Posted 24 February 2017 - 11:47 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Since you can see the HP printer in device manager, just right click on each instance  and Uninstall.

 

How is it running now?  FRST says it sees MBAM running and I don't see any errors.  Is MBAM still complaining?


  • 0

Advertisements

#11
Lyanheart
Posted 24 February 2017 - 12:49 PM

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

Ok, uninstalled the D110 print device listings.

 

I turned on MB's real-time web protection and it actually turned on now, says everything is fine, and it has not turned itself off. 

I will see if it stays that way and let you know for sure when I am back in the office on Monday.


 

Thanks for everything so far.


  • 0

#12
Lyanheart
Posted 24 February 2017 - 01:52 PM

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

New development....

 

My Windows Live Mail does not work now. I am only mentioning this because it worked fine before we went through all of this today.

Was anything done that would have effected me opening mail? I cannot even create a new message. All I get is a popup box that says

 

"A problem occurred when trying to open this message. A problem occurred. Please try again."

 

This happens any time I try to reply to a message or create a new one. 


  • 0

#13
RKinner
Posted 24 February 2017 - 02:31 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

It's odd.  The only thing we touched on Windows Live was:

 

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File

which should have said:

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)

 

This was the second appearance of the BHO.  The first one is still there:

 

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

 

The BHO-x32: was missing its file in the first FRST so normally it doesn't hurt to remove such entries but we can see if its file was hidden by Spybot messing with the permissions.

 

 

 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that 
 
If the file is still there I will restore the registry entry in my next post.
 
 

 


  • 0

#14
Lyanheart
Posted 24 February 2017 - 02:52 PM

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
Ran by Ryan2011 (24-02-2017 15:52:10) Run:4
Running from C:\Users\Ryan2011\Desktop\Malware
Loaded Profiles: Ryan2011 (Available Profiles: Ryan2011)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: dir /a EmptyTemp: "\Program Files\Common Files\Microsoft Shared\Windows Live"
SetDefaultFilePermissions: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
CMD: dir /a "\Program Files\Common Files\Microsoft Shared\Windows Live"
REG: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects" /s
REG: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" /s
 
 
*****************
 
 
========= dir /a EmptyTemp: "\Program Files\Common Files\Microsoft Shared\Windows Live" =========
 
"EmptyTemp:" is not a recognized device.
"EmptyTemp:" is not a recognized device.
 Volume in drive C is OS
 Volume Serial Number is EA35-C9E7
 
 Directory of C:\Users\Ryan2011\Desktop\Malware
 
File Not Found
 
 Directory of C:\Program Files\Common Files\Microsoft Shared\Windows Live
 
08/08/2011  09:36 AM    <DIR>          .
08/08/2011  09:36 AM    <DIR>          ..
03/28/2011  08:12 PM            55,704 msidcrl40.dll
03/28/2011  05:36 PM           241,984 SQMAPI.DLL
03/28/2011  08:14 PM           529,280 WindowsLiveLogin.dll
03/28/2011  08:12 PM         1,134,488 wlidcli.dll
03/28/2011  08:11 PM           420,224 WLIDCREDPROV.DLL
03/28/2011  08:11 PM           171,392 WLIDNSP.DLL
03/28/2011  08:11 PM           290,176 WLIDPROV.DLL
03/28/2011  08:18 PM         1,568,168 WLIDRES.DLL
03/28/2011  08:11 PM         2,292,096 WLIDSVC.EXE
03/28/2011  08:11 PM           223,104 WLIDSVCM.EXE
03/28/2011  05:28 PM             4,657 WLive48x48.png
              11 File(s)      6,931,273 bytes
               2 Dir(s)  331,955,953,664 bytes free
 
========= End of CMD: =========
 
"C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" => not found.
 
========= dir /a "\Program Files\Common Files\Microsoft Shared\Windows Live" =========
 
 Volume in drive C is OS
 Volume Serial Number is EA35-C9E7
 
 Directory of C:\Program Files\Common Files\Microsoft Shared\Windows Live
 
08/08/2011  09:36 AM    <DIR>          .
08/08/2011  09:36 AM    <DIR>          ..
03/28/2011  08:12 PM            55,704 msidcrl40.dll
03/28/2011  05:36 PM           241,984 SQMAPI.DLL
03/28/2011  08:14 PM           529,280 WindowsLiveLogin.dll
03/28/2011  08:12 PM         1,134,488 wlidcli.dll
03/28/2011  08:11 PM           420,224 WLIDCREDPROV.DLL
03/28/2011  08:11 PM           171,392 WLIDNSP.DLL
03/28/2011  08:11 PM           290,176 WLIDPROV.DLL
03/28/2011  08:18 PM         1,568,168 WLIDRES.DLL
03/28/2011  08:11 PM         2,292,096 WLIDSVC.EXE
03/28/2011  08:11 PM           223,104 WLIDSVCM.EXE
03/28/2011  05:28 PM             4,657 WLive48x48.png
              11 File(s)      6,931,273 bytes
               2 Dir(s)  331,955,888,128 bytes free
 
========= End of CMD: =========
 
 
========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects" /s =========
 
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{551A852F-39A6-44A7-9C13-AFBEC9185A9D}
    (Default)    REG_SZ    
 
 
 
========= End of Reg: =========
 
 
========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" /s =========
 
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
    NoExplorer    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}
    NoExplorer    REG_DWORD    0x1
 
 
 
========= End of Reg: =========
 
 
==== End of Fixlog 15:52:12 ====

  • 0

#15
RKinner
Posted 24 February 2017 - 03:20 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

I messed up the fix list but let's replace the BHO anyway.

 

Download the attached bho.zip file and save it.  Right click on it and Extract All.  Extract.  Right click on BHO.reg and MERGE.  That should replace the BHO that we removed even tho FRST says the file is still not there.  

 

See if you can see the folder:

Copy the next line:

dir /a "\Program Files (x86)\Common Files\Microsoft Shared\Windows Live"

Open an elevated command prompt:

 

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.

 

Right click and Paste (or Edit then Paste) and the copied line should appear.  Hit Enter.

 

You should get a list that looks something like 

 

08/08/2011  09:36 AM    <DIR>          .
08/08/2011  09:36 AM    <DIR>          ..
03/28/2011  08:12 PM            55,704 msidcrl40.dll
03/28/2011  05:36 PM           241,984 SQMAPI.DLL
03/28/2011  08:14 PM           529,280 WindowsLiveLogin.dll
03/28/2011  08:12 PM         1,134,488 wlidcli.dll
03/28/2011  08:11 PM           420,224 WLIDCREDPROV.DLL
03/28/2011  08:11 PM           171,392 WLIDNSP.DLL
03/28/2011  08:11 PM           290,176 WLIDPROV.DLL
03/28/2011  08:18 PM         1,568,168 WLIDRES.DLL
03/28/2011  08:11 PM         2,292,096 WLIDSVC.EXE
03/28/2011  08:11 PM           223,104 WLIDSVCM.EXE
03/28/2011  05:28 PM             4,657 WLive48x48.png

 

If the folder is empty then you may need to reinstall Windows Live Essentials.

 

 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP