I first noticed this on Monday, 2 days ago. Very sluggish response from PC no matter what I am doing, and applications frequently show the (not responding) message at the top of the window. Website response times using Chrome and IE are both much slower than normal. Even making this post was a very slow process that froze up a couple of times. FRST logs attached, and running that even took a lot longer than it has in the past when I have run it for other issues. Rebooting the PC seems to help, but the probem comes back. Sometimes it appears that I am experiencing really high RAM usage...?
Thanks in advance! This forum has saved me some so many problems over the years and it is still the first place I turn.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
Ran by Ryan2011 (administrator) on RYAN2011-PC (10-05-2017 10:39:23)
Running from C:\Users\Ryan2011\Desktop\Malware
Loaded Profiles: Ryan2011 (Available Profiles: Ryan2011)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
( ) C:\Windows\System32\dlbkcoms.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-30] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
Winlogon\Notify\GoToAssist:
Winlogon\Notify\igfxcui:
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5142664 2014-12-21] (Plex, Inc.)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [Google Update] => C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [Dropbox Update] => C:\Users\Ryan2011\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Run: [Yahoo Messenger Updater] => C:\Users\Ryan2011\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115144 2016-08-22] (Yahoo!, Inc.)
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-06-17]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-05-02]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{288D171A-CEE6-471A-B1B8-884749FB721A}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2DBCD195-5512-4C7A-8C99-29D6593BD0FF}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
SearchScopes: HKLM -> {DC718571-D9D1-419F-8C55-D9E6BD5837E5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {B0774E76-A7A8-4B69-B75F-965BB88F7716} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: (Default Manager) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-02-21] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin: @java.com/DTPlugin -> C:\Program Files\Java\jre6\bin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1237553287-1429794397-2156527687-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1237553287-1429794397-2156527687-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1237553287-1429794397-2156527687-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-14] (Unity Technologies ApS)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default [2017-05-10]
CHR Extension: (Flip this) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\donljlliiecjcagcenoeohjmabfegkph [2015-07-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-04]
StartMenuInternet: Google Chrome - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 dlbk_device; C:\Windows\system32\dlbkcoms.exe [567024 2007-06-25] ( )
S4 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 CSRBC; C:\Windows\System32\Drivers\csrbc.sys [38400 2011-05-18] (CSR plc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-05-10] ()
S3 gtfilter; C:\Windows\System32\DRIVERS\gtfilter.sys [18272 2012-01-03] (Fructel AB)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-05-10] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-05-10] (Malwarebytes)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-10 09:46 - 2017-05-10 09:47 - 16588395 _____ C:\Users\Ryan2011\Downloads\CastawaysQuickStartGuideToRobinsonCrusoeV17.pdf
2017-05-10 09:35 - 2017-05-10 09:37 - 17980570 _____ C:\Users\Ryan2011\Downloads\Scenario Treasure Island.zip
2017-05-10 08:15 - 2017-05-10 08:15 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{1B65113B-AB9D-4A16-970D-BD5FA021C01D}
2017-05-09 16:40 - 2017-05-09 16:40 - 00657255 _____ C:\Users\Ryan2011\Downloads\TIME_Stories_Plain_and_Simple_Guide.pdf
2017-05-09 15:22 - 2017-05-09 15:22 - 03151051 _____ C:\Users\Ryan2011\Downloads\Goldland_Rules_R2.pdf
2017-05-09 14:23 - 2017-05-09 14:23 - 02194099 _____ C:\Users\Ryan2011\Downloads\RC_cards_mini_Euro_small.pdf
2017-05-09 14:20 - 2017-05-09 14:20 - 03514827 _____ C:\Users\Ryan2011\Downloads\RC_cards_mini_Euro_small_v2s.pdf
2017-05-09 14:16 - 2017-05-09 14:16 - 01552272 _____ C:\Users\Ryan2011\Downloads\RC_discovery_cards_v1_2.zip
2017-05-09 10:02 - 2017-05-09 10:04 - 12814840 _____ C:\Users\Ryan2011\Downloads\Regex'_Horizontal_Tuckbox_set_for_Sleeved_Robinson_Crusoe_Cards.pdf
2017-05-09 09:59 - 2017-05-09 09:59 - 10411873 _____ C:\Users\Ryan2011\Downloads\Regex_Box_for_Robinson_Crusoe_Hex_Tiles.pdf
2017-05-09 09:55 - 2017-05-09 09:55 - 04180861 _____ C:\Users\Ryan2011\Downloads\Robinson_crusoe_box.pdf
2017-05-09 09:53 - 2017-05-09 09:53 - 05278274 _____ C:\Users\Ryan2011\Downloads\RC_Cortes_Scenario_v2.43.pdf
2017-05-09 09:52 - 2017-05-09 09:52 - 03063130 _____ C:\Users\Ryan2011\Downloads\Logbook_ScoreSheet.pdf
2017-05-09 09:49 - 2017-05-09 09:49 - 01434327 _____ C:\Users\Ryan2011\Downloads\RobinsonCrusoe_v1.3.pdf
2017-05-09 09:48 - 2017-05-09 09:48 - 11531432 _____ C:\Users\Ryan2011\Downloads\robinson-crusoe-2-pager.pdf
2017-05-09 09:47 - 2017-05-09 09:47 - 01111237 _____ C:\Users\Ryan2011\Downloads\The_mutineers_of_the_Bounty_(Version_1.1).pdf
2017-05-09 09:41 - 2017-05-09 09:41 - 20465055 _____ C:\Users\Ryan2011\Downloads\robinson_crusoe_rulebook_EN_net.pdf
2017-05-09 09:38 - 2017-05-09 09:38 - 01617227 _____ C:\Users\Ryan2011\Downloads\rc_rulebook_letter_pf.pdf
2017-05-09 08:08 - 2017-05-09 08:08 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{24BFDA4F-F51B-48B9-976D-06A970989680}
2017-05-08 11:42 - 2017-05-08 11:42 - 00234528 _____ C:\Users\Ryan2011\Downloads\770544_Document_114248.pdf
2017-05-08 10:45 - 2017-05-08 10:45 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{687EDABF-6152-4750-A07C-F94A767AD90C}
2017-05-08 08:31 - 2017-05-08 08:31 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{175ADA9C-E541-4268-BFB4-461B1C60476B}
2017-05-05 11:03 - 2017-05-05 11:03 - 00117293 _____ C:\Users\Ryan2011\Downloads\Imperial_Assault_Tile_Chart.pdf
2017-05-05 11:00 - 2017-05-05 11:00 - 00909023 _____ C:\Users\Ryan2011\Downloads\SWImperialAssault_v1.4.pdf
2017-05-05 10:10 - 2017-05-05 10:12 - 00313023 _____ C:\Windows\system32\mbarwind-04.arw
2017-05-05 08:36 - 2017-05-05 08:36 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{02C05C4E-8EF4-4E51-A9B0-DBE1142E350B}
2017-05-04 07:55 - 2017-05-04 07:55 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{C05779AA-3437-4BDB-A742-95A119C840C0}
2017-05-03 08:02 - 2017-05-03 08:02 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{AA734D3F-1B68-4E44-A21D-8453F5BEC264}
2017-05-02 14:36 - 2017-05-02 14:36 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-05-02 10:47 - 2017-05-02 10:47 - 01160143 _____ C:\Users\Ryan2011\Downloads\ArkHorror_base_teachingaid_v2.pdf
2017-05-02 10:44 - 2017-05-02 10:45 - 05026144 _____ C:\Users\Ryan2011\Downloads\misc_cards.zip
2017-05-02 08:12 - 2017-05-02 08:12 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{1D3038EF-AD75-47A0-AAC4-CA5EA52C3102}
2017-05-01 15:07 - 2017-05-01 15:07 - 01167562 _____ C:\Users\Ryan2011\Downloads\5_boxes.pdf
2017-05-01 15:04 - 2017-05-01 15:04 - 02432700 _____ C:\Users\Ryan2011\Downloads\Agricola_Tuckboxes.pdf
2017-05-01 15:02 - 2017-05-01 15:03 - 04337135 _____ C:\Users\Ryan2011\Downloads\tuckboxes_agricola_v3.0.pdf
2017-05-01 08:23 - 2017-05-01 08:23 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{09A9878A-6080-4F5E-8305-88A177CBC5C1}
2017-04-28 15:08 - 2017-04-28 15:08 - 00020665 _____ C:\Users\Ryan2011\Downloads\Residential_4-28-2017_1580.pdf
2017-04-28 09:36 - 2017-04-28 09:36 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{9522377A-0C93-442C-827C-AE76A268C955}
2017-04-28 09:03 - 2017-04-28 09:04 - 00042354 _____ C:\Users\Ryan2011\Downloads\114-5212472-2431454.pdf
2017-04-27 10:11 - 2017-04-27 10:11 - 00825029 _____ C:\Users\Ryan2011\Downloads\Custom_Investigator.pdf
2017-04-27 09:57 - 2017-04-27 09:58 - 00773023 _____ C:\Users\Ryan2011\Downloads\MansionsofMadness2ndEd_v1.pdf
2017-04-27 08:41 - 2017-04-27 08:41 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{74BD50E1-065A-4357-BA2F-DFE327FE68CA}
2017-04-26 08:13 - 2017-04-26 08:13 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{949955DC-D506-469F-B61B-7105A25AC4DA}
2017-04-26 07:55 - 2017-04-26 07:55 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{6684DF2B-F857-4055-93C5-6AC4D4A4620F}
2017-04-25 08:25 - 2017-04-25 08:25 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{BAF34DD1-26FD-4074-9065-6A01218957D3}
2017-04-24 16:48 - 2017-04-24 16:48 - 00126927 _____ C:\Users\Ryan2011\Downloads\Super-charged_solo_coop_variant_V1.pdf
2017-04-24 16:46 - 2017-04-24 16:46 - 01856006 _____ C:\Users\Ryan2011\Downloads\Return_of_the_Heroes_v12.pdf
2017-04-24 16:42 - 2017-04-24 16:42 - 00157809 _____ C:\Users\Ryan2011\Downloads\Return_Of_The_Heroes_Play_Aid_by_Liumas_v1.1.zip
2017-04-24 09:06 - 2017-04-24 09:06 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{86203DC6-6757-4066-9722-6F38729A6914}
2017-04-21 16:11 - 2017-03-27 14:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-21 16:11 - 2017-03-27 13:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-21 16:11 - 2017-03-25 15:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-21 16:11 - 2017-03-25 15:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-21 16:11 - 2017-03-25 15:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-21 16:11 - 2017-03-25 14:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-21 16:11 - 2017-03-25 14:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-21 16:11 - 2017-03-25 14:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-21 16:11 - 2017-03-25 14:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-21 16:11 - 2017-03-25 14:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-21 16:11 - 2017-03-25 14:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-21 16:11 - 2017-03-25 14:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-04-21 16:11 - 2017-03-25 14:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-21 16:11 - 2017-03-25 14:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-21 16:11 - 2017-03-25 14:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-04-21 16:11 - 2017-03-25 14:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-21 16:11 - 2017-03-25 14:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-04-21 16:11 - 2017-03-25 14:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-04-21 16:11 - 2017-03-25 14:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-04-21 16:11 - 2017-03-25 14:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-04-21 16:11 - 2017-03-25 14:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-04-21 16:11 - 2017-03-25 14:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-04-21 16:11 - 2017-03-25 14:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-04-21 16:11 - 2017-03-25 14:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-04-21 16:11 - 2017-03-25 14:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-04-21 16:11 - 2017-03-25 14:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-04-21 16:11 - 2017-03-25 14:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-04-21 16:11 - 2017-03-25 14:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-04-21 16:11 - 2017-03-25 14:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-04-21 16:11 - 2017-03-25 14:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-04-21 16:11 - 2017-03-25 14:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-04-21 16:11 - 2017-03-25 14:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-04-21 16:11 - 2017-03-25 14:14 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-04-21 16:11 - 2017-03-25 14:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-04-21 16:11 - 2017-03-25 14:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-21 16:11 - 2017-03-25 14:13 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-04-21 16:11 - 2017-03-25 14:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-21 16:11 - 2017-03-25 14:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-04-21 16:11 - 2017-03-25 14:02 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-04-21 16:11 - 2017-03-25 13:57 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-04-21 16:11 - 2017-03-25 13:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-21 16:11 - 2017-03-25 13:56 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-04-21 16:11 - 2017-03-25 13:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-04-21 16:11 - 2017-03-25 13:56 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-04-21 16:11 - 2017-03-25 13:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-21 16:11 - 2017-03-25 13:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-21 16:11 - 2017-03-25 13:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-21 16:11 - 2017-03-25 13:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-04-21 16:11 - 2017-03-25 13:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-21 16:11 - 2017-03-25 13:29 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-04-21 16:11 - 2017-03-25 13:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-04-21 16:11 - 2017-03-25 13:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-04-21 16:11 - 2017-03-25 13:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-04-21 16:11 - 2017-03-25 13:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-04-21 16:11 - 2017-03-25 13:17 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-04-21 16:11 - 2017-03-25 13:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-04-21 16:11 - 2017-03-25 13:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-21 16:11 - 2017-03-25 13:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-21 16:11 - 2017-03-25 12:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-21 16:11 - 2017-03-25 12:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-21 16:11 - 2017-03-25 12:57 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-04-21 16:11 - 2017-03-25 12:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-21 16:11 - 2017-03-25 12:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-04-21 16:11 - 2017-03-25 12:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-21 16:11 - 2017-03-25 12:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-21 16:11 - 2017-03-25 12:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-21 16:11 - 2017-03-24 18:50 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-21 16:11 - 2017-03-24 18:42 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-21 16:11 - 2017-03-22 11:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-21 16:11 - 2017-03-22 11:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-21 16:11 - 2017-03-22 11:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-21 16:11 - 2017-03-22 11:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-04-21 16:11 - 2017-03-22 11:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-21 16:11 - 2017-03-22 11:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-21 16:11 - 2017-03-22 11:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-21 16:11 - 2017-03-22 11:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-21 16:11 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-21 16:11 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-21 16:11 - 2017-03-22 11:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-21 16:11 - 2017-03-22 11:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-04-21 16:11 - 2017-03-22 11:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-21 16:11 - 2017-03-22 11:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-21 16:11 - 2017-03-22 11:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-21 16:11 - 2017-03-22 11:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-04-21 16:11 - 2017-03-14 11:34 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-21 16:11 - 2017-03-14 11:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-21 16:11 - 2017-03-14 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-04-21 16:11 - 2017-03-10 12:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-21 16:11 - 2017-03-10 12:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-04-21 16:11 - 2017-03-10 12:32 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-04-21 16:11 - 2017-03-10 12:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-04-21 16:11 - 2017-03-10 12:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-21 16:11 - 2017-03-10 12:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-21 16:11 - 2017-03-10 12:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-21 16:11 - 2017-03-10 12:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-21 16:11 - 2017-03-10 12:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-21 16:11 - 2017-03-10 12:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-04-21 16:11 - 2017-03-10 12:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-04-21 16:11 - 2017-03-10 12:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-04-21 16:11 - 2017-03-10 12:19 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-04-21 16:11 - 2017-03-10 12:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-04-21 16:11 - 2017-03-10 12:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-04-21 16:11 - 2017-03-10 12:00 - 03219968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-21 16:11 - 2017-03-10 11:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-04-21 16:11 - 2017-03-10 11:55 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-04-21 16:11 - 2017-03-10 11:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-04-21 16:11 - 2017-03-10 11:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-21 16:11 - 2017-03-09 12:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-04-21 16:11 - 2017-03-09 12:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-04-21 16:11 - 2017-03-08 16:20 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-04-21 16:11 - 2017-03-08 16:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-04-21 16:11 - 2017-03-08 00:37 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-04-21 16:11 - 2017-03-08 00:36 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-21 16:11 - 2017-03-08 00:36 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-04-21 16:11 - 2017-03-08 00:36 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-04-21 16:11 - 2017-03-08 00:36 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-04-21 16:11 - 2017-03-08 00:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-04-21 16:11 - 2017-03-08 00:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-04-21 16:11 - 2017-03-08 00:24 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-04-21 16:11 - 2017-03-08 00:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-21 16:11 - 2017-03-08 00:22 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-04-21 16:11 - 2017-03-08 00:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-04-21 16:11 - 2017-03-08 00:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-04-21 16:11 - 2017-03-08 00:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-04-21 16:11 - 2017-03-08 00:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-04-21 16:11 - 2017-03-08 00:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-04-21 16:11 - 2017-03-08 00:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-04-21 16:11 - 2017-03-08 00:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-04-21 16:11 - 2017-03-08 00:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-04-21 16:11 - 2017-03-08 00:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-04-21 16:11 - 2017-03-08 00:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-04-21 16:11 - 2017-03-08 00:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-04-21 16:11 - 2017-03-08 00:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-04-21 16:11 - 2017-03-08 00:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-04-21 16:11 - 2017-03-08 00:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-04-21 16:11 - 2017-03-08 00:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-04-21 16:11 - 2017-03-08 00:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-04-21 16:11 - 2017-03-08 00:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-21 16:11 - 2017-03-08 00:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-04-21 16:11 - 2017-03-08 00:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-04-21 16:11 - 2017-03-08 00:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-04-21 16:11 - 2017-03-08 00:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-04-21 16:11 - 2017-03-08 00:00 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-04-21 16:11 - 2017-03-07 23:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-04-21 16:11 - 2017-03-07 23:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-04-21 16:11 - 2017-03-07 23:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-21 16:11 - 2017-03-07 23:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-21 16:11 - 2017-03-07 23:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-21 16:11 - 2017-03-07 23:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-04-21 16:11 - 2017-03-07 23:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-04-21 16:11 - 2017-03-07 23:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-04-21 16:11 - 2017-03-07 23:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-04-21 16:11 - 2017-03-07 23:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-04-21 16:11 - 2017-03-07 23:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-04-21 16:11 - 2017-03-07 23:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-04-21 16:11 - 2017-03-07 23:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-21 16:11 - 2017-03-07 23:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-21 16:11 - 2017-03-07 23:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-21 16:11 - 2017-03-07 23:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-21 16:11 - 2017-03-07 12:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-21 16:11 - 2017-03-07 12:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-21 16:11 - 2017-03-07 10:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-04-21 16:11 - 2017-03-03 21:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-21 16:11 - 2017-03-03 21:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-21 16:11 - 2017-03-03 21:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-21 16:11 - 2017-03-03 21:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-21 16:11 - 2017-02-14 12:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-21 16:11 - 2017-02-14 12:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-04-21 16:11 - 2017-02-09 12:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-21 16:11 - 2017-02-09 12:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-21 16:11 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-21 16:11 - 2017-01-18 11:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-21 16:11 - 2017-01-18 11:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-21 16:11 - 2017-01-18 11:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-21 16:11 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-21 16:11 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-21 16:11 - 2017-01-18 11:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-21 16:11 - 2017-01-18 11:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-21 16:11 - 2017-01-18 11:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-21 16:11 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-21 16:11 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-21 16:11 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-21 16:11 - 2016-03-23 18:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-04-21 16:11 - 2016-03-23 18:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-04-21 10:03 - 2017-04-21 10:03 - 00570675 _____ C:\Users\Ryan2011\Downloads\Enemy_In_Sight_Reference_by_Liumas_2008-08 (1).pdf
2017-04-21 10:02 - 2017-04-21 10:02 - 00570675 _____ C:\Users\Ryan2011\Downloads\Enemy_In_Sight_Reference_by_Liumas_2008-08.pdf
2017-04-21 07:59 - 2017-04-21 07:59 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{E30707B4-6A62-4992-9E26-A56C2425E91C}
2017-04-20 08:21 - 2017-04-20 08:21 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{FFEAA78A-637C-4FC6-939A-DAFD02883856}
2017-04-19 10:08 - 2017-04-19 10:08 - 00090140 _____ C:\Users\Ryan2011\Downloads\CivilizationRedesignHowTo.pdf
2017-04-19 09:19 - 2017-04-19 09:19 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{6B939AED-B134-4E79-A60E-F4D8BE4D48B4}
2017-04-19 08:44 - 2017-04-19 08:44 - 00088036 _____ C:\Users\Ryan2011\Downloads\tuckbox_civilization_civ-cards.pdf
2017-04-19 08:40 - 2017-04-19 08:40 - 00069672 _____ C:\Users\Ryan2011\Downloads\tuckbox_civilization_trade-cards.pdf
2017-04-19 08:35 - 2017-04-19 08:35 - 00021118 _____ C:\Users\Ryan2011\Downloads\Civilization_-_help_sheet.pdf
2017-04-19 08:34 - 2017-04-19 08:34 - 00232595 _____ C:\Users\Ryan2011\Downloads\Civilization-conciserules-Gibson1988v1.0d(beta).pdf
2017-04-19 08:33 - 2017-04-19 08:33 - 00157621 _____ C:\Users\Ryan2011\Downloads\Civilization-conciserules-Gibson1988v1.0e(beta) (1).pdf
2017-04-18 14:26 - 2017-04-18 14:26 - 00055865 _____ C:\Users\Ryan2011\Downloads\Magic_Realm_Labels_-_Avery_5267.pdf
2017-04-18 14:24 - 2017-04-18 14:24 - 00351520 _____ C:\Users\Ryan2011\Downloads\phsheet_rev.pdf
2017-04-18 09:47 - 2017-04-18 09:47 - 01054903 _____ C:\Users\Ryan2011\Downloads\MR_Redesigned_Character_Cards_Corrections.zip
2017-04-18 09:46 - 2017-04-18 09:46 - 00949660 _____ C:\Users\Ryan2011\Downloads\Character_Record.pdf
2017-04-18 09:45 - 2017-04-18 09:45 - 00379913 _____ C:\Users\Ryan2011\Downloads\transform.pdf
2017-04-18 09:42 - 2017-04-18 09:42 - 00053134 _____ C:\Users\Ryan2011\Downloads\phsheet.pdf
2017-04-18 09:41 - 2017-04-18 09:41 - 07011586 _____ C:\Users\Ryan2011\Downloads\countersheets.zip
2017-04-18 09:41 - 2017-04-18 09:41 - 00021929 _____ C:\Users\Ryan2011\Downloads\phsheet2.pdf
2017-04-18 09:06 - 2017-04-18 09:06 - 00999286 _____ C:\Users\Ryan2011\Downloads\MRIPE.pdf
2017-04-18 08:50 - 2017-04-18 08:50 - 00352556 _____ C:\Users\Ryan2011\Downloads\MonstersHowToKillThem.pdf
2017-04-18 08:48 - 2017-04-18 08:48 - 00039671 _____ C:\Users\Ryan2011\Downloads\LeastMR8.pdf
2017-04-18 08:44 - 2017-04-18 08:44 - 08752907 _____ C:\Users\Ryan2011\Downloads\MR-31-Deluxe_beta.pdf
2017-04-18 08:40 - 2017-04-18 08:40 - 00856590 _____ C:\Users\Ryan2011\Downloads\MagicRealmCharacterStrategies1.pdf
2017-04-18 08:38 - 2017-04-18 08:38 - 01358420 _____ C:\Users\Ryan2011\Downloads\magic_realm_setup_card_sections.pdf
2017-04-18 08:37 - 2017-04-18 08:37 - 00102014 _____ C:\Users\Ryan2011\Downloads\MR_Game_Record.pdf
2017-04-18 08:36 - 2017-04-18 08:36 - 00021331 _____ C:\Users\Ryan2011\Downloads\MR-Player_Aid.pdf
2017-04-18 08:33 - 2017-04-18 08:33 - 00982516 _____ C:\Users\Ryan2011\Downloads\book_of_quests_3ed_v1.pdf
2017-04-18 08:29 - 2017-04-18 08:29 - 00159618 _____ C:\Users\Ryan2011\Downloads\Redesgined_Character_Chits_20161017.pdf
2017-04-18 07:58 - 2017-04-18 07:58 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{A9536B23-AB51-4504-8EE4-BF99D3CB8E25}
2017-04-17 09:22 - 2017-04-17 09:22 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{BE55A82C-4C1E-46B4-8C37-7CE74C67C77D}
2017-04-17 08:43 - 2017-04-17 08:43 - 00109536 _____ C:\Users\Ryan2011\Downloads\
[email protected]
2017-04-17 08:36 - 2017-04-17 08:36 - 00146803 _____ C:\Users\Ryan2011\Downloads\Farkle_Score_Pad.pdf
2017-04-14 15:33 - 2017-04-14 15:33 - 00309723 _____ C:\Users\Ryan2011\Downloads\MR_Tables_mini.pdf
2017-04-14 15:17 - 2017-04-14 15:17 - 01771689 _____ C:\Users\Ryan2011\Downloads\Magic_Realm_3.1_Complete_(touched-up).pdf
2017-04-14 15:05 - 2017-04-14 15:06 - 09290736 _____ C:\Users\Ryan2011\Downloads\book_of_learning_v1.pdf
2017-04-14 14:54 - 2017-04-14 14:54 - 01807922 _____ C:\Users\Ryan2011\Downloads\MR-31-Complete.pdf
2017-04-14 11:02 - 2017-04-14 11:02 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{2DA14968-0A71-4BA3-A13A-F28953BD9585}
2017-04-14 11:01 - 2017-04-14 11:01 - 00866584 _____ C:\Users\Ryan2011\Downloads\MagicRealmLight30-2ndEditionFillablev2.pdf
2017-04-14 10:58 - 2017-04-14 10:58 - 01378795 _____ C:\Users\Ryan2011\Downloads\MagicRealmLight30PortraitRules21.zip
2017-04-14 10:39 - 2017-04-14 10:39 - 00030531 _____ C:\Users\Ryan2011\Downloads\EnemyInSight_QuickRefENG.pdf
2017-04-14 09:16 - 2017-04-14 09:16 - 00344394 _____ C:\Users\Ryan2011\Downloads\GARDENSOFMARS_EN.pdf
2017-04-13 14:29 - 2017-04-13 14:29 - 00040345 _____ C:\Users\Ryan2011\Downloads\221B_solution_checklist-080818-1.pdf
2017-04-13 14:24 - 2017-04-13 14:24 - 00092985 _____ C:\Users\Ryan2011\Downloads\221b_Movement_Variant.pdf
2017-04-13 14:23 - 2017-04-13 14:23 - 00173133 _____ C:\Users\Ryan2011\Downloads\221B_Clues.pdf
2017-04-13 14:21 - 2017-04-13 14:21 - 00089448 _____ C:\Users\Ryan2011\Downloads\221B_hansom_variant-080818-v1.pdf
2017-04-13 08:23 - 2017-04-13 08:23 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{13EB0C4B-FCFC-4B0E-AA4E-F25FF1135E84}
2017-04-12 09:57 - 2017-04-12 09:57 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{32E42171-0814-4A8F-A423-F4D1BBEBC9D2}
2017-04-11 11:32 - 2017-04-11 11:32 - 00338169 _____ C:\Users\Ryan2011\Downloads\Santorini_Gods_Reference_1.2 (1).pdf
2017-04-11 11:28 - 2017-04-11 11:29 - 00880289 _____ C:\Users\Ryan2011\Downloads\Dragonmaster_Tuckbox (1).pdf
2017-04-11 11:28 - 2017-04-11 11:28 - 01101471 _____ C:\Users\Ryan2011\Downloads\Dragonmaster_Tuckbox.pdf
2017-04-11 08:02 - 2017-04-11 08:02 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{37FF8EF3-9C6A-4A6B-BCA5-ED557AE742AE}
2017-04-10 15:28 - 2017-04-10 16:56 - 06579383 _____ C:\Windows\system32\mbarwind-03.arw
2017-04-10 14:50 - 2017-04-10 14:50 - 03013185 _____ C:\Users\Ryan2011\Downloads\Advanced_Outdoor_Survival.pdf
2017-04-10 14:48 - 2017-04-10 14:48 - 00093742 _____ C:\Users\Ryan2011\Downloads\DBCooper.pdf
2017-04-10 14:45 - 2017-04-10 14:45 - 00129299 _____ C:\Users\Ryan2011\Downloads\Game_Scenario_-_Outdoor_Survival_-_Off-Road_Race_-_With_Tracking_Charts_-_Update_1.pdf
2017-04-10 11:02 - 2017-04-10 11:02 - 00052882 _____ C:\Users\Ryan2011\Downloads\Civ_Cheatsheet.pdf
2017-04-10 10:55 - 2017-04-10 10:55 - 01707133 _____ C:\Users\Ryan2011\Downloads\civ.zip
2017-04-10 10:54 - 2017-04-10 10:54 - 00157621 _____ C:\Users\Ryan2011\Downloads\Civilization-conciserules-Gibson1988v1.0e(beta).pdf
2017-04-10 07:50 - 2017-04-10 07:50 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{94B19722-50C9-413E-AD22-04C9BFB6FF2E}
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-10 10:39 - 2015-01-12 09:10 - 00000000 ____D C:\Users\Ryan2011\Desktop\Malware
2017-05-10 10:39 - 2013-10-25 11:19 - 00000000 ____D C:\FRST
2017-05-10 10:14 - 2016-08-22 07:50 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\yahoomessenger
2017-05-10 10:10 - 2012-07-17 09:05 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\Samsung
2017-05-10 10:10 - 2011-04-01 11:42 - 00000000 ____D C:\ProgramData\Samsung
2017-05-10 10:09 - 2015-02-12 16:18 - 00007891 _____ C:\Windows\BRRBCOM.INI
2017-05-10 10:09 - 2011-04-26 10:18 - 00000000 ____D C:\Temp
2017-05-10 09:43 - 2017-01-27 15:08 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-05-10 09:21 - 2017-01-27 15:08 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-05-10 09:21 - 2015-01-12 09:53 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-10 09:20 - 2017-01-27 15:08 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-10 08:58 - 2011-01-31 17:14 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E2EFC854-A19B-421C-8245-B34FDE8E3A62}
2017-05-10 07:44 - 2017-01-27 15:08 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-05-10 03:50 - 2009-07-14 00:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-10 03:50 - 2009-07-14 00:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-09 17:08 - 2009-07-14 01:13 - 00780750 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-09 17:08 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-05-09 17:04 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-09 10:30 - 2011-02-01 11:16 - 00000000 ____D C:\Leonard Ins
2017-05-09 09:47 - 2012-03-30 07:49 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-09 09:47 - 2012-03-30 07:49 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-09 09:47 - 2011-05-18 07:51 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-09 09:47 - 2011-04-05 16:35 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-09 09:47 - 2010-09-10 03:48 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-02 14:36 - 2012-02-23 13:50 - 00000000 ___RD C:\Users\Ryan2011\Dropbox
2017-05-02 14:36 - 2012-02-23 13:44 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\Dropbox
2017-04-28 16:55 - 2011-04-25 09:55 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-28 09:08 - 2011-05-03 15:10 - 00003514 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA
2017-04-28 09:08 - 2011-05-03 15:10 - 00003242 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core
2017-04-24 17:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-04-24 08:26 - 2013-03-14 16:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-24 08:26 - 2009-07-14 00:45 - 00351192 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-24 08:25 - 2013-03-14 16:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-21 16:24 - 2013-03-14 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-21 16:21 - 2013-08-14 12:02 - 00000000 ____D C:\Windows\system32\MRT
2017-04-21 16:19 - 2011-02-01 15:42 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-21 16:16 - 2011-01-31 17:37 - 00748458 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-04-17 08:45 - 2011-01-31 13:36 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\VirtualStore
2017-04-14 15:25 - 2011-02-02 12:18 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\CutePDF Writer
2017-04-11 11:32 - 2015-04-16 09:19 - 00000000 ____D C:\Users\Ryan2011\Board Game Materials
==================== Files in the root of some directories =======
2011-02-10 09:36 - 2015-02-12 15:54 - 0043247 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
2017-05-10 10:15 - 2008-05-07 14:55 - 0153088 _____ () C:\Users\Ryan2011\AppData\Local\Temp\GLB1A2B.EXE
2017-05-10 10:05 - 2012-06-26 16:02 - 0135168 _____ (Musiccity Co.Ltd.) C:\Users\Ryan2011\AppData\Local\Temp\muzaf1.dll
2017-05-10 10:05 - 2012-06-26 16:02 - 0491520 _____ (Musiccity Co.Ltd.) C:\Users\Ryan2011\AppData\Local\Temp\muzapp.dll
2017-05-10 10:05 - 2012-06-26 16:02 - 0172032 _____ (Musiccity Co.Ltd.) C:\Users\Ryan2011\AppData\Local\Temp\muzapp.exe
2017-05-10 10:05 - 2012-06-26 16:02 - 0200704 _____ ( © MusicCity) C:\Users\Ryan2011\AppData\Local\Temp\muzwmts.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-05-03 00:27
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by Ryan2011 (10-05-2017 10:47:43)
Running from C:\Users\Ryan2011\Desktop\Malware
Windows 7 Home Premium Service Pack 1 (X64) (2011-01-31 17:32:41)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1237553287-1429794397-2156527687-500 - Administrator - Disabled)
Guest (S-1-5-21-1237553287-1429794397-2156527687-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1237553287-1429794397-2156527687-1008 - Limited - Enabled)
Ryan2011 (S-1-5-21-1237553287-1429794397-2156527687-1000 - Administrator - Enabled) => C:\Users\Ryan2011
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader 9.4.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.0 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.15 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.0.1 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.0.1 - Amazon Services LLC) Hidden
A-PDF Page Cut (HKLM-x32\...\A-PDF Page Cut_is1) (Version: - A-PDF Solution)
Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Brother MFL-Pro Suite MFC-J870DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
Carcassonne (HKLM-x32\...\{8033CA80-B44F-40F9-8D0A-957211442C19}) (Version: 1.0 - Deep Silver)
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Cole2k Media - Codec Pack (Advanced) 8.0.2 (HKLM-x32\...\Cole2k Media - Codec Pack) (Version: 8.0.2 - Cole2k Media)
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
CutList Plus Express (HKLM-x32\...\{29C0946B-850E-4E9A-8DE3-AFB7109CC86C}) (Version: 1.1.3 - Bridgewood Design)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Desktop Icon Position Saver (64-bit) (HKLM-x32\...\dips64) (Version: - )
Dominion (HKLM-x32\...\Dominion) (Version: 2.00.47.11 - MakingFun)
Dropbox (HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Dropbox) (Version: 25.4.28 - Dropbox, Inc.)
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.17 - NCH Software)
FastImageResizer (remove only) (HKLM-x32\...\FastImageResizer) (Version: - )
Free AVI Player (HKLM-x32\...\{7DED55EA-FB69-4101-AD5D-3D7F985E68A7}) (Version: 1.00.0000 - Media Freeware)
Gametel Configuration Tool 64-bit (HKLM\...\{7B83120F-92B3-45D7-A3A6-B034EF7AC5A9}) (Version: 1.2.1.0 - Fructel AB)
Google Chrome (HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.165 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Hoyle Casino (HKLM-x32\...\{3F99D180-34C3-4151-8C6C-86FC5D7BDFBD}) (Version: 1.0.0 - Encore)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Informatik (HKLM-x32\...\Informatik_is1) (Version: - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LibreOffice 4.3.7.2 (HKLM-x32\...\{8ED4A1FC-56CF-414C-A9AB-A37714AA9EA7}) (Version: 4.3.7.2 - The Document Foundation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mansions of Madness (HKLM\...\Steam App 478980) (Version: - Fantasy Flight Games)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\{4a461520-05cf-4df1-8957-844b4a811ff4}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mp3tag v2.52 (HKLM-x32\...\Mp3tag) (Version: v2.52 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Palace of Chance (HKLM-x32\...\{f51a5449-9174-4e90-a0b2-bd67e0a9a87e}) (Version: 12.0.0 - RealTimeGaming Software)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Plex Media Server (HKLM-x32\...\{7425d872-d65d-42c9-8c6d-7a8a529a4b50}) (Version: 0.9.1107 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1107 - Plex, Inc.) Hidden
PosteRazor (HKLM-x32\...\PosteRazor_is1) (Version: 1.5.2 - Alessandro Portale)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5963 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon Deluxe (HKLM-x32\...\GOGPACKRTC_is1) (Version: 2.1.0.18 - GOG.com)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version: - ) Hidden
SCARM 0.9.24 beta (HKLM-x32\...\{9BF3D390-A0AD-4733-AFC8-18E306B8E219}_is1) (Version: 0.9.24 - Milen Peev)
SketchUp 2013 (HKLM-x32\...\{72B622C9-AA10-47D7-A10C-377CF9BC8502}) (Version: 13.0.4124 - Trimble Navigation Limited)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Small World 2 (HKLM-x32\...\Steam App 235620) (Version: - Days of Wonder)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Strange Eons 3745 (HKLM\...\0581-5195-2362-0248) (Version: 3745 - Christopher G. Jennings)
Talisman: Prologue (HKLM-x32\...\Steam App 258200) (Version: - )
Ticket to Ride (HKLM-x32\...\Steam App 108200) (Version: - Days of Wonder)
TQ Defiler.NET (HKLM-x32\...\{F4CB0C1E-A88F-46D7-AC9A-03B349A8D64F}) (Version: 1.3.7 - Soul's Software)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.26 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Virtual Pool 3 DL (HKLM-x32\...\{7B4873B0-71FF-4BAA-8072-1DEE154C54E4}) (Version: 3.3.1.1 - Celeris)
Virtual Pool 3 Preview (HKLM-x32\...\{70E9BAF7-FCAF-465D-AF60-7C25F68D015C}) (Version: 3.2.3.9 - Celeris)
Virtual Pool 4 Demo (HKLM-x32\...\{76EA761E-E91A-4715-8511-12B7707E53BF}) (Version: 4.1.1.7 - Celeris)
Visual Pinball VPInstaller 1.0.3 (HKLM-x32\...\Visual Pinball) (Version: VPInstaller 1.0.3 - VPForums.org)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Volume Activation Management Tool 2.0 (HKLM-x32\...\{EE010C18-9A1A-4F0E-B46E-884CA113232E}) (Version: 2.0.67.0 - Microsoft Corporation)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (02/03/2011 2.4.0.0) (HKLM\...\88C277C6E63CBDAF35A096E80A5B97A29A619D3A) (Version: 02/03/2011 2.4.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Fructel AB (usbser) Ports (11/04/2011 1.0.0.0) (HKLM\...\CD721827CE36C3AEAB693B6DFF32C57AC19F2425) (Version: 11/04/2011 1.0.0.0 - Fructel AB)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR 4.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\ChromeHTML: -> C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{799ff11c-a966-4c28-b7c4-b7d0ed801240}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{dd0949d3-a983-45b9-ad90-679bc855b724}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {11B44973-C307-410E-B060-BC52D00099B6} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA => C:\Users\Ryan2011\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {64506389-48FD-4A6D-B4D1-13ED5817E66E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA => C:\Users\Ryan2011\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {757CC069-530F-4A09-95CD-861F832C0212} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core => C:\Users\Ryan2011\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7F2810AD-1DC0-460F-BE58-B542A4D14CB3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core => C:\Users\Ryan2011\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {ABF70F24-614F-4F59-9ABD-CC61D6934431} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {CD96F50D-D4B2-4040-B732-45D70ECF4195} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {E956ACFD-B423-47F8-8B1D-BFE24FF7D8EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09] (Adobe Systems Incorporated)
Task: {ECC21FC9-D70C-4F41-91D8-C96DFC8A8B50} - System32\Tasks\{730F5265-3543-43CD-B456-02F5030351B3} => C:\Program Files (x86)\Visual Pinball\VPinball_9_0_2.exe [2009-02-09] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2011-02-02 11:40 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2011-02-01 15:35 - 2007-02-28 09:53 - 00116224 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dlbkpp6c.dll
2017-01-27 15:08 - 2017-02-24 07:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-27 15:08 - 2017-02-24 07:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2014-12-21 23:31 - 2014-12-21 23:31 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2014-12-21 23:31 - 2014-12-21 23:31 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2014-12-21 23:31 - 2014-12-21 23:31 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2014-12-21 23:31 - 2014-12-21 23:31 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2014-12-21 23:31 - 2014-12-21 23:31 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2014-12-21 23:31 - 2014-12-21 23:31 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2014-12-21 23:31 - 2014-12-21 23:31 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2014-12-21 23:31 - 2014-12-21 23:31 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2014-12-21 23:31 - 2014-12-21 23:31 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2014-12-21 23:31 - 2014-12-21 23:31 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2014-12-21 23:31 - 2014-12-21 23:31 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2015-02-12 17:19 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-08-08 15:10 - 2016-08-08 15:10 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5d3fdf7962e3a154830b603096be4216\IsdiInterop.ni.dll
2010-09-10 03:49 - 2010-03-03 21:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2017-04-03 19:03 - 2017-03-28 22:04 - 02187096 _____ () C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-03 19:03 - 2017-03-28 22:04 - 00086360 _____ () C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\57.0.2987.133\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7907 more sites.
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\foragentsonly.com -> foragentsonly.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\...\123simsen.com -> www.123simsen.com
There are 7907 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2017-02-28 10:08 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryan2011\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{F859B18D-11B4-47A0-98AF-6CBF61886FDB}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{EB4D2780-8883-4487-A163-5C2131EAA1FD}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [TCP Query User{706C019A-2431-4162-9BE9-3D95F25C8A0B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{B309CC84-66C2-4C1F-8B0A-E7AB183731EC}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{78BBEBB9-98AA-4E78-8D46-EC7EAF903828}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3437AB37-5A67-409F-98F0-B61BEF40A4C9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0C838C23-32AC-4619-86BB-1DB626541975}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{25D253B2-BC06-4D73-A7F3-48712F166FF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{E8FA111B-E1AF-425A-B972-E46846F3F7E4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{6C7B2DD2-4B1C-4DC4-B3AB-39EAFF52A5A7}C:\program files (x86)\deep silver\carcassonne\carcassonne.exe] => (Allow) C:\program files (x86)\deep silver\carcassonne\carcassonne.exe
FirewallRules: [UDP Query User{07157617-7AA8-4622-B84F-2D8947BACD07}C:\program files (x86)\deep silver\carcassonne\carcassonne.exe] => (Allow) C:\program files (x86)\deep silver\carcassonne\carcassonne.exe
FirewallRules: [{5863A6E2-0C37-4502-BADB-F939EB468D5B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{ABC21109-BD1E-4626-A1F6-28A4BB8A8777}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{511A2E9D-8654-47EB-8EEF-C36E8B3F935B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ticket to Ride\Ticket to Ride.exe
FirewallRules: [{205DE729-8951-44CA-A00B-1F6F3BF3D44D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ticket to Ride\Ticket to Ride.exe
FirewallRules: [{DE05B080-623A-4848-8845-8660795299CF}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{95EE5139-0793-4277-B0A1-87D7CD0CBDC9}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{A75C42EA-3872-4AE8-AB11-4EBAFC36B12A}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [TCP Query User{0FB0D458-2F27-4D39-9678-02304DD1733A}C:\users\ryan2011\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ryan2011\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{8D858DBB-F379-4190-9CC0-09C6F936B260}C:\users\ryan2011\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ryan2011\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{97DDF85E-6573-4675-AC52-CDCA0A1CD552}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SmallWorld2\SW2Executable.app\Contents\Win32\SW2Executable.exe
FirewallRules: [{E72A7AFA-C105-4A25-BE5E-053EDA3E0A05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SmallWorld2\SW2Executable.app\Contents\Win32\SW2Executable.exe
FirewallRules: [TCP Query User{3FA02E10-686E-4CFA-8898-496B88373867}C:\users\ryan2011\appdata\local\temp\rar$exa0.606\overland.exe] => (Allow) C:\users\ryan2011\appdata\local\temp\rar$exa0.606\overland.exe
FirewallRules: [UDP Query User{2E96CC84-3BBF-4F2E-AA8A-39871170E0BF}C:\users\ryan2011\appdata\local\temp\rar$exa0.606\overland.exe] => (Allow) C:\users\ryan2011\appdata\local\temp\rar$exa0.606\overland.exe
FirewallRules: [TCP Query User{ED39554A-1E4B-4FCC-AF98-972C6A2A1346}C:\users\ryan2011\overland\overland.exe] => (Allow) C:\users\ryan2011\overland\overland.exe
FirewallRules: [UDP Query User{C12A1365-EF38-446B-8DF1-717F1CAED693}C:\users\ryan2011\overland\overland.exe] => (Allow) C:\users\ryan2011\overland\overland.exe
FirewallRules: [{E6D07D41-F769-4575-ABA6-7AB9A923C059}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mansions of Madness\Mansions of Madness.exe
FirewallRules: [{8682DD35-F884-4BB5-93BC-792A4913AC8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mansions of Madness\Mansions of Madness.exe
FirewallRules: [{AFA8A48F-97B8-470B-85C7-6F550C2E6437}] => (Allow) C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{0E435481-A561-45F1-9E94-8C2F200E0C25}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F7015285-3BA2-475B-AFAE-D0DD80877A56}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5B3357A3-40A8-42AA-B10E-1BFBAB029249}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{AEEFB0D0-53BD-4809-9B89-6A483C488C6A}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
==================== Restore Points =========================
21-04-2017 16:13:56 Windows Update
01-05-2017 17:26:39 Scheduled Checkpoint
09-05-2017 00:00:06 Scheduled Checkpoint
10-05-2017 10:07:08 Removed Samsung Kies
10-05-2017 10:11:05 Removed Virtual Pool 4 Demo
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/10/2017 10:21:23 AM) (Source: MsiInstaller) (EventID: 10005) (User: Ryan2011-PC)
Description: Product: Palace of Chance -- Error 2203.Database: C:\Windows\Installer\3ab574b.ipi. Cannot open database file. System error -2147287035.
Error: (05/10/2017 10:13:17 AM) (Source: MsiInstaller) (EventID: 10005) (User: Ryan2011-PC)
Description: Product: Virtual Pool 4 Demo -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2203. The arguments are: C:\Windows\Installer\3ab5749.ipi, -2147287035,
Error: (05/10/2017 10:09:59 AM) (Source: MsiInstaller) (EventID: 10005) (User: Ryan2011-PC)
Description: Product: Samsung Kies -- Error 2203.Database: C:\Windows\Installer\3ab5747.ipi. Cannot open database file. System error -2147287035.
Error: (05/08/2017 08:21:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18639 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 8f0
Start Time: 01d2c7f5493bff43
Termination Time: 16
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (05/02/2017 01:41:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.415, time stamp: 0x5881b7a1
Faulting module name: MwacControllerImpl.dll, version: 3.0.0.142, time stamp: 0x58a313b4
Exception code: 0xc0000005
Fault offset: 0x00000000000273fe
Faulting process id: 0x9a4
Faulting application start time: 0x01d2c274896d3741
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacControllerImpl.dll
Report Id: 0d1f5db2-2efa-11e7-9208-000acd21436e
Error: (04/27/2017 09:19:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.415, time stamp: 0x5881b7a1
Faulting module name: bcryptprimitives.dll, version: 6.1.7601.23451, time stamp: 0x573365b4
Exception code: 0xc0000005
Fault offset: 0x0000000000007e53
Faulting process id: 0x900
Faulting application start time: 0x01d2bea1c50daf21
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Windows\system32\bcryptprimitives.dll
Report Id: afc24917-2bb0-11e7-875a-000acd21436e
Error: (04/25/2017 03:57:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.415, time stamp: 0x5881b7a1
Faulting module name: bcryptprimitives.dll, version: 6.1.7601.23451, time stamp: 0x573365b4
Exception code: 0xc0000005
Fault offset: 0x0000000000007e53
Faulting process id: 0x744
Faulting application start time: 0x01d2bcf65ec8a3d4
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Windows\system32\bcryptprimitives.dll
Report Id: d297bbe7-298c-11e7-875a-000acd21436e
Error: (04/23/2017 06:16:33 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Acquisition of genuine ticket failed (hr=0xC004B100) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f
Error: (04/23/2017 06:16:33 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004B100
Error: (04/22/2017 05:21:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.415, time stamp: 0x5881b7a1
Faulting module name: arwlib.dll_unloaded, version: 0.0.0.0, time stamp: 0x58af57f8
Exception code: 0xc0000005
Fault offset: 0x000007feeb61f273
Faulting process id: 0xf90
Faulting application start time: 0x01d2bad23e388263
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: arwlib.dll
Report Id: 16d775fb-273d-11e7-8cb1-000acd21436e
System errors:
=============
Error: (05/10/2017 10:34:31 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Ryan2011-PC\Ryan2011 (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
Error: (05/10/2017 10:34:29 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Ryan2011-PC\Ryan2011 (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
Error: (05/10/2017 10:34:29 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Ryan2011-PC\Ryan2011 (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
Error: (05/10/2017 10:34:29 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Ryan2011-PC\Ryan2011 (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
Error: (05/10/2017 10:34:29 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Ryan2011-PC\Ryan2011 (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
Error: (05/10/2017 10:34:29 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Ryan2011-PC\Ryan2011 (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
Error: (05/10/2017 10:33:02 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Ryan2011-PC\Ryan2011 (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
Error: (05/10/2017 10:33:02 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Ryan2011-PC\Ryan2011 (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
Error: (05/10/2017 10:33:02 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Ryan2011-PC\Ryan2011 (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
Error: (05/10/2017 10:33:02 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Ryan2011-PC\Ryan2011 (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
==================== Memory info ===========================
Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 94%
Total physical RAM: 4060.98 MB
Available physical RAM: 225.28 MB
Total Virtual: 8120.15 MB
Available Virtual: 2728.75 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:453.69 GB) (Free:298.44 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 86C69001)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================