Jump to content

jonbam

Honorary Members
  • Posts

    69
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I only posted on the bleeping forum. I completed a number of tests. I thought I post here also because my malwarebytes software didn't pick anything up.
  2. I have no idea how to upload the txt files on this forum.
  3. Additional scan result of Farbar Recovery Scan Tool (x64) Version:19-12-2015 Ran by Jonathan (2015-12-20 15:20:48) Running from C:\Users\Jonathan\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2013-03-27 12:57:12) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2393814480-1901860420-2681352935-500 - Administrator - Disabled) Guest (S-1-5-21-2393814480-1901860420-2681352935-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2393814480-1901860420-2681352935-1004 - Limited - Enabled) Jonathan (S-1-5-21-2393814480-1901860420-2681352935-1002 - Administrator - Enabled) => C:\Users\Jonathan UpdatusUser (S-1-5-21-2393814480-1901860420-2681352935-1001 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 17.2.1 - Hewlett-Packard) Hidden Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - ) Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.0.0.1 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB) Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version: - ) Call of Duty: Ghosts (HKLM-x32\...\Steam App 209160) (Version: - Infinity Ward) Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version: - ) Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version: - ) Canon Easy-PhotoPrint Pro (HKLM-x32\...\Easy-PhotoPrint Pro) (Version: - ) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - ) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - ) Canon MG6200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series) (Version: - ) Canon MG6200 series On-screen Manual (HKLM-x32\...\Canon MG6200 series On-screen Manual) (Version: - ) Canon MG6200 series User Registration (HKLM-x32\...\Canon MG6200 series User Registration) (Version: - ) Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - ) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - ) Command and Conquer 3: Tiberium Wars (HKLM-x32\...\Steam App 24790) (Version: - EA Los Angeles) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.) ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) eSupport UndeletePlus 3.0.4.513 (HKLM-x32\...\eSupport UndeletePlus_is1) (Version: - Copyright © 2011 eSupport.com • All Rights Reserved) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.) Google Update Helper (x32 Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden HP Color LaserJet Pro MFP M277 (HKLM-x32\...\{7ac49734-541c-48e7-99be-02f41e43e79d}) (Version: 14.0.14309.409 - Hewlett-Packard) HP Support Solutions Framework (HKLM-x32\...\{A772EA32-AE5B-4474-BFC0-4C69C04AFF6A}) (Version: 12.0.30.219 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPCLJProM277 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPDXP (x32 Version: 3.0.26.32 - HP) Hidden HPLJUTCore (x32 Version: 014.000.0001 - HP) Hidden HPLJUTM277 (x32 Version: 014.000.0001 - HP) Hidden hppLaserJetService (x32 Version: 009.033.00926 - Hewlett-Packard) Hidden hppM277LaserJetService (x32 Version: 001.034.00686 - Hewlett-Packard) Hidden HPScanPlugin (HKLM-x32\...\{0D118BA9-4706-49DE-8E2F-1A12317EDBF6}) (Version: 28.11.0.0 - Hewlett-Packard Co.) hpStatusAlerts (x32 Version: 140.040.00231 - Hewlett Packard) Hidden hpStatusAlertsM277 (x32 Version: 140.046.00129 - Hewlett-Packard) Hidden I.R.I.S. OCR (HKLM-x32\...\{F20A04CF-5BE6-404A-9295-D59046238245}) (Version: 12.3.6.6 - HP) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation) Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation) LJDXPHelperUI (x32 Version: 140.069.007 - HP) Hidden Macrium Reflect Home Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.) Macrium Reflect Home Edition (Version: 6.1.871 - Paramount Software (UK) Ltd.) Hidden MagicTunePremium (HKLM-x32\...\{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}) (Version: 4.0.07 - Samsung Electronics Ltd.) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation) Microsoft Money (HKLM-x32\...\{01A2E33A-8ADA-42D1-9173-8F65149E952F}) (Version: 11.0.100 - Microsoft) Microsoft Money System Pack (HKLM-x32\...\{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}) (Version: 11.0.120 - Microsoft) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla) MyFreeCodec (HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\MyFreeCodec) (Version: - ) NVIDIA 3D Vision Controller Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation) NVIDIA 3D Vision Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.07 - NVIDIA Corporation) NVIDIA Graphics Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.07 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation) NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.3.6.4639 - Electronic Arts, Inc.) Paint Shop Pro 7 Anniversary Edition (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc) Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version: - Uber Entertainment) PlayMemories Home (HKLM-x32\...\{1E5C7043-09C5-4974-A69F-A5271FD82BBC}) (Version: 7.0.00.11271 - Sony Corporation) PowerChute Business Edition Agent (HKLM-x32\...\{BCE9F441-9027-4911-82E0-5FB28057897D}) (Version: 9.0.1.608 - American Power Conversion) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Rapport (x32 Version: 3.5.1507.99 - Trusteer) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.103 - Skype Technologies S.A.) Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com) Supreme Commander: Forged Alliance (HKLM-x32\...\Steam App 9420) (Version: - Gas Powered Games) TP-LINK 300Mbps Wireless USB Adapter Driver (HKLM-x32\...\{67A2AE56-F0CA-48AB-B511-F142C612BDF6}) (Version: 1.3.1 - TP-LINK) TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK) Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.99 - Trusteer) Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc) Winamp Detector Plug-in (HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) WinDirStat 1.1.2 (HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\WinDirStat) (Version: - ) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll => No Fi (the data entry has 2 more characters). CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll => No Fi (the data entry has 2 more characters). CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll => No Fi (the data entry has 2 more characters). CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll => No Fi (the data entry has 2 more characters). CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll => No File CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File ==================== Restore Points ========================= ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0EFAA443-DD9B-4401-9746-A3AA582D8DB0} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2393814480-1901860420-2681352935-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {14FF0BB7-173F-4581-921A-79A7A697D938} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2393814480-1901860420-2681352935-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {4AE39DD9-21DB-4461-ACBF-63EB96C83FE8} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2393814480-1901860420-2681352935-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe Task: {53329619-2F2F-476B-97E9-AC7FC33EFAFE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2393814480-1901860420-2681352935-1002UA => C:\Users\Jonathan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.) Task: {5C7F54FB-F225-4112-8E55-0B552A3B320A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2393814480-1901860420-2681352935-1002Core => C:\Users\Jonathan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.) Task: {5C9802AC-CC3F-4459-8C2E-26072D868BC9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {70100AB3-F4CC-4B11-A285-48C73A3231D8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard) Task: {728DA556-CF36-48EF-9751-9D4EE547C647} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {894B2348-5AE7-4E6E-AF10-8E0F3EDB9689} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2393814480-1901860420-2681352935-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {8F2E7692-DAB2-4FEA-BDB4-D06A53AE8C8A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated) Task: {BFB19088-F8CB-4C4C-B4BC-4BD5BBD9DB88} - System32\Tasks\{E8E50606-BC56-461E-966B-7DF8E6B7D9BA} => pcalua.exe -a C:\Users\Jonathan\Downloads\wlsetup-web.exe -d C:\Users\Jonathan\Downloads Task: {C73514CF-B2F3-482D-A43B-0DB2AA281C69} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {D5B0F1C1-CEF0-4107-BC5D-FFEC870D6B71} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2014-10-19] (Hewlett Packard) Task: {FBB51D4E-8E66-43A0-9C7E-3167DCA98A4F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2393814480-1901860420-2681352935-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2393814480-1901860420-2681352935-1002Core.job => C:\Users\Jonathan\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2393814480-1901860420-2681352935-1002UA.job => C:\Users\Jonathan\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2013-03-27 14:12 - 2011-02-07 07:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 2013-12-26 11:24 - 2013-12-26 11:24 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2013-03-25 07:25 - 2013-02-10 01:04 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-05-22 19:04 - 2013-05-22 19:04 - 00400704 _____ () C:\Users\Jonathan\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe 2013-03-27 13:40 - 2009-10-05 13:06 - 00036864 _____ () C:\Program Files\MagicTune Premium\GammaTray.exe 2013-03-27 13:40 - 2010-10-29 11:27 - 00067584 _____ () C:\Program Files\MagicTune Premium\VESADll.dll 2013-03-27 13:40 - 2010-10-29 11:27 - 00068096 _____ () C:\Program Files\MagicTune Premium\IPROFILE.dll 2013-03-27 13:40 - 2010-10-29 11:27 - 00056832 _____ () C:\Program Files\MagicTune Premium\DPROFILE.dll 2013-03-27 13:40 - 2010-10-29 11:27 - 00058880 _____ () C:\Program Files\MagicTune Premium\EPROFILE.dll 2013-03-27 13:40 - 2010-10-29 11:27 - 00050176 _____ () C:\Program Files\MagicTune Premium\DEVICEINTERFACE.dll 2013-03-27 13:40 - 2010-10-29 11:27 - 00023552 _____ () C:\Program Files\MagicTune Premium\Highlight.dll 2013-03-27 13:40 - 2010-10-29 11:29 - 00026624 _____ () C:\Program Files\MagicTune Premium\HzZone.dll 2013-03-27 13:40 - 2010-10-29 11:29 - 00052736 _____ () C:\Program Files\MagicTune Premium\MTResEng.dll 2014-12-18 10:32 - 2005-01-05 17:13 - 00027648 _____ () C:\Program Files (x86)\APC\PowerChute Business Edition\agent\lib\win32\win32com.dll 2014-12-18 10:32 - 2011-02-28 13:18 - 00032768 _____ () C:\Program Files (x86)\APC\PowerChute Business Edition\agent\lib\win32\ApcUsb_ul.dll 2013-03-25 13:23 - 2015-11-10 19:55 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-01-20 10:02 - 2015-07-03 16:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-01-20 10:02 - 2015-07-03 16:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-01-20 10:02 - 2015-07-03 16:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2014-05-22 13:42 - 2015-12-14 20:01 - 02547280 _____ () C:\Program Files (x86)\Steam\video.dll 2014-08-29 08:49 - 2015-09-24 00:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2014-08-29 08:49 - 2015-09-24 00:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2014-08-29 08:49 - 2015-09-24 00:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2014-08-29 08:49 - 2015-09-24 00:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2014-08-29 08:49 - 2015-09-24 00:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2013-08-15 19:40 - 2015-12-14 20:01 - 00804432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2015-07-22 07:59 - 2015-11-03 22:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll 2015-12-11 12:30 - 2015-10-31 00:59 - 00034768 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd 2015-12-11 12:30 - 2015-10-31 01:00 - 00019408 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\faulthandler.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00022848 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00023352 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00042296 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd 2015-12-11 12:30 - 2015-10-31 00:59 - 00116688 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\pywintypes27.dll 2015-12-11 12:30 - 2015-10-31 00:59 - 00093640 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\_ctypes.pyd 2015-12-11 12:30 - 2015-10-31 00:59 - 00018376 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\select.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00019760 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd 2015-12-11 12:30 - 2015-10-31 01:00 - 00105928 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32api.pyd 2015-12-11 12:30 - 2015-10-31 00:59 - 00392144 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\pythoncom27.dll 2015-12-11 12:30 - 2015-12-08 21:36 - 00381752 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd 2015-12-11 12:30 - 2015-10-31 00:59 - 00692688 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\unicodedata.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00020816 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd 2015-12-11 12:30 - 2015-10-31 01:00 - 00109520 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 01737032 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00020808 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00020800 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00021840 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00038696 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\fastpath.pyd 2015-12-11 12:30 - 2015-10-31 01:00 - 00024528 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32event.pyd 2015-12-11 12:30 - 2015-10-31 01:00 - 00020936 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\mmapfile.pyd 2015-12-11 12:30 - 2015-10-31 01:00 - 00114640 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32security.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00021320 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd 2015-12-11 12:30 - 2015-10-31 01:00 - 00124880 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32file.pyd 2015-12-11 12:30 - 2015-10-31 01:00 - 00030160 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32pipe.pyd 2015-12-11 12:30 - 2015-10-31 01:00 - 00043472 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32process.pyd 2015-12-11 12:30 - 2015-10-31 01:00 - 00175560 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32gui.pyd 2015-12-11 12:30 - 2015-10-31 01:00 - 00028616 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32ts.pyd 2015-12-11 12:30 - 2015-10-31 01:00 - 00024016 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32clipboard.pyd 2015-12-11 12:30 - 2015-10-31 01:00 - 00048592 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32service.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00024392 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd 2015-12-11 12:30 - 2015-10-31 01:00 - 00036296 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\librsync.dll 2015-12-11 12:30 - 2015-10-31 01:00 - 00024016 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32profile.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00117056 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00023376 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd 2015-12-11 12:30 - 2015-10-31 00:59 - 00134608 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\_elementtree.pyd 2015-12-11 12:30 - 2015-10-31 00:59 - 00134088 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\pyexpat.pyd 2015-12-11 12:30 - 2015-10-31 01:00 - 00240584 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\jpegtran.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00020280 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00052024 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00021304 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd 2015-12-11 12:30 - 2015-10-31 01:00 - 00350152 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\winxpgui.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00084792 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2015-12-11 12:30 - 2015-12-08 21:36 - 01826608 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd 2015-12-11 12:30 - 2015-10-31 01:00 - 00083912 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\sip.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 03891504 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 01950000 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00519984 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00133936 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00225080 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00207672 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00024904 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00486704 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd 2015-12-11 12:30 - 2015-12-08 21:36 - 00357680 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd 2015-03-04 21:45 - 2015-10-31 01:01 - 00019920 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll 2015-03-04 21:45 - 2015-10-31 01:00 - 00786904 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-08-08 09:11 - 2015-10-31 01:00 - 00063448 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-03-04 21:45 - 2015-10-31 01:00 - 00019408 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll 2015-07-21 16:02 - 2015-07-21 16:02 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll 2013-08-15 19:40 - 2015-11-17 00:31 - 47846176 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2014-10-16 16:40 - 2014-10-16 16:40 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll 2012-10-09 17:43 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2012-10-09 17:42 - 2012-02-07 16:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: EADM => "e:\Program Files (x86)\Origin\Origin.exe" -AutoStart ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{5591A086-2B7A-4ACE-B397-5DC14BD19E7A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{7E911025-C56C-4933-B8D9-EC596B4CB720}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [TCP Query User{8AF8C205-76F7-4421-A2A0-FE91E725654B}C:\program files\magictune premium\magictune.exe] => (Allow) C:\program files\magictune premium\magictune.exe FirewallRules: [uDP Query User{3E99F489-948C-4480-87A1-B5830BD33B9B}C:\program files\magictune premium\magictune.exe] => (Allow) C:\program files\magictune premium\magictune.exe FirewallRules: [{E6FF469E-2360-4C12-9B63-7DD16D4FD8CA}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe FirewallRules: [{A6C14FED-EC1A-464A-ACFA-4473B19EC23D}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe FirewallRules: [{93B34B40-8AC5-4DB4-B466-64A2A058F76D}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe FirewallRules: [{70155640-06A9-4E08-A236-8FC2560E5015}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe FirewallRules: [{D9E9811D-018C-46D3-ABA7-B6C6539FE5AE}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe FirewallRules: [{39AF3744-BFF6-4E15-88D9-03537F7F71D2}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe FirewallRules: [{7D967BC6-559C-41D0-8B34-054FDF5BBA38}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe FirewallRules: [{CB66D671-CCAA-4DF0-988F-E63CA2006D71}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe FirewallRules: [{C50472A4-DCCD-4CDA-B13C-A02D7F85067C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{257A9890-2643-4F34-9E4E-47A96CC198D9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{97F8B26B-50AC-43F0-BF4F-716D1BECB18E}D:\easysetupassistant\wr841n\easysetupassistant.exe] => (Allow) D:\easysetupassistant\wr841n\easysetupassistant.exe FirewallRules: [uDP Query User{43F56D0C-E775-4A92-BC63-50A07028B64E}D:\easysetupassistant\wr841n\easysetupassistant.exe] => (Allow) D:\easysetupassistant\wr841n\easysetupassistant.exe FirewallRules: [TCP Query User{C90D98AC-D633-40C8-BCE1-ED468A05FC42}D:\easysetupassistant\wr841n\easysetupassistant.exe] => (Allow) D:\easysetupassistant\wr841n\easysetupassistant.exe FirewallRules: [uDP Query User{BBB3375C-A232-4AE5-9159-DB69CC837EEE}D:\easysetupassistant\wr841n\easysetupassistant.exe] => (Allow) D:\easysetupassistant\wr841n\easysetupassistant.exe FirewallRules: [TCP Query User{EE1FB5A7-AD65-4651-910A-522D21A5FCF3}C:\program files\magictune premium\magictune.exe] => (Block) C:\program files\magictune premium\magictune.exe FirewallRules: [uDP Query User{895D5832-0CF2-4C1A-BB58-97B925081CEF}C:\program files\magictune premium\magictune.exe] => (Block) C:\program files\magictune premium\magictune.exe FirewallRules: [{667CB375-12DD-4BC3-9093-73F54BBE89A4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{4305EEB1-8206-4719-BB0B-571E993460A5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe FirewallRules: [{2433D013-B359-4E19-B0EC-31A4E8E13CDE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe FirewallRules: [{02D4560A-D288-4BA7-BEED-ABFE3FF4AE1D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe FirewallRules: [{81CB44AD-06A0-4E66-B49A-5C0E48FC4154}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe FirewallRules: [TCP Query User{2C5FA7D5-E080-4114-B22F-DF2232B07B0C}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe FirewallRules: [uDP Query User{0EBA328C-7F16-4A05-ADA0-CC42B68F821E}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe FirewallRules: [{C30270D7-A870-4660-B0DB-B6935D6D4DEF}] => (Allow) E:\steam2\SteamApps\common\Call of Duty Ghosts\iw6mp64_ship.exe FirewallRules: [{8B86C6CE-1070-4F4E-A545-23AD1B863E98}] => (Allow) E:\steam2\SteamApps\common\Call of Duty Ghosts\iw6mp64_ship.exe FirewallRules: [{E2BA4B70-CBCC-4387-B19C-E3917B7ADBB5}] => (Allow) E:\steam2\SteamApps\common\Call of Duty Ghosts\iw6sp64_ship.exe FirewallRules: [{2785389D-71EE-43DB-821C-87AED412E516}] => (Allow) E:\steam2\SteamApps\common\Call of Duty Ghosts\iw6sp64_ship.exe FirewallRules: [{F5FE58A0-C6C3-4AF2-AA1E-2E395A5A6167}] => (Allow) E:\steam2\SteamApps\common\Call of Duty Ghosts\iw6sp64_ship.exe FirewallRules: [{4AF21E66-8F6F-4D32-A480-E1FA656C011C}] => (Allow) E:\steam2\SteamApps\common\Call of Duty Ghosts\iw6sp64_ship.exe FirewallRules: [{D1F03316-A905-483B-BF26-16870CDFE443}] => (Allow) E:\steam2\SteamApps\common\Call of Duty Ghosts\iw6mp64_ship.exe FirewallRules: [{E4ACA84E-789E-4F60-AB3A-5ED51046D42A}] => (Allow) E:\steam2\SteamApps\common\Call of Duty Ghosts\iw6mp64_ship.exe FirewallRules: [{AF59FD2C-F730-4BD6-A1F7-2456DA99E22C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{1B70DBD6-D47C-496D-8A96-4E386A2C75DD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{AAA7612E-E788-493B-9F1C-FCD1E20C4987}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{4225C9B2-022D-4AB2-9F93-33B3D6CEF14C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{7A3FAEF7-7A10-4693-82C9-6202C2354531}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe FirewallRules: [{77516DAC-B598-4B92-ACDE-FED71BABA634}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe FirewallRules: [{DEAC8DF2-7171-4C91-A077-FAE2FDF16D50}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe FirewallRules: [{FAE1A024-0D5C-4EA0-BF28-0D2FAE74074D}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe FirewallRules: [{A39EBC06-4742-400A-9B2E-8ABBC0AAAED7}] => (Allow) E:\steam2\SteamApps\common\Command and Conquer 3 Tiberium Wars\CNC3.exe FirewallRules: [{CB88DA6D-29EF-45D5-AF9D-11FCA68D0049}] => (Allow) E:\steam2\SteamApps\common\Command and Conquer 3 Tiberium Wars\CNC3.exe FirewallRules: [{8ED1B84A-B8AC-418D-AC99-B1F225D1593C}] => (Allow) E:\steam2\SteamApps\common\Command and Conquer 3 Tiberium Wars\Support\EA Help\Electronic_Arts_Technical_Support.htm FirewallRules: [{DF144665-EB6E-4B4C-A75B-8010F2977BE7}] => (Allow) E:\steam2\SteamApps\common\Command and Conquer 3 Tiberium Wars\Support\EA Help\Electronic_Arts_Technical_Support.htm FirewallRules: [{85797BF0-711A-4B8D-8A95-59D952066DF3}] => (Allow) E:\steam2\steamapps\common\Command and Conquer 3 Tiberium Wars\RetailExe\1.9\cnc3game.dat FirewallRules: [{B25D71BE-B30D-48DE-8184-D4664AD17B00}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [{6EF63AA7-3119-475B-8BF3-FA4BA8220777}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [{985B5725-F014-4110-A65E-B5F6A65016C1}] => (Allow) E:\steam2\SteamApps\common\Supreme Commander Forged Alliance\bin\SupremeCommander.exe FirewallRules: [{F0AEB5BB-C7FF-452F-9E6B-F48A2E5FB0C1}] => (Allow) E:\steam2\SteamApps\common\Supreme Commander Forged Alliance\bin\SupremeCommander.exe FirewallRules: [{79A6DB5C-3FC3-4D17-BC72-3C40C1DA1E09}] => (Allow) C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{AA7330E2-A1E2-4D11-AAD9-F459D5EE11CD}] => (Allow) C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{89D50B79-2546-4231-A747-374206BC60A9}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe FirewallRules: [{CB923FF4-2808-4E68-BF6E-685570C17CC7}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe FirewallRules: [{C87D7DC3-D89E-4FE6-B381-B5FEC79498C8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{3E3ACCBC-E7DC-4178-A895-82265A9A28AB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{613EA18D-EBB0-42EC-83B6-694B0F7640A1}] => (Allow) E:\steam2\SteamApps\common\Planetary Annihilation\PA.exe FirewallRules: [{5F0EF784-68FF-470D-B086-A815A14FE8B3}] => (Allow) E:\steam2\SteamApps\common\Planetary Annihilation\PA.exe FirewallRules: [{45FDFF93-0D0D-4B61-9E41-5CCD368FF4AB}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{2CFBB518-9183-4470-AB19-3DDFA8B04294}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [TCP Query User{C9AD95AE-176E-4BCC-9B56-BC68370CD0AE}C:\users\jonathan\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\jonathan\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [uDP Query User{2641EBBF-2709-4124-AC21-0475F7824D7C}C:\users\jonathan\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\jonathan\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{02DC3CA5-E3ED-430B-9B4C-DFC312AC6063}] => (Allow) C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe FirewallRules: [{CE219332-5AED-4CA7-977C-B12E6DC43CFB}] => (Allow) C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe FirewallRules: [{43F7CD6D-BE9C-42A5-829F-6937F71D41E2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{24840B55-0836-47B9-AAA0-0783C0483859}] => (Allow) LPort=2869 FirewallRules: [{A04EAF54-0771-4B27-AFF9-2B8BDC978D32}] => (Allow) LPort=1900 FirewallRules: [{8AF08295-5172-410B-B349-4796F3610B8E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{96DB532D-9D25-4CAC-B154-311AA12A0309}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B08B40C4-EEE4-45B6-B606-6D273CA8EDBD}] => (Allow) E:\steam2\SteamApps\common\Planetary Annihilation\bin_x64\PA.exe FirewallRules: [{4B02646A-50CF-4DD1-8F80-75A2AB90B5EB}] => (Allow) E:\steam2\SteamApps\common\Planetary Annihilation\bin_x64\PA.exe FirewallRules: [TCP Query User{26F4FFFC-2088-409A-A7D7-2BBC25436D21}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [uDP Query User{6088CD5E-0304-4E12-B02A-39515D367C76}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{C6D119EC-67DC-4734-A45D-7B89748A4CFA}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\7ac49734-541c-48e7-99be-02f41e43e79d\Installer\hpbcsiInstaller.exe FirewallRules: [{0073ACE2-C7E3-4076-B6DE-A729EA904794}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\7ac49734-541c-48e7-99be-02f41e43e79d\Installer\hpbcsiInstaller.exe FirewallRules: [{7DD50AB4-E28B-41A5-B55C-6716196FD6AE}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M277\bin\SendAFax.exe FirewallRules: [{05B72D74-5EA2-4593-8756-9E969C7CD9B1}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M277\bin\FaxPrinterUtility.exe FirewallRules: [{110642D5-F69E-43DA-936A-6026D59A9B96}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M277\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{B0F31133-C98A-4234-A97E-384665790AFD}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M277\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{DE97569F-FFD7-4005-BC5C-2D5A57F10424}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M277\bin\DigitalWizards.exe FirewallRules: [{4D38C9B9-52E2-4E50-8EB9-899675C6D4EF}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M277\bin\FaxApplications.exe FirewallRules: [{7FC241C8-F950-4826-9D43-4AB6B8F69D50}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M277\bin\EWSProxy.exe FirewallRules: [{B61CA8EE-C64C-40B0-B16B-7E31EFFD2E06}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4D0343D4-E298-4319-8786-F920C6DFA9D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{45098CD2-020E-4C0D-A609-8D976AB0A1D2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/20/2015 12:54:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/20/2015 12:53:06 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (12/20/2015 12:53:06 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (12/20/2015 12:52:59 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (12/20/2015 12:52:59 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (12/20/2015 12:34:00 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/20/2015 12:32:21 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (12/20/2015 12:32:21 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (12/20/2015 12:32:14 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (12/20/2015 12:32:13 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (12/20/2015 12:52:26 PM) (Source: volsnap) (EventID: 27) (User: ) Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened. Error: (12/20/2015 12:52:24 PM) (Source: volsnap) (EventID: 27) (User: ) Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened. Error: (12/20/2015 12:51:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.213.247.0 Update Source: %NT AUTHORITY59 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (12/20/2015 12:51:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.213.247.0 Update Source: %NT AUTHORITY59 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (12/20/2015 12:23:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (12/20/2015 12:23:00 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473535. Error: (12/17/2015 12:08:25 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (12/17/2015 12:08:25 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (12/17/2015 11:44:56 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (12/17/2015 11:44:56 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. ==================== Memory info =========================== Processor: Intel® Core i5-3570 CPU @ 3.40GHz Percentage of memory in use: 33% Total physical RAM: 8141.91 MB Available physical RAM: 5416.76 MB Total Virtual: 16282.02 MB Available Virtual: 13425.5 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.45 GB) (Free:36.74 GB) NTFS Drive e: () (Fixed) (Total:1863.01 GB) (Free:1655.41 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: F50D7583) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 53412077) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  4. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:19-12-2015 Ran by Jonathan (administrator) on JONATHAN-PC (20-12-2015 15:20:27) Running from C:\Users\Jonathan\Desktop Loaded Profiles: UpdatusUser & Jonathan (Available Profiles: UpdatusUser & Jonathan) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (APC) C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe (Microsoft Corporation) C:\Windows\System32\Locator.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () C:\Users\Jonathan\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe () C:\Program Files\MagicTune Premium\GammaTray.exe (Dropbox, Inc.) C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (SEC) C:\Program Files\MagicTune Premium\MagicTune.exe (Microsoft Corporation) C:\Windows\splwow64.exe (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor) HKLM\...\Run: [MagicTuneEngine] => C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe [53760 2010-10-29] () HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation) HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation) HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.) HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [739936 2012-11-27] (Sony Corporation) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [statusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330176 2014-08-19] (Hewlett-Packard Company) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\Run: [MoneyAgent] => C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe [200767 2002-07-17] (Microsoft Corporation) HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [3013712 2015-12-14] (Valve Corporation) HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung) HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844168 2013-05-07] (Samsung) HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Jonathan\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] () HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\Run: [Dropbox Update] => C:\Users\Jonathan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.) HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50509440 2015-11-30] (Skype Technologies S.A.) HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\RunOnce: [uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\RunOnce: [uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64" HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\RunOnce: [uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64" HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\RunOnce: [uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64" HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\RunOnce: [uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64" HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\RunOnce: [uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64" HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\RunOnce: [uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64" ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk [2013-03-27] ShortcutTarget: GammaTray.exe.lnk -> C:\Program Files\MagicTune Premium\GammaTray.exe () Startup: C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11] ShortcutTarget: Dropbox.lnk -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk [2015-10-02] ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe (No File) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{37CFC003-3BB9-426D-9F22-56D74527A2DE}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{C661CB05-4066-4DA2-8F45-487BA26F6DF6}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gfe_rd=cr&ei=eq3rVOmIOqaG8QeUy4CIAQ&gws_rd=ssl SearchScopes: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: No Name -> {243B17DE-77C7-46BF-B94B-0B5F309A0E64} -> C:\Program Files (x86)\Microsoft Money\System\mnyside.dll [2002-07-17] (Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\padaw0d4.default FF Homepage: hxxp://www.google.co.uk FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.) FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [2013-11-21] (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-02-10] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-02-10] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2393814480-1901860420-2681352935-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Jonathan\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.) FF Extension: Video DownloadHelper - C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\padaw0d4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-06] Chrome: ======= CHR Profile: C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-21] CHR Extension: (Google Drive) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-22] CHR Extension: (Rapport) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-06-25] CHR Extension: (YouTube) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-21] CHR Extension: (Google Search) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-21] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-22] CHR Extension: (Google Wallet) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-22] CHR Extension: (Gmail) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-21] CHR HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) R2 APCPBEAgent; C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe [34168 2011-02-28] (APC) S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-04-28] (Hewlett-Packard) [File not signed] R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-04-28] (Hewlett-Packard) [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-26] () R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2259224 2015-11-24] (IBM Corp.) R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [14652768 2012-01-05] (Intel Corporation) [File not signed] S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [331264 2011-12-05] (Intel® Corporation) [File not signed] R1 MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [23096 2008-11-04] (Samsung Electronics, Inc. ) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-20] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R1 RapportCerberus_1507079; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507079.sys [961880 2015-12-02] (IBM Corp.) R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [502904 2015-11-24] (IBM Corp.) R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [141304 2015-11-24] (IBM Corp.) R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [396152 2015-11-24] (IBM Corp.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [496408 2015-11-24] (IBM Corp.) S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-11-01] (Realtek Semiconductor Corporation ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [136192 2013-04-03] (MCCI Corporation) S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [18944 2013-04-03] (MCCI Corporation) S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [172032 2013-04-03] (MCCI Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-20 15:20 - 2015-12-20 15:20 - 00024384 _____ C:\Users\Jonathan\Desktop\FRST.txt 2015-12-20 15:00 - 2015-12-20 15:01 - 02370048 _____ (Farbar) C:\Users\Jonathan\Desktop\FRST64.exe 2015-12-20 14:51 - 2015-12-20 14:51 - 00000282 _____ C:\Users\Jonathan\Desktop\Redirector.themobilehub.net Redirect Virus - Malware Removal Help - Malwarebytes Forum.URL 2015-12-20 13:14 - 2015-12-20 13:14 - 00000276 _____ C:\Users\Jonathan\Desktop\How to Remove Redirector.themobilehub.net Redirect Virus Anvisoft KnowledgeBase.URL 2015-12-20 12:43 - 2015-11-11 21:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-12-20 12:43 - 2015-11-11 20:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-12-20 12:43 - 2015-11-11 16:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-12-20 12:43 - 2015-11-11 16:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-12-20 12:43 - 2015-11-11 15:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-12-20 12:43 - 2015-11-11 15:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-12-20 12:43 - 2015-11-11 15:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-12-20 12:43 - 2015-11-11 15:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-12-20 12:43 - 2015-11-11 14:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-12-20 12:43 - 2015-11-10 18:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-12-20 12:43 - 2015-11-10 18:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-12-20 12:43 - 2015-11-10 18:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-12-20 12:43 - 2015-11-10 18:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-12-20 12:43 - 2015-11-10 18:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2015-12-20 12:43 - 2015-11-10 17:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-12-20 12:43 - 2015-11-10 00:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-12-20 12:43 - 2015-11-10 00:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-12-20 12:43 - 2015-11-10 00:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-12-20 12:43 - 2015-11-10 00:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-12-20 12:43 - 2015-11-10 00:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-12-20 12:43 - 2015-11-10 00:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-12-20 12:43 - 2015-11-10 00:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-12-20 12:43 - 2015-11-10 00:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-12-20 12:43 - 2015-11-10 00:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-12-20 12:43 - 2015-11-10 00:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-12-20 12:43 - 2015-11-10 00:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-12-20 12:43 - 2015-11-10 00:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-12-20 12:43 - 2015-11-10 00:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-12-20 12:43 - 2015-11-09 23:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-12-20 12:43 - 2015-11-09 23:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-12-20 12:43 - 2015-11-09 23:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-12-20 12:43 - 2015-11-09 23:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-12-20 12:43 - 2015-11-09 23:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-12-20 12:43 - 2015-11-09 23:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-12-20 12:43 - 2015-11-09 23:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-12-20 12:43 - 2015-11-09 23:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-12-20 12:43 - 2015-11-09 23:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-12-20 12:43 - 2015-11-09 23:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-12-20 12:43 - 2015-11-09 23:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-12-20 12:43 - 2015-11-08 22:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-12-20 12:43 - 2015-11-08 22:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-12-20 12:43 - 2015-11-08 22:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-12-20 12:43 - 2015-11-08 22:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-12-20 12:43 - 2015-11-08 22:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-12-20 12:43 - 2015-11-08 22:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-12-20 12:43 - 2015-11-08 22:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-12-20 12:43 - 2015-11-08 22:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-12-20 12:43 - 2015-11-08 22:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-12-20 12:43 - 2015-11-08 22:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-12-20 12:43 - 2015-11-08 22:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-12-20 12:43 - 2015-11-08 22:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-12-20 12:43 - 2015-11-08 22:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-12-20 12:43 - 2015-11-08 22:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-12-20 12:43 - 2015-11-08 22:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-12-20 12:43 - 2015-11-08 22:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-12-20 12:43 - 2015-11-08 21:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-12-20 12:43 - 2015-11-08 21:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-12-20 12:43 - 2015-11-08 21:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-12-20 12:43 - 2015-11-08 21:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-12-20 12:43 - 2015-11-08 21:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-12-20 12:43 - 2015-11-08 21:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-12-20 12:43 - 2015-11-08 21:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-12-20 12:43 - 2015-11-08 21:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-12-20 12:43 - 2015-11-08 21:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-12-20 12:43 - 2015-11-08 21:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-12-20 12:43 - 2015-11-08 21:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-12-20 12:43 - 2015-11-08 21:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-12-20 12:43 - 2015-11-08 20:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-12-20 12:43 - 2015-11-08 20:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-12-20 12:43 - 2015-11-08 20:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-12-20 12:43 - 2015-11-05 19:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll 2015-12-20 12:43 - 2015-11-05 19:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll 2015-12-20 12:43 - 2015-11-05 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-12-20 12:43 - 2015-11-05 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2015-12-20 12:43 - 2015-11-05 09:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2015-12-20 12:43 - 2015-11-03 19:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2015-12-20 12:43 - 2015-11-03 18:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2015-12-20 12:42 - 2015-11-20 18:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-12-20 12:42 - 2015-11-20 18:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-12-20 12:42 - 2015-11-20 18:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-12-20 12:42 - 2015-11-20 18:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-12-20 12:42 - 2015-11-20 18:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-12-20 12:42 - 2015-11-20 18:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-12-20 12:42 - 2015-11-20 18:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-12-20 12:42 - 2015-11-20 18:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-12-20 12:42 - 2015-11-20 18:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-12-20 12:42 - 2015-11-20 18:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-12-20 12:42 - 2015-11-20 18:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-12-20 12:42 - 2015-11-20 18:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-12-20 12:42 - 2015-11-20 18:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-12-20 12:42 - 2015-11-20 18:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-12-20 12:42 - 2015-11-20 18:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-12-20 12:42 - 2015-11-20 18:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-12-20 12:42 - 2015-11-11 18:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2015-12-20 12:42 - 2015-11-11 18:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2015-12-20 12:42 - 2015-11-11 18:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2015-12-20 12:42 - 2015-11-11 18:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll 2015-12-20 12:41 - 2015-11-03 19:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll 2015-12-20 12:41 - 2015-11-03 18:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll 2015-12-19 20:38 - 2015-12-19 20:38 - 00000049 _____ C:\Users\Jonathan\Desktop\New Text Document (4).txt 2015-12-19 19:47 - 2015-12-19 19:47 - 00000270 _____ C:\Users\Jonathan\Desktop\Sex site on my computer has appeared - Am I infected What do I do.URL 2015-12-19 11:06 - 2015-12-19 13:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-18 15:39 - 2015-12-18 15:39 - 00000284 _____ C:\Users\Jonathan\Desktop\Find answers from universal_fashion.URL 2015-12-16 16:56 - 2015-12-16 16:56 - 00000248 _____ C:\Users\Jonathan\Desktop\Star Wars The Force Awakens Tickets Film Trailer Preview Release Date.URL 2015-12-14 14:50 - 2015-12-14 14:51 - 00000350 _____ C:\Users\Jonathan\Desktop\power.txt 2015-12-11 13:17 - 2015-12-11 13:17 - 00000000 ____D C:\Users\Jonathan\Desktop\alert message 2015-12-11 13:12 - 2015-12-11 13:12 - 00000065 _____ C:\Users\Jonathan\Desktop\New Text Document (3).txt 2015-12-11 12:30 - 2015-12-11 12:30 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-12-07 12:25 - 2015-12-07 12:25 - 00000254 _____ C:\Users\Jonathan\Desktop\eBay.URL 2015-12-05 16:28 - 2015-12-05 16:28 - 18270432 _____ C:\Users\Jonathan\Desktop\EOS_600D_Instruction_Manual_EN.pdf 2015-12-05 16:06 - 2015-12-05 16:09 - 00000000 ____D C:\Users\Jonathan\Desktop\rotate pics 2015-12-03 16:49 - 2015-12-03 16:57 - 00000000 ____D C:\Users\Jonathan\Desktop\models 2015-12-02 18:25 - 2015-12-02 18:25 - 00000256 _____ C:\Users\Jonathan\Desktop\JD0002254308634322 Yodel.URL 2015-12-02 15:51 - 2015-12-02 15:52 - 00000016 _____ C:\Users\Jonathan\Desktop\sports.txt 2015-12-01 21:07 - 2015-12-01 21:10 - 00000310 _____ C:\Users\Jonathan\Desktop\AdWords Express.URL 2015-12-01 19:27 - 2015-12-01 19:27 - 00000267 _____ C:\Users\Jonathan\Desktop\How to rehome - Adopting a rescued animal - Rehoming & Adoption.URL 2015-12-01 19:15 - 2015-12-01 19:15 - 00000072 _____ C:\Users\Jonathan\Desktop\cat.txt 2015-12-01 14:20 - 2015-12-01 14:20 - 01886274 _____ (Anny Studio (www.annystudio.com) ) C:\Users\Jonathan\Downloads\jpegr_setup.exe 2015-12-01 13:32 - 2015-12-01 13:32 - 07194192 _____ (ObviousIdea ) C:\Users\Jonathan\Downloads\light_image_resizer4_setup.exe 2015-12-01 13:20 - 2015-12-01 13:20 - 32961680 _____ (Bits&Coffee) C:\Users\Jonathan\Downloads\batchphoto.exe 2015-12-01 12:56 - 2015-12-01 12:56 - 10187720 _____ (TSR Software ) C:\Users\Jonathan\Downloads\WatermarkImageSetup.exe 2015-12-01 12:54 - 2015-12-01 12:54 - 09149240 _____ C:\Users\Jonathan\Downloads\uMark.zip 2015-12-01 12:38 - 2015-12-01 12:39 - 09535797 _____ C:\Users\Jonathan\Downloads\TotalWatermarkPro.zip 2015-12-01 12:09 - 2015-12-01 12:09 - 14911412 _____ (High Motion Software ) C:\Users\Jonathan\Downloads\setup-imbatch-latest.exe 2015-11-30 16:03 - 2015-11-30 16:03 - 00000349 _____ C:\Users\Jonathan\Desktop\LOG IN.URL 2015-11-30 16:01 - 2015-11-30 16:01 - 00000215 _____ C:\Users\Jonathan\Desktop\Office 365.URL 2015-11-29 17:49 - 2015-12-01 20:44 - 00001456 _____ C:\Users\Jonathan\Desktop\business idea.txt 2015-11-24 20:45 - 2015-11-24 20:45 - 00000259 _____ C:\Users\Jonathan\Desktop\World War Three could be just 30 SECONDS away as Turkey shoots down Russian fighter jet - Mirror Online.URL 2015-11-24 15:58 - 2015-11-21 18:08 - 00000027 _____ C:\Users\Jonathan\Desktop\KB3035583.txt 2015-11-21 15:21 - 2015-11-21 15:21 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-11-21 14:28 - 2015-11-18 14:53 - 00000332 _____ C:\Users\Jonathan\Desktop\Gods of Egypt trailer reveals Gerard Butler and Nikolaj Coster-Waldau Daily Mail Online.URL ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-20 15:20 - 2014-10-20 11:31 - 00000000 ____D C:\FRST 2015-12-20 15:12 - 2009-07-14 05:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-20 15:12 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf 2015-12-20 15:09 - 2014-05-23 18:17 - 00000000 ____D C:\Users\Jonathan\Documents\Reflect 2015-12-20 15:09 - 2013-03-27 13:47 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\Skype 2015-12-20 15:08 - 2014-02-05 18:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-20 15:05 - 2013-03-27 17:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-20 14:28 - 2015-06-16 08:18 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2393814480-1901860420-2681352935-1002UA.job 2015-12-20 14:28 - 2014-09-26 15:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-20 12:58 - 2009-07-14 04:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-20 12:58 - 2009-07-14 04:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-20 12:54 - 2013-03-28 10:01 - 08425472 _____ C:\Users\Jonathan\Documents\My Money.mny 2015-12-20 12:53 - 2014-04-29 18:04 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\Dropbox 2015-12-20 12:53 - 2014-02-05 18:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-20 12:52 - 2013-04-09 10:36 - 00000000 ____D C:\Program Files (x86)\Steam 2015-12-20 12:52 - 2013-03-25 07:25 - 00000000 ____D C:\ProgramData\NVIDIA 2015-12-20 12:52 - 2012-10-09 18:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-12-20 12:52 - 2012-10-09 18:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-12-20 12:52 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-20 12:52 - 2009-07-14 04:45 - 00346616 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-20 12:51 - 2013-03-27 15:24 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-12-20 12:50 - 2012-10-09 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-20 12:49 - 2013-08-15 19:30 - 00000000 ____D C:\Windows\system32\MRT 2015-12-20 12:45 - 2012-10-09 12:17 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-12-20 12:23 - 2013-03-25 07:25 - 00000000 ____D C:\Users\UpdatusUser 2015-12-20 12:22 - 2013-03-27 12:57 - 00000000 ____D C:\Users\Jonathan 2015-12-19 19:33 - 2013-03-27 15:39 - 00000000 ____D C:\Users\Jonathan\Desktop\dece2012 2015-12-19 13:35 - 2013-10-26 17:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-12-14 12:15 - 2013-03-27 14:12 - 00000000 ____D C:\ProgramData\CanonIJPLM 2015-12-12 10:28 - 2015-06-16 08:18 - 00000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2393814480-1901860420-2681352935-1002Core.job 2015-12-09 13:05 - 2013-03-27 17:14 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-12-09 13:05 - 2013-03-27 17:14 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-09 13:05 - 2013-03-27 17:14 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-12-09 03:39 - 2010-11-21 03:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-12-05 12:03 - 2014-02-05 18:25 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-05 12:03 - 2014-02-05 18:25 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-05 11:40 - 2013-04-14 09:35 - 00000000 ____D C:\Users\Jonathan\dwhelper 2015-12-05 11:37 - 2013-03-27 13:47 - 00000000 ____D C:\ProgramData\Skype 2015-12-02 15:31 - 2014-09-26 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection 2015-12-01 19:04 - 2015-05-02 11:30 - 00297984 ___SH C:\Users\Jonathan\Desktop\Thumbs.db 2015-11-27 18:16 - 2015-11-03 14:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-24 16:27 - 2015-06-10 13:31 - 00141304 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys 2015-11-24 16:27 - 2014-09-26 22:12 - 00396152 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys 2015-11-21 15:21 - 2014-09-26 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-11-21 15:21 - 2014-09-26 15:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-11-21 14:31 - 2014-06-07 13:49 - 00061972 _____ C:\Windows\Macrium Reflect Patch Log.txt ==================== Files in the root of some directories ======= 2013-12-19 17:56 - 2014-01-28 09:56 - 0000119 _____ () C:\Users\Jonathan\AppData\Roaming\WB.CFG 2013-12-11 17:33 - 2015-07-25 19:00 - 0005120 _____ () C:\Users\Jonathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-10-25 18:30 - 2013-10-25 18:30 - 0007600 _____ () C:\Users\Jonathan\AppData\Local\Resmon.ResmonCfg Files to move or delete: ==================== C:\Users\Jonathan\en_res.dll C:\Users\Jonathan\es_res.dll C:\Users\Jonathan\fr_res.dll C:\Users\Jonathan\grm_res.dll C:\Users\Jonathan\it_res.dll C:\Users\Jonathan\jp_res.dll C:\Users\Jonathan\mfc80u.dll C:\Users\Jonathan\msvcr80.dll C:\Users\Jonathan\PCPE Setup.exe C:\Users\Jonathan\pt_res.dll C:\Users\Jonathan\ResourceReader.dll C:\Users\Jonathan\ru_res.dll C:\Users\Jonathan\zh_res.dll Some files in TEMP: ==================== C:\Users\Jonathan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwcbsec.dll C:\Users\Jonathan\AppData\Local\Temp\reflectPatch.exe C:\Users\Jonathan\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-12-10 18:08 ==================== End of FRST.txt ============================
  5. Hi My computer is running windows 7. I went away from my computer and when I came back this was on my desktop: Screen shots from firefox below created using the print screen button on my keyboard & uploaded to flickr photo sharing website: https://flic.kr/p/BTASow Flickr screen shot of firefox history ( I did not go to any of these links, the last webpage I visited was yahoo mail): https://flic.kr/p/BMdR2H More info about: redirector-themobilehub-net-redirect-virus http://www.anvisoft....redirect-virus/ I don't want to run a removal virus program that I don't trust. (any comments about the above site?) The Malwarebytes software on my PC didn't detect anything. thanks for the help so far. Jonathan Attached Images
  6. Hi My computer is running windows 7. I went away from my computer and when I came back this was on my desktop: Screen shots from firefox below created using the print screen button on my keyboard & uploaded to flickr photo sharing website: https://flic.kr/p/BTASow Flickr screen shot of firefox history ( I did not go to any of these links, the last webpage I visited was yahoo mail): https://flic.kr/p/BMdR2H More info about: redirector-themobilehub-net-redirect-virus http://www.anvisoft.com/resources/how-to-remove-redirector-themobilehub-net-redirect-virus/ I don't want to run a removal virus program that I don't trust. (any comments about the above site?) The Malwarebytes software on my PC didn't detect anything. thanks for the help so far. Jonathan
  7. I was not browsing any web sites at the time, I had just completed a backup image using macrium reflect.
  8. Hi Why has this certificate from akamai.net appeared on my computer, never had anything like this happen before? thanks Jonathan
  9. Hi Some days ago I was informed I was sending out email messages with odd links. My PC has a virus or malware this message just appeared: I was running a backup on macrium reflect at the time. What should I do, I have malwarebytes installed but scans have not picked up anything unusual
  10. Hi Is everything ok then? "I have just checked both URLs and the common IP and all are okay from here." thx Jonathan
  11. I was just using the photobucket.com website. The following website was also blocked by malwarebytes. Detection, 27/03/2015 10:34:16, SYSTEM, JONATHAN-PC, Protection, Malicious Website Protection, IP, 90.84.136.185, edge.sharethis.com, 49818, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
  12. Hi Malwarebytes updated itself a few days ago. Today this popup message appeared: Can any one here tell me should malwarebytes be blocking download.windowsupdate.com ?? thanks Jonathan
  13. Hi img.zalinco.com website blocked by malwarebytes. IP: 194.109.218.134 Is this a malicious website? thanks Jonathan
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.