Hosts restored successfully.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017 01
Ran by Ryan2011 (administrator) on RYAN2011-PC (24-02-2017 08:01:07)
Running from C:\Users\Ryan2011\Desktop\Malware
Loaded Profiles: Ryan2011 (Available Profiles: Ryan2011)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
( ) C:\Windows\System32\dlbkcoms.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Dropbox, Inc.) C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-02] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-30] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
Winlogon\Notify\GoToAssist:
Winlogon\Notify\igfxcui:
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [975288 2012-07-02] (Samsung)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-07-02] ()
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5142664 2014-12-21] (Plex, Inc.)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [Google Update] => C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [Dropbox Update] => C:\Users\Ryan2011\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [Yahoo Messenger Updater] => C:\Users\Ryan2011\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115144 2016-08-22] (Yahoo!, Inc.)
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-06-17]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-02-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{288D171A-CEE6-471A-B1B8-884749FB721A}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2DBCD195-5512-4C7A-8C99-29D6593BD0FF}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
SearchScopes: HKLM -> {DC718571-D9D1-419F-8C55-D9E6BD5837E5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {B0774E76-A7A8-4B69-B75F-965BB88F7716} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000 -> {B0774E76-A7A8-4B69-B75F-965BB88F7716} URL =
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-12] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-12] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll => No File
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll => No File
BHO-x32: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll => No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: (Default Manager) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-02-21] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-11-12] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-02-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-07-05] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1237553287-1429794397-2156527687-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1237553287-1429794397-2156527687-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1237553287-1429794397-2156527687-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-14] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1237553287-1429794397-2156527687-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll [No File]
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Native Client) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default [2017-02-24]
CHR Extension: (Flip this) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\donljlliiecjcagcenoeohjmabfegkph [2015-07-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Chrome Media Router) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Ryan2011\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
StartMenuInternet: Google Chrome - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 dlbk_device; C:\Windows\system32\dlbkcoms.exe [567024 2007-06-25] ( )
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 CSRBC; C:\Windows\System32\Drivers\csrbc.sys [38400 2011-05-18] (CSR plc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
S3 gtfilter; C:\Windows\System32\DRIVERS\gtfilter.sys [18272 2012-01-03] (Fructel AB)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-01-27] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-02-18] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-18] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-18] (Malwarebytes)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-24 08:00 - 2017-02-24 08:00 - 02710688 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ryan2011\Desktop\procexp.exe
2017-02-24 07:59 - 2017-02-24 07:59 - 02710688 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ryan2011\Downloads\procexp.exe
2017-02-23 11:57 - 2017-02-23 11:57 - 00950201 _____ C:\Users\Ryan2011\Downloads\Sons_of_anarchy_box (1).pdf
2017-02-23 10:27 - 2017-02-23 10:27 - 01340951 _____ C:\Users\Ryan2011\Downloads\SoA-Tuckbox.pdf
2017-02-23 10:27 - 2017-02-23 10:27 - 00950201 _____ C:\Users\Ryan2011\Downloads\Sons_of_anarchy_box.pdf
2017-02-23 10:23 - 2017-02-23 10:23 - 00404435 _____ C:\Users\Ryan2011\Downloads\santorini-insert-plan.pdf
2017-02-23 08:57 - 2017-02-23 08:57 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{BD4DE5E0-E769-4905-8F97-1F0317231C2D}
2017-02-22 08:26 - 2017-02-22 08:26 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{9FBDE7BD-CC86-434E-964C-B9611DF23F0A}
2017-02-21 10:03 - 2017-02-21 10:03 - 00623947 _____ C:\Users\Ryan2011\Downloads\SonsofAnarchy_v1.3.pdf
2017-02-21 09:47 - 2017-02-21 09:47 - 00074377 _____ C:\Users\Ryan2011\Downloads\Lords_of_Vegas_Pip_Tracker.pdf
2017-02-21 09:39 - 2017-02-21 09:39 - 00937772 _____ C:\Users\Ryan2011\Downloads\Lords_of_Vegas_summary_card_8.8.15.pdf
2017-02-21 08:36 - 2017-02-21 08:36 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{CE6FA1FF-0354-4FE7-8807-DCB391AFDBF0}
2017-02-21 08:19 - 2017-02-21 08:19 - 00373394 _____ C:\Users\Ryan2011\Downloads\Fresco_Mini_Player's_Aid_with_1st_Expansions_color_v12.pdf
2017-02-21 08:18 - 2017-02-21 08:18 - 00195076 _____ C:\Users\Ryan2011\Downloads\Fresco_tuck_boxes.zip
2017-02-21 08:15 - 2017-02-21 08:15 - 01711452 _____ C:\Users\Ryan2011\Downloads\score_lords_of_vegas.pdf
2017-02-21 07:59 - 2017-02-21 07:59 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{5867C5B3-5E9C-42DC-AF8C-46D80DFD2E7D}
2017-02-20 15:02 - 2017-02-20 15:02 - 02870058 _____ C:\Users\Ryan2011\Downloads\Snow_Tails_Track_#3.pdf
2017-02-20 15:01 - 2017-02-20 15:01 - 02823584 _____ C:\Users\Ryan2011\Downloads\Snow_Tails_Track_#2.pdf
2017-02-20 15:01 - 2017-02-20 15:01 - 02656630 _____ C:\Users\Ryan2011\Downloads\Snow_Tails_Track_#1.pdf
2017-02-20 15:00 - 2017-02-20 15:00 - 01295580 _____ C:\Users\Ryan2011\Downloads\Snow_Tails_-_Solo_Sheet_v1.2.pdf
2017-02-20 14:58 - 2017-02-20 14:58 - 00081427 _____ C:\Users\Ryan2011\Downloads\Snow_Tails.pdf
2017-02-20 14:51 - 2017-02-20 14:51 - 00035485 _____ C:\Users\Ryan2011\Downloads\Leonardo_Summary_v2.pdf
2017-02-20 07:53 - 2017-02-20 07:53 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{453F7E38-4DE3-45B8-AFA5-4BD164DD16B0}
2017-02-17 08:37 - 2017-01-05 13:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-02-17 08:37 - 2017-01-05 13:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-02-17 08:37 - 2017-01-05 13:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-02-17 08:37 - 2017-01-05 13:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-02-17 08:37 - 2017-01-05 12:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-02-17 08:37 - 2017-01-05 12:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-02-17 08:37 - 2017-01-05 12:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-02-17 08:37 - 2017-01-05 12:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-02-17 08:37 - 2017-01-05 12:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-02-17 08:37 - 2017-01-05 12:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-02-17 08:37 - 2017-01-05 12:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-02-17 08:37 - 2017-01-05 12:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-02-17 08:37 - 2017-01-05 12:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-02-17 08:32 - 2017-02-17 08:32 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{EDFDB154-3F6A-4EAD-BBCC-527528767432}
2017-02-16 09:43 - 2017-02-16 09:43 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{53AF8641-6332-466B-8EEB-77DC6AEA9D49}
2017-02-15 08:08 - 2017-02-15 08:08 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{305811D2-5A51-4310-93D1-FD09B23BA4AA}
2017-02-14 07:45 - 2017-02-14 07:45 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{1B328615-BBE9-478F-AE2C-80EDC13C9341}
2017-02-13 08:22 - 2017-02-13 08:22 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{E1502A23-3465-4AE6-9E19-555C5DDF802E}
2017-02-10 10:01 - 2017-02-10 10:01 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{DC10B33D-BAA8-435E-B0D8-628F60D55D54}
2017-02-09 09:52 - 2017-02-09 09:52 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{F0224249-23C5-4985-812B-B8F9E94ADB31}
2017-02-08 07:49 - 2017-02-08 07:49 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{24399964-FD16-4056-BF8D-15FB47B64FB7}
2017-02-07 17:08 - 2017-02-07 17:08 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-07 08:08 - 2017-02-07 08:08 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{1B1D081C-C864-47BB-969C-CAA5FB409757}
2017-02-06 10:01 - 2017-02-06 10:01 - 00003624 _____ C:\Users\Ryan2011\Desktop\jeep CL listing.txt
2017-02-06 08:42 - 2017-02-06 08:42 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{BD3E7F85-83BD-42D0-99C0-48C2DFEE2155}
2017-02-03 08:08 - 2017-02-03 08:08 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{0B889842-372D-4C6F-8034-DB14383728A8}
2017-02-02 08:16 - 2017-02-02 08:16 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{D6E8E988-742A-4E16-9882-8D4244662937}
2017-02-01 08:07 - 2017-02-01 08:07 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{8B1DD283-AD58-4944-A73B-8C406D8BD47F}
2017-01-31 08:13 - 2017-01-31 08:13 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{9E1D4590-DA38-43E0-8441-695635DA5D4D}
2017-01-30 11:25 - 2017-01-30 11:25 - 00242005 _____ C:\Users\Ryan2011\Downloads\Zooloretto_Aid_And_Guide_by_Liumas_non-SDJ_2014-04.pdf
2017-01-30 11:17 - 2017-01-30 11:17 - 13503275 _____ C:\Users\Ryan2011\Downloads\INIS_Victory_Conditions_Player_Aid.zip
2017-01-30 11:17 - 2017-01-30 11:17 - 00199526 _____ C:\Users\Ryan2011\Downloads\Inis_Rules_Clarifications.pdf
2017-01-30 11:16 - 2017-01-30 11:16 - 00045019 _____ C:\Users\Ryan2011\Downloads\Inis_-_Advantage_cards.pdf
2017-01-30 11:14 - 2017-01-30 11:14 - 00265786 _____ C:\Users\Ryan2011\Downloads\Clash_and_Victory_(Inis).pdf
2017-01-30 08:34 - 2017-01-30 08:34 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{88965A44-55E9-4559-9339-62D232A666EE}
2017-01-27 14:08 - 2017-02-18 08:44 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-27 14:08 - 2017-02-18 08:44 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-27 14:08 - 2017-02-18 08:44 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-27 14:08 - 2017-01-27 14:08 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-27 14:08 - 2017-01-27 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-27 14:08 - 2017-01-27 14:08 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-27 14:08 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-27 08:30 - 2017-01-27 08:30 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{8DEF7470-D0DE-4EB2-BEBF-11BA8B33C4F6}
2017-01-26 08:24 - 2017-01-26 08:24 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{9B6981D9-0BC1-449B-BCD0-9A699E73CBBC}
2017-01-25 08:53 - 2017-01-25 08:53 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{81B0A074-0AE6-48C3-8700-0AFB15735637}
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-24 08:01 - 2013-10-25 10:19 - 00000000 ____D C:\FRST
2017-02-24 07:58 - 2015-01-12 08:10 - 00000000 ____D C:\Users\Ryan2011\Desktop\Malware
2017-02-24 07:47 - 2012-03-30 06:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-24 07:25 - 2015-06-18 06:54 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA.job
2017-02-24 03:06 - 2009-07-13 23:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-24 03:06 - 2009-07-13 23:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-23 23:47 - 2011-01-31 16:14 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E2EFC854-A19B-421C-8245-B34FDE8E3A62}
2017-02-23 12:02 - 2015-02-12 15:18 - 00007891 _____ C:\Windows\BRRBCOM.INI
2017-02-23 11:57 - 2015-04-16 08:19 - 00000000 ____D C:\Users\Ryan2011\Board Game Materials
2017-02-23 08:38 - 2015-06-18 06:54 - 00000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core.job
2017-02-18 08:50 - 2009-07-14 00:13 - 00786472 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-18 08:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-02-18 08:45 - 2012-02-23 12:50 - 00000000 ___RD C:\Users\Ryan2011\Dropbox
2017-02-18 08:44 - 2015-01-12 08:53 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-18 08:43 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-17 12:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-02-17 08:44 - 2013-08-14 11:02 - 00000000 ____D C:\Windows\system32\MRT
2017-02-17 08:38 - 2011-02-01 14:42 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-14 10:48 - 2012-03-30 06:49 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-14 10:48 - 2012-03-30 06:49 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 10:48 - 2011-05-18 06:51 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-14 10:48 - 2011-04-05 15:35 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-14 10:48 - 2010-09-10 02:48 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-07 17:09 - 2012-02-23 12:44 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\Dropbox
2017-02-06 14:05 - 2011-05-03 14:11 - 00002398 _____ C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 14:05 - 2011-05-03 14:11 - 00002390 _____ C:\Users\Ryan2011\Desktop\Google Chrome.lnk
2017-01-27 16:59 - 2016-08-26 15:27 - 02486618 ____H C:\Users\Ryan2011\AppData\Local\IconCache.db.backup
2017-01-27 14:08 - 2012-07-10 07:35 - 00000000 ____D C:\ProgramData\Malwarebytes
==================== Files in the root of some directories =======
2011-02-10 08:36 - 2015-02-12 14:54 - 0043247 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
2015-02-16 16:25 - 2015-02-16 16:25 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1094705206136404530.dll
2015-02-02 16:45 - 2015-02-02 16:45 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1234892122535289437.dll
2015-01-15 12:32 - 2015-01-15 12:32 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1305930936166307513.dll
2015-03-17 11:46 - 2015-03-17 11:46 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1477935695088929860.dll
2015-03-05 14:20 - 2015-03-05 14:20 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1662811416759938413.dll
2014-12-23 14:57 - 2014-12-23 14:57 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1750950249220935129.dll
2015-03-16 12:28 - 2015-03-16 12:28 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll1922564220394928621.dll
2015-07-03 13:22 - 2015-07-03 13:22 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2177761085650802410.dll
2015-03-13 12:50 - 2015-03-13 12:50 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2191506039833144355.dll
2014-12-23 13:24 - 2014-12-23 13:24 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2288585704696943160.dll
2014-12-17 09:39 - 2014-12-17 09:39 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2525721115103601977.dll
2015-03-10 13:15 - 2015-03-10 13:15 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2722276632628636446.dll
2015-03-05 16:06 - 2015-03-05 16:06 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2878454833473033925.dll
2014-12-22 15:12 - 2014-12-22 15:12 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll2891692769499953680.dll
2015-03-20 15:17 - 2015-03-20 15:17 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3316157399891243444.dll
2014-12-30 12:21 - 2014-12-30 12:21 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3322206949888591616.dll
2015-01-26 16:51 - 2015-01-26 16:51 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll33660760806898945.dll
2015-03-17 10:14 - 2015-03-17 10:14 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3381574147740508664.dll
2014-12-16 10:54 - 2014-12-16 10:54 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3437955289395833703.dll
2015-02-10 14:49 - 2015-02-10 14:49 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3474294549148471779.dll
2014-12-19 16:30 - 2014-12-19 16:30 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3603963737905416278.dll
2015-06-04 14:01 - 2015-06-04 14:01 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3662528029300492452.dll
2015-01-27 16:26 - 2015-01-27 16:26 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3825244421482017450.dll
2015-03-16 10:22 - 2015-03-16 10:22 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3895602163583237437.dll
2014-12-16 16:05 - 2014-12-16 16:05 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll3904093334795893935.dll
2015-02-10 16:11 - 2015-02-10 16:11 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4095048430233985691.dll
2015-03-09 15:38 - 2015-03-09 15:38 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4140298760208167055.dll
2014-12-22 11:27 - 2014-12-22 11:27 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4153732610835489193.dll
2015-03-12 11:39 - 2015-03-12 11:39 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4298542825796865010.dll
2015-03-06 15:53 - 2015-03-06 15:53 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4315774801480525828.dll
2014-12-16 12:48 - 2014-12-16 12:48 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4410255208328184187.dll
2015-02-26 16:40 - 2015-02-26 16:40 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4552636519366260074.dll
2015-02-05 13:13 - 2015-02-05 13:13 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4625050691956842239.dll
2014-12-19 15:11 - 2014-12-19 15:11 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4694294819641030944.dll
2015-03-03 14:27 - 2015-03-03 14:27 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4702655533228940733.dll
2015-03-10 11:14 - 2015-03-10 11:14 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4716270113618199523.dll
2014-12-18 13:40 - 2014-12-18 13:40 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4826736499762481587.dll
2015-03-05 16:32 - 2015-03-05 16:32 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4832285719129521726.dll
2015-03-09 14:04 - 2015-03-09 14:04 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4847538863708923063.dll
2015-05-05 13:17 - 2015-05-05 13:17 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll489048686388158026.dll
2015-11-16 16:16 - 2015-11-16 16:16 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4896887928361525872.dll
2014-12-19 11:25 - 2014-12-19 11:25 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4921865234840115348.dll
2014-12-18 16:47 - 2014-12-18 16:47 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll4969838681879398182.dll
2015-03-17 12:17 - 2015-03-17 12:17 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5103841986201854443.dll
2015-01-28 11:32 - 2015-01-28 11:32 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5116706965581881759.dll
2015-01-08 16:35 - 2015-01-08 16:35 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5118748150403154592.dll
2014-12-16 14:48 - 2014-12-16 14:48 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5279013483118320440.dll
2015-01-15 16:43 - 2015-01-15 16:43 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5312093216061575533.dll
2015-03-12 15:15 - 2015-03-12 15:15 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll535969055310820214.dll
2014-12-19 09:33 - 2014-12-19 09:33 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5423977359307857484.dll
2015-07-13 11:25 - 2015-07-13 11:25 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5648395227850570409.dll
2015-03-03 14:11 - 2015-03-03 14:11 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5736166942877262532.dll
2015-03-17 15:42 - 2015-03-17 15:42 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5822297053216011186.dll
2015-03-11 09:42 - 2015-03-11 09:42 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5862354211358584877.dll
2015-03-19 13:06 - 2015-03-19 13:06 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll5875523803620366034.dll
2015-02-12 12:01 - 2015-02-12 12:01 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6359087246091873742.dll
2015-03-10 14:57 - 2015-03-10 14:57 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6482911067260101565.dll
2015-03-17 15:23 - 2015-03-17 15:23 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6491647763509399306.dll
2015-03-05 11:33 - 2015-03-05 11:33 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6607264816659145917.dll
2015-01-15 15:51 - 2015-01-15 15:51 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6639412944991037709.dll
2015-06-05 14:30 - 2015-06-05 14:30 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6644692320495610847.dll
2014-12-18 11:22 - 2014-12-18 11:22 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6919705290121585956.dll
2015-03-11 10:46 - 2015-03-11 10:46 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll6923187167759227639.dll
2015-07-13 11:58 - 2015-07-13 11:58 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7242828299907620013.dll
2015-03-12 14:13 - 2015-03-12 14:13 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7258431514270775508.dll
2015-03-24 15:32 - 2015-03-24 15:32 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7328402643447464546.dll
2014-12-23 10:15 - 2014-12-23 10:15 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7442992762470252358.dll
2014-12-18 12:04 - 2014-12-18 12:04 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7466110976157898164.dll
2015-03-10 15:38 - 2015-03-10 15:38 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7578726702328802301.dll
2015-01-12 16:34 - 2015-01-12 16:34 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7602493315841084887.dll
2014-12-24 10:05 - 2014-12-24 10:05 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7635361783839240865.dll
2014-12-22 13:16 - 2014-12-22 13:16 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll7962454163710303613.dll
2015-02-05 12:16 - 2015-02-05 12:16 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8100565711562063502.dll
2015-06-02 12:27 - 2015-06-02 12:27 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8140050600732972187.dll
2015-06-01 15:34 - 2015-06-01 15:34 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8140708550198523255.dll
2015-02-24 13:47 - 2015-02-24 13:47 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8199923551825153713.dll
2015-03-16 15:14 - 2015-03-16 15:14 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8547915353913272794.dll
2014-12-22 16:17 - 2014-12-22 16:17 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8654906080847629982.dll
2015-01-15 15:35 - 2015-01-15 15:35 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8672067265896875017.dll
2015-03-05 13:38 - 2015-03-05 13:38 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8711881420578433974.dll
2015-02-10 13:36 - 2015-02-10 13:36 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll8719657698066397730.dll
2014-12-30 14:13 - 2014-12-30 14:13 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll9070848664574764827.dll
2015-03-10 11:11 - 2015-03-10 11:11 - 0129536 _____ () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll914193665277928511.dll
2014-12-19 13:49 - 2014-12-19 13:49 - 0129536 ____N () C:\Users\Ryan2011\AppData\Local\Temp\bridj.dll970378561671246769.dll
2014-04-10 13:18 - 2015-10-01 11:35 - 0212992 _____ (Sony DADC Austria AG) C:\Users\Ryan2011\AppData\Local\Temp\drm_dyndata_7330014.dll
2015-12-14 08:23 - 2015-12-14 08:23 - 0071168 _____ () C:\Users\Ryan2011\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy2dp_r.dll
2014-11-08 03:33 - 2015-04-08 02:24 - 0606208 _____ () C:\Users\Ryan2011\AppData\Local\Temp\Quarantine.exe
2014-11-08 03:47 - 2014-10-17 06:39 - 0665682 _____ (SQLite Development Team) C:\Users\Ryan2011\AppData\Local\Temp\sqlite3.dll
2006-05-24 12:10 - 2006-05-24 12:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Ryan2011\AppData\Local\Temp\_is98E4.exe
2015-02-12 16:08 - 2006-05-24 12:10 - 0455600 _____ (Macrovision Corporation) C:\Users\Ryan2011\AppData\Local\Temp\_isA746.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-22 00:06
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
Ran by Ryan2011 (24-02-2017 08:01:55)
Running from C:\Users\Ryan2011\Desktop\Malware
Windows 7 Home Premium Service Pack 1 (X64) (2011-01-31 17:32:41)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1237553287-1429794397-2156527687-500 - Administrator - Disabled)
Guest (S-1-5-21-1237553287-1429794397-2156527687-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1237553287-1429794397-2156527687-1008 - Limited - Enabled)
Ryan2011 (S-1-5-21-1237553287-1429794397-2156527687-1000 - Administrator - Enabled) => C:\Users\Ryan2011
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader 9.4.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.0 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.15 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.0.1 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.0.1 - Amazon Services LLC) Hidden
A-PDF Page Cut (HKLM-x32\...\A-PDF Page Cut_is1) (Version: - A-PDF Solution)
Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Brother MFL-Pro Suite MFC-J870DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
Carcassonne (HKLM-x32\...\{8033CA80-B44F-40F9-8D0A-957211442C19}) (Version: 1.0 - Deep Silver)
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Cole2k Media - Codec Pack (Advanced) 8.0.2 (HKLM-x32\...\Cole2k Media - Codec Pack) (Version: 8.0.2 - Cole2k Media)
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
CutList Plus Express (HKLM-x32\...\{29C0946B-850E-4E9A-8DE3-AFB7109CC86C}) (Version: 1.1.3 - Bridgewood Design)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Desktop Icon Position Saver (64-bit) (HKLM-x32\...\dips64) (Version: - )
Dominion (HKLM-x32\...\Dominion) (Version: 2.00.47.11 - MakingFun)
Dropbox (HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.17 - NCH Software)
FastImageResizer (remove only) (HKLM-x32\...\FastImageResizer) (Version: - )
Free AVI Player (HKLM-x32\...\{7DED55EA-FB69-4101-AD5D-3D7F985E68A7}) (Version: 1.00.0000 - Media Freeware)
Gametel Configuration Tool 64-bit (HKLM\...\{7B83120F-92B3-45D7-A3A6-B034EF7AC5A9}) (Version: 1.2.1.0 - Fructel AB)
Google Chrome (HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.165 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Hoyle Casino (HKLM-x32\...\{3F99D180-34C3-4151-8C6C-86FC5D7BDFBD}) (Version: 1.0.0 - Encore)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Informatik (HKLM-x32\...\Informatik_is1) (Version: - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 7 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LibreOffice 4.3.7.2 (HKLM-x32\...\{8ED4A1FC-56CF-414C-A9AB-A37714AA9EA7}) (Version: 4.3.7.2 - The Document Foundation)
Magic Online (HKLM-x32\...\{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}) (Version: 3.00.0000 - Wizards of the Coast)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mansions of Madness (HKLM\...\Steam App 478980) (Version: - Fantasy Flight Games)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\{4a461520-05cf-4df1-8957-844b4a811ff4}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mp3tag v2.52 (HKLM-x32\...\Mp3tag) (Version: v2.52 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Palace of Chance (HKLM-x32\...\{f51a5449-9174-4e90-a0b2-bd67e0a9a87e}) (Version: 12.0.0 - RealTimeGaming Software)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Plex Media Server (HKLM-x32\...\{7425d872-d65d-42c9-8c6d-7a8a529a4b50}) (Version: 0.9.1107 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1107 - Plex, Inc.) Hidden
PosteRazor (HKLM-x32\...\PosteRazor_is1) (Version: 1.5.2 - Alessandro Portale)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5963 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon Deluxe (HKLM-x32\...\GOGPACKRTC_is1) (Version: 2.1.0.18 - GOG.com)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12064_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.2.12064_9 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version: - ) Hidden
SCARM 0.9.24 beta (HKLM-x32\...\{9BF3D390-A0AD-4733-AFC8-18E306B8E219}_is1) (Version: 0.9.24 - Milen Peev)
SketchUp 2013 (HKLM-x32\...\{72B622C9-AA10-47D7-A10C-377CF9BC8502}) (Version: 13.0.4124 - Trimble Navigation Limited)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Small World 2 (HKLM-x32\...\Steam App 235620) (Version: - Days of Wonder)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Strange Eons 3745 (HKLM\...\0581-5195-2362-0248) (Version: 3745 - Christopher G. Jennings)
Talisman: Prologue (HKLM-x32\...\Steam App 258200) (Version: - )
Ticket to Ride (HKLM-x32\...\Steam App 108200) (Version: - Days of Wonder)
TQ Defiler.NET (HKLM-x32\...\{F4CB0C1E-A88F-46D7-AC9A-03B349A8D64F}) (Version: 1.3.7 - Soul's Software)
Unity Web Player (HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Virtual Pool 3 DL (HKLM-x32\...\{7B4873B0-71FF-4BAA-8072-1DEE154C54E4}) (Version: 3.3.1.1 - Celeris)
Virtual Pool 3 Preview (HKLM-x32\...\{70E9BAF7-FCAF-465D-AF60-7C25F68D015C}) (Version: 3.2.3.9 - Celeris)
Virtual Pool 4 Demo (HKLM-x32\...\{76EA761E-E91A-4715-8511-12B7707E53BF}) (Version: 4.1.1.7 - Celeris)
Visual Pinball VPInstaller 1.0.3 (HKLM-x32\...\Visual Pinball) (Version: VPInstaller 1.0.3 - VPForums.org)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Volume Activation Management Tool 2.0 (HKLM-x32\...\{EE010C18-9A1A-4F0E-B46E-884CA113232E}) (Version: 2.0.67.0 - Microsoft Corporation)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (02/03/2011 2.4.0.0) (HKLM\...\88C277C6E63CBDAF35A096E80A5B97A29A619D3A) (Version: 02/03/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Fructel AB (usbser) Ports (11/04/2011 1.0.0.0) (HKLM\...\CD721827CE36C3AEAB693B6DFF32C57AC19F2425) (Version: 11/04/2011 1.0.0.0 - Fructel AB)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR 4.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Yahoo Messenger (HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\yahoomessenger) (Version: 0.8.269 - Yahoo! Inc)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\ChromeHTML: -> C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{799ff11c-a966-4c28-b7c4-b7d0ed801240}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{dd0949d3-a983-45b9-ad90-679bc855b724}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {11B44973-C307-410E-B060-BC52D00099B6} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA => C:\Users\Ryan2011\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {64506389-48FD-4A6D-B4D1-13ED5817E66E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA => C:\Users\Ryan2011\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {757CC069-530F-4A09-95CD-861F832C0212} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core => C:\Users\Ryan2011\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7F2810AD-1DC0-460F-BE58-B542A4D14CB3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core => C:\Users\Ryan2011\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {B79D8C7E-C15B-4956-AE46-57EC93BB4A2B} - System32\Tasks\{8772C729-F57A-4E77-92C9-867937DB8FBC} => pcalua.exe -a "C:\Users\Ryan2011\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N4DH6KQR\converter[1].exe" -d C:\Users\Ryan2011\Desktop
Task: {CD96F50D-D4B2-4040-B732-45D70ECF4195} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {E956ACFD-B423-47F8-8B1D-BFE24FF7D8EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {ECC21FC9-D70C-4F41-91D8-C96DFC8A8B50} - System32\Tasks\{730F5265-3543-43CD-B456-02F5030351B3} => C:\Program Files (x86)\Visual Pinball\VPinball_9_0_2.exe [2009-02-09] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core.job => C:\Users\Ryan2011\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA.job => C:\Users\Ryan2011\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2011-02-02 10:40 - 2009-11-05 07:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2011-02-01 14:35 - 2007-02-28 08:53 - 00116224 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dlbkpp6c.dll
2017-01-27 14:08 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-27 14:08 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-27 14:08 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2012-07-02 16:12 - 2012-07-02 16:12 - 00021432 _____ () C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
2013-11-12 11:26 - 2013-11-12 11:26 - 00115137 _____ () C:\Users\Ryan2011\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2017-02-07 17:08 - 2017-02-06 23:48 - 00801600 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2015-12-14 08:26 - 2017-01-13 18:53 - 00035792 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-14 08:26 - 2017-01-13 18:53 - 00100296 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-14 08:26 - 2017-01-13 18:53 - 00018888 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-14 08:26 - 2017-02-06 23:50 - 00019776 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-14 08:26 - 2017-01-13 18:53 - 00694224 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00020824 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-14 08:26 - 2017-01-13 18:54 - 00123856 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 01682768 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00020816 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-02-07 17:08 - 2017-01-13 18:53 - 00145864 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-02-07 17:08 - 2017-01-13 18:54 - 00019408 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-02-07 17:08 - 2017-01-13 18:53 - 00116688 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-14 08:26 - 2017-01-13 18:56 - 00105928 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-08-05 14:18 - 2017-02-06 23:50 - 00022864 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00052544 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00038712 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-02-07 17:08 - 2017-01-13 18:53 - 00392144 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-02-07 17:08 - 2017-01-13 18:56 - 00020936 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-14 08:26 - 2017-01-13 18:56 - 00024528 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00116176 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-14 08:26 - 2017-02-06 23:50 - 00381760 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-14 08:26 - 2017-01-13 18:56 - 00124880 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-08-05 14:18 - 2017-02-06 23:50 - 00026456 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-14 08:26 - 2017-01-13 18:56 - 00024016 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-14 08:26 - 2017-01-13 18:56 - 00175560 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00030160 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00043472 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00048592 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-14 08:26 - 2017-01-13 18:56 - 00057808 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00024016 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00246608 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00027488 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-05 14:18 - 2017-01-13 18:55 - 00241104 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00022336 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00028616 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 01826104 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-14 08:26 - 2017-01-13 18:54 - 00083912 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\sip.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 01972536 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 03928896 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00531264 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-14 08:26 - 2017-02-06 23:50 - 00025432 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00133432 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00224064 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00207680 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-01-23 17:23 - 2017-02-06 23:50 - 00021840 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-01-23 17:23 - 2017-02-06 23:50 - 00022872 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 17:23 - 2017-02-06 23:50 - 00021848 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 17:23 - 2017-02-06 23:50 - 00022872 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00350152 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-11 16:01 - 2017-02-06 23:50 - 00023896 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00025936 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-02-07 17:08 - 2017-01-13 18:51 - 00036296 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\librsync.dll
2017-02-07 17:08 - 2017-02-06 23:50 - 00084288 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-02-07 17:08 - 2017-01-13 19:02 - 00017864 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-02-07 17:08 - 2017-01-13 19:02 - 01631184 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-02-07 17:08 - 2017-02-06 23:50 - 00042816 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00171336 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00357688 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-12-14 08:26 - 2017-01-13 18:57 - 00060880 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-08-05 14:18 - 2017-02-06 23:50 - 00026456 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-02-07 17:08 - 2017-02-06 23:50 - 00546104 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-02-12 16:19 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-08-08 14:10 - 2016-08-08 14:10 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5d3fdf7962e3a154830b603096be4216\IsdiInterop.ni.dll
2010-09-10 02:49 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2017-02-06 14:05 - 2017-02-01 04:01 - 01870168 _____ () C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 14:05 - 2017-02-01 04:01 - 00085848 _____ () C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\56.0.2924.87\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7907 more sites.
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\foragentsonly.com -> foragentsonly.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\123simsen.com -> www.123simsen.com
There are 7907 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2017-02-24 07:58 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryan2011\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{F859B18D-11B4-47A0-98AF-6CBF61886FDB}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{EB4D2780-8883-4487-A163-5C2131EAA1FD}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [TCP Query User{706C019A-2431-4162-9BE9-3D95F25C8A0B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{B309CC84-66C2-4C1F-8B0A-E7AB183731EC}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{78BBEBB9-98AA-4E78-8D46-EC7EAF903828}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3437AB37-5A67-409F-98F0-B61BEF40A4C9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0C838C23-32AC-4619-86BB-1DB626541975}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{25D253B2-BC06-4D73-A7F3-48712F166FF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{E8FA111B-E1AF-425A-B972-E46846F3F7E4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{6C7B2DD2-4B1C-4DC4-B3AB-39EAFF52A5A7}C:\program files (x86)\deep silver\carcassonne\carcassonne.exe] => (Allow) C:\program files (x86)\deep silver\carcassonne\carcassonne.exe
FirewallRules: [UDP Query User{07157617-7AA8-4622-B84F-2D8947BACD07}C:\program files (x86)\deep silver\carcassonne\carcassonne.exe] => (Allow) C:\program files (x86)\deep silver\carcassonne\carcassonne.exe
FirewallRules: [{5863A6E2-0C37-4502-BADB-F939EB468D5B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{ABC21109-BD1E-4626-A1F6-28A4BB8A8777}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{511A2E9D-8654-47EB-8EEF-C36E8B3F935B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ticket to Ride\Ticket to Ride.exe
FirewallRules: [{205DE729-8951-44CA-A00B-1F6F3BF3D44D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ticket to Ride\Ticket to Ride.exe
FirewallRules: [{DE05B080-623A-4848-8845-8660795299CF}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{95EE5139-0793-4277-B0A1-87D7CD0CBDC9}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{A75C42EA-3872-4AE8-AB11-4EBAFC36B12A}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [TCP Query User{0FB0D458-2F27-4D39-9678-02304DD1733A}C:\users\ryan2011\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ryan2011\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{8D858DBB-F379-4190-9CC0-09C6F936B260}C:\users\ryan2011\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ryan2011\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{97DDF85E-6573-4675-AC52-CDCA0A1CD552}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SmallWorld2\SW2Executable.app\Contents\Win32\SW2Executable.exe
FirewallRules: [{E72A7AFA-C105-4A25-BE5E-053EDA3E0A05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SmallWorld2\SW2Executable.app\Contents\Win32\SW2Executable.exe
FirewallRules: [TCP Query User{3FA02E10-686E-4CFA-8898-496B88373867}C:\users\ryan2011\appdata\local\temp\rar$exa0.606\overland.exe] => (Allow) C:\users\ryan2011\appdata\local\temp\rar$exa0.606\overland.exe
FirewallRules: [UDP Query User{2E96CC84-3BBF-4F2E-AA8A-39871170E0BF}C:\users\ryan2011\appdata\local\temp\rar$exa0.606\overland.exe] => (Allow) C:\users\ryan2011\appdata\local\temp\rar$exa0.606\overland.exe
FirewallRules: [TCP Query User{ED39554A-1E4B-4FCC-AF98-972C6A2A1346}C:\users\ryan2011\overland\overland.exe] => (Allow) C:\users\ryan2011\overland\overland.exe
FirewallRules: [UDP Query User{C12A1365-EF38-446B-8DF1-717F1CAED693}C:\users\ryan2011\overland\overland.exe] => (Allow) C:\users\ryan2011\overland\overland.exe
FirewallRules: [{E6D07D41-F769-4575-ABA6-7AB9A923C059}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mansions of Madness\Mansions of Madness.exe
FirewallRules: [{8682DD35-F884-4BB5-93BC-792A4913AC8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mansions of Madness\Mansions of Madness.exe
FirewallRules: [{AFA8A48F-97B8-470B-85C7-6F550C2E6437}] => (Allow) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
18-01-2017 14:16:35 Scheduled Checkpoint
26-01-2017 00:00:04 Scheduled Checkpoint
03-02-2017 00:00:03 Scheduled Checkpoint
13-02-2017 14:11:29 Scheduled Checkpoint
17-02-2017 08:37:11 Windows Update
==================== Faulty Device Manager Devices =============
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/24/2017 06:16:45 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
Error: (02/23/2017 11:46:59 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
Error: (02/22/2017 04:30:07 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
Error: (02/22/2017 09:08:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18538, time stamp: 0x58274b59
Faulting module name: IEFRAME.dll, version: 11.0.9600.18538, time stamp: 0x582753cc
Exception code: 0xc0000005
Fault offset: 0x000000000026b83b
Faulting process id: 0xfec
Faulting application start time: 0x01d28d13a9fa4d64
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\system32\IEFRAME.dll
Report Id: 6834a177-f908-11e6-92fa-000acd21436e
Error: (02/21/2017 09:48:55 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
Error: (02/21/2017 02:26:53 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
Error: (02/20/2017 07:18:44 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
Error: (02/19/2017 12:19:48 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
Error: (02/18/2017 05:32:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
Error: (02/18/2017 09:30:18 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
System errors:
=============
Error: (02/23/2017 08:16:57 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (02/18/2017 08:47:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
The specified module could not be found.
Error: (02/18/2017 08:45:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.
Error: (02/17/2017 10:00:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
The specified module could not be found.
Error: (02/17/2017 10:00:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.
Error: (02/13/2017 08:23:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
The specified module could not be found.
Error: (02/13/2017 08:22:56 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP Network Devices Support service hung on starting.
Error: (02/13/2017 08:20:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.
Error: (02/06/2017 08:26:42 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
The specified module could not be found.
Error: (02/06/2017 08:26:39 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP Network Devices Support service hung on starting.
CodeIntegrity:
===================================
Date: 2013-11-04 16:43:34.593
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-11-04 16:43:34.390
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-11-04 16:43:34.187
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-11-04 16:43:34.000
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-11-04 16:05:22.392
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-11-04 16:05:22.189
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-11-04 16:05:21.986
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-11-04 16:05:21.784
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-11-01 11:50:27.955
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-11-01 11:50:27.753
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 57%
Total physical RAM: 4060.98 MB
Available physical RAM: 1742.77 MB
Total Virtual: 8120.15 MB
Available Virtual: 5483.66 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:453.69 GB) (Free:302.01 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 86C69001)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 85.76 0 K 24 K 0
procexp64.exe 4.15 26,376 K 48,180 K 1672 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
TeaTimer.exe 2.19 54,716 K 51,868 K 2400 System settings protector Safer-Networking Ltd. (No signature was present in the subject) Safer-Networking Ltd.
dwm.exe 1.08 71,656 K 46,456 K 1800 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 0.78 0 K 0 K n/a Hardware Interrupts and DPCs
KiesPDLR.exe 0.66 30,200 K 24,536 K 2620 KiesPDLR (Verified) Samsung Electronics CO.
chrome.exe 0.44 64,584 K 83,608 K 2456 Google Chrome Google Inc. (Verified) Google Inc
csrss.exe 0.37 3,120 K 35,472 K 512 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
System 0.36 264 K 6,396 K 4
Dropbox.exe 0.26 144,060 K 114,692 K 3856 Dropbox Dropbox, Inc. (Verified) Dropbox
MBAMService.exe 0.21 393,780 K 362,848 K 1920 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Corporation
Kies.exe 0.15 25,688 K 20,264 K 2432 Kies Samsung (Verified) Samsung Electronics CO.
svchost.exe 0.12 8,052 K 12,180 K 1988 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.09 51,784 K 64,852 K 1848 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
PlexScriptHost.exe 0.07 29,908 K 29,040 K 3848 Python Python Software Foundation (Verified) Plex
chrome.exe 0.06 67,232 K 128,428 K 4592 Google Chrome Google Inc. (Verified) Google Inc
PlexDlnaServer.exe 0.03 18,864 K 21,228 K 4336 Plex Media Server DLNA Service Plex, Inc. (Verified) Plex
svchost.exe 0.02 19,184 K 19,276 K 964 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
IAStorDataMgrSvc.exe 0.02 23,652 K 16,132 K 2760 IAStorDataSvc Intel Corporation (Verified) Intel Corporation
svchost.exe 0.02 20,996 K 19,908 K 892 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 12,032 K 13,948 K 3224 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 7,752 K 11,044 K 1512 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 54,736 K 58,436 K 1012 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
BrYNSvc.exe 0.01 4,024 K 7,568 K 3684 BrYNCSvc Brother Industries, Ltd. (No signature was present in the subject) Brother Industries, Ltd.
Plex Media Server.exe 0.01 21,264 K 16,900 K 2808 Plex Media Server Plex, Inc. (Verified) Plex
svchost.exe < 0.01 3,568 K 6,368 K 2328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe < 0.01 16,228 K 20,032 K 1732 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
PDFProFiltSrvPP.exe < 0.01 1,320 K 3,600 K 1628 PDFPro IFilter Service Nuance Communications, Inc. (Verified) Nuance Communications
svchost.exe < 0.01 21,572 K 23,336 K 980 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE < 0.01 7,072 K 10,856 K 1288 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
csrss.exe < 0.01 2,536 K 4,336 K 440 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 53,760 K 33,992 K 1164 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
IAStorIcon.exe < 0.01 24,520 K 15,828 K 3588 IAStorIcon Intel Corporation (Verified) Intel Corporation
svchost.exe < 0.01 149,912 K 148,912 K 940 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
KiesTrayAgent.exe < 0.01 9,392 K 13,468 K 3620 Kies TrayAgent Application Samsung Electronics Co., Ltd. (Verified) Samsung Electronics CO.
WUDFHost.exe 2,112 K 3,752 K 2664 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
wuauclt.exe 1,924 K 6,716 K 5316 Windows Update Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 12,476 K 13,384 K 3296 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,636 K 6,440 K 3160 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 1,196 K 2,656 K 1612 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
winlogon.exe 2,696 K 5,256 K 564 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,484 K 3,856 K 496 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 5,948 K 12,008 K 4172 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 6,256 K 7,640 K 5576 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 8,336 K 9,176 K 1224 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,936 K 8,952 K 724 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,312 K 8,664 K 796 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,152 K 3,168 K 1576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,136 K 3,172 K 1900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,932 K 5,336 K 424 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 7,532 K 11,752 K 1420 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 14,408 K 18,320 K 1188 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 448 K 1,060 K 300 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 6,104 K 7,884 K 600 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
RAVCpl64.exe 8,172 K 6,964 K 2448 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
procexp.exe 2,468 K 7,640 K 6100 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
pptd40nt.exe 1,484 K 4,056 K 3892 PaperPort Print to Desktop for NT Nuance Communications, Inc. (Verified) Nuance Communications
pdfPro5Hook.exe 1,544 K 4,584 K 3936 PdfCreateHook Application Nuance Communications, Inc. (Verified) Nuance Communications
mbamtray.exe 20,232 K 26,304 K 2128 Malwarebytes Tray Application Malwarebytes (Verified) Malwarebytes Corporation
lsm.exe 2,572 K 4,024 K 632 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 11,064 K 17,068 K 616 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
ISUSPM.exe 3,172 K 8,112 K 1008 Acresso Software Manager Acresso Corporation (Verified) Acresso Software Inc.
igfxpers.exe 2,716 K 7,160 K 1476 persistence Module Intel Corporation (Verified) Intel Corporation
hkcmd.exe 2,888 K 8,248 K 3044 hkcmd Module Intel Corporation (Verified) Intel Corporation
dllhost.exe 2,008 K 5,884 K 6932 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 2,360 K 6,516 K 4584 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dlbkcoms.exe 1,492 K 3,808 K 1444 Printer Communication System (Verified) Dell Inc.
conhost.exe 1,456 K 3,860 K 4000 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 25,084 K 30,668 K 6348 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 68,700 K 63,296 K 3660 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 3,652 K 7,824 K 6852 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 3,740 K 9,084 K 3836 Google Chrome Google Inc. (Verified) Google Inc
BrStMonW.exe 202,928 K 122,300 K 4052 Status Monitor Application Brother Industries, Ltd. (No signature was present in the subject) Brother Industries, Ltd.
BrCtrlCntr.exe 3,248 K 9,856 K 3408 ControlCenter Main Process Brother Industries, Ltd. (No signature was present in the subject) Brother Industries, Ltd.
BrCcUxSys.exe 1,724 K 5,836 K 2868 ControlCenter UX System Brother Industries, Ltd. (No signature was present in the subject) Brother Industries, Ltd.