Jump to content

Redirector.themobilehub.net Redirect Virus


jonbam

Recommended Posts

Hi

 

My computer is running windows 7.

 

I went away from my computer and  when I came back this was on my desktop:

 

Screen shots from firefox below created using the print screen button on my keyboard & uploaded to flickr photo sharing website:

 

https://flic.kr/p/BTASow

 

 

Flickr screen shot of firefox history ( I did not go to any of these links, the last webpage I visited was yahoo mail):

https://flic.kr/p/BMdR2H

 

 

 

More info about: redirector-themobilehub-net-redirect-virus

http://www.anvisoft....redirect-virus/

 

I don't want to run a removal virus program that I don't trust. (any comments about the above site?)

 

 

 

The Malwarebytes software on my PC didn't detect anything.

 

thanks for the help so far.

 

Jonathan

Attached Images
  • post-163914-0-67288400-1450622560.jpg

 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:19-12-2015
Ran by Jonathan (administrator) on JONATHAN-PC (20-12-2015 15:20:27)
Running from C:\Users\Jonathan\Desktop
Loaded Profiles: UpdatusUser & Jonathan (Available Profiles: UpdatusUser & Jonathan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(APC) C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
() C:\Users\Jonathan\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
() C:\Program Files\MagicTune Premium\GammaTray.exe
(Dropbox, Inc.) C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(SEC) C:\Program Files\MagicTune Premium\MagicTune.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [MagicTuneEngine] => C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe [53760 2010-10-29] ()
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [739936 2012-11-27] (Sony Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [statusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330176 2014-08-19] (Hewlett-Packard Company)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\Run: [MoneyAgent] => C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe [200767 2002-07-17] (Microsoft Corporation)
HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)
HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844168 2013-05-07] (Samsung)
HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Jonathan\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\Run: [Dropbox Update] => C:\Users\Jonathan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50509440 2015-11-30] (Skype Technologies S.A.)
HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\RunOnce: [uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\RunOnce: [uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64"
HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\RunOnce: [uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\RunOnce: [uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\RunOnce: [uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\RunOnce: [uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\RunOnce: [uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64"
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk [2013-03-27]
ShortcutTarget: GammaTray.exe.lnk -> C:\Program Files\MagicTune Premium\GammaTray.exe ()
Startup: C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk [2015-10-02]
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{37CFC003-3BB9-426D-9F22-56D74527A2DE}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{C661CB05-4066-4DA2-8F45-487BA26F6DF6}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gfe_rd=cr&ei=eq3rVOmIOqaG8QeUy4CIAQ&gws_rd=ssl
SearchScopes: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {243B17DE-77C7-46BF-B94B-0B5F309A0E64} -> C:\Program Files (x86)\Microsoft Money\System\mnyside.dll [2002-07-17] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\padaw0d4.default
FF Homepage: hxxp://www.google.co.uk
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [2013-11-21] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2393814480-1901860420-2681352935-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Jonathan\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF Extension: Video DownloadHelper - C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\padaw0d4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-06]

Chrome:
=======
CHR Profile: C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-21]
CHR Extension: (Google Drive) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-22]
CHR Extension: (Rapport) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-06-25]
CHR Extension: (YouTube) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-21]
CHR Extension: (Google Search) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-22]
CHR Extension: (Google Wallet) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-22]
CHR Extension: (Gmail) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-21]
CHR HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 APCPBEAgent; C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe [34168 2011-02-28] (APC)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-04-28] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-04-28] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-26] ()
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2259224 2015-11-24] (IBM Corp.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [14652768 2012-01-05] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [331264 2011-12-05] (Intel® Corporation) [File not signed]
R1 MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [23096 2008-11-04] (Samsung Electronics, Inc. )
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-20] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R1 RapportCerberus_1507079; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507079.sys [961880 2015-12-02] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [502904 2015-11-24] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [141304 2015-11-24] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [396152 2015-11-24] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [496408 2015-11-24] (IBM Corp.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-11-01] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [136192 2013-04-03] (MCCI Corporation)
S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [18944 2013-04-03] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [172032 2013-04-03] (MCCI Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-20 15:20 - 2015-12-20 15:20 - 00024384 _____ C:\Users\Jonathan\Desktop\FRST.txt
2015-12-20 15:00 - 2015-12-20 15:01 - 02370048 _____ (Farbar) C:\Users\Jonathan\Desktop\FRST64.exe
2015-12-20 14:51 - 2015-12-20 14:51 - 00000282 _____ C:\Users\Jonathan\Desktop\Redirector.themobilehub.net Redirect Virus - Malware Removal Help - Malwarebytes Forum.URL
2015-12-20 13:14 - 2015-12-20 13:14 - 00000276 _____ C:\Users\Jonathan\Desktop\How to Remove Redirector.themobilehub.net Redirect Virus Anvisoft KnowledgeBase.URL
2015-12-20 12:43 - 2015-11-11 21:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-20 12:43 - 2015-11-11 20:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-20 12:43 - 2015-11-11 16:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-20 12:43 - 2015-11-11 16:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-20 12:43 - 2015-11-11 15:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-20 12:43 - 2015-11-11 15:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-20 12:43 - 2015-11-11 15:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-20 12:43 - 2015-11-11 15:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-20 12:43 - 2015-11-11 14:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-20 12:43 - 2015-11-10 18:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-20 12:43 - 2015-11-10 18:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-20 12:43 - 2015-11-10 18:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-20 12:43 - 2015-11-10 18:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-20 12:43 - 2015-11-10 18:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-20 12:43 - 2015-11-10 17:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-20 12:43 - 2015-11-10 00:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-20 12:43 - 2015-11-10 00:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-20 12:43 - 2015-11-10 00:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-20 12:43 - 2015-11-10 00:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-20 12:43 - 2015-11-10 00:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-20 12:43 - 2015-11-10 00:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-20 12:43 - 2015-11-10 00:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-20 12:43 - 2015-11-10 00:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-20 12:43 - 2015-11-10 00:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-20 12:43 - 2015-11-10 00:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-20 12:43 - 2015-11-10 00:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-20 12:43 - 2015-11-10 00:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-20 12:43 - 2015-11-10 00:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-20 12:43 - 2015-11-09 23:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-20 12:43 - 2015-11-09 23:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-20 12:43 - 2015-11-09 23:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-20 12:43 - 2015-11-09 23:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-20 12:43 - 2015-11-09 23:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-20 12:43 - 2015-11-09 23:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-20 12:43 - 2015-11-09 23:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-20 12:43 - 2015-11-09 23:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-20 12:43 - 2015-11-09 23:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-20 12:43 - 2015-11-09 23:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-20 12:43 - 2015-11-09 23:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-20 12:43 - 2015-11-08 22:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-20 12:43 - 2015-11-08 22:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-20 12:43 - 2015-11-08 22:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-20 12:43 - 2015-11-08 22:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-20 12:43 - 2015-11-08 22:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-20 12:43 - 2015-11-08 22:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-20 12:43 - 2015-11-08 22:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-20 12:43 - 2015-11-08 22:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-20 12:43 - 2015-11-08 22:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-20 12:43 - 2015-11-08 22:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-20 12:43 - 2015-11-08 22:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-20 12:43 - 2015-11-08 22:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-20 12:43 - 2015-11-08 22:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-20 12:43 - 2015-11-08 22:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-20 12:43 - 2015-11-08 22:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-20 12:43 - 2015-11-08 22:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-20 12:43 - 2015-11-08 21:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-20 12:43 - 2015-11-08 21:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-20 12:43 - 2015-11-08 21:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-20 12:43 - 2015-11-08 21:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-20 12:43 - 2015-11-08 21:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-20 12:43 - 2015-11-08 21:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-20 12:43 - 2015-11-08 21:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-20 12:43 - 2015-11-08 21:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-20 12:43 - 2015-11-08 21:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-20 12:43 - 2015-11-08 21:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-20 12:43 - 2015-11-08 21:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-20 12:43 - 2015-11-08 21:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-20 12:43 - 2015-11-08 20:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-20 12:43 - 2015-11-08 20:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-20 12:43 - 2015-11-08 20:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-20 12:43 - 2015-11-05 19:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-20 12:43 - 2015-11-05 19:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-20 12:43 - 2015-11-05 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-20 12:43 - 2015-11-05 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-20 12:43 - 2015-11-05 09:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-20 12:43 - 2015-11-03 19:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-20 12:43 - 2015-11-03 18:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-20 12:42 - 2015-11-20 18:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-20 12:42 - 2015-11-20 18:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-20 12:42 - 2015-11-20 18:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-20 12:42 - 2015-11-20 18:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-20 12:42 - 2015-11-20 18:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-20 12:42 - 2015-11-20 18:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-20 12:42 - 2015-11-20 18:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-20 12:42 - 2015-11-20 18:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-20 12:42 - 2015-11-20 18:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-20 12:42 - 2015-11-20 18:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-20 12:42 - 2015-11-20 18:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-20 12:42 - 2015-11-20 18:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-20 12:42 - 2015-11-20 18:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-20 12:42 - 2015-11-20 18:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-20 12:42 - 2015-11-20 18:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-20 12:42 - 2015-11-20 18:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-20 12:42 - 2015-11-11 18:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-20 12:42 - 2015-11-11 18:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-20 12:42 - 2015-11-11 18:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-20 12:42 - 2015-11-11 18:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-20 12:41 - 2015-11-03 19:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-20 12:41 - 2015-11-03 18:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-19 20:38 - 2015-12-19 20:38 - 00000049 _____ C:\Users\Jonathan\Desktop\New Text Document (4).txt
2015-12-19 19:47 - 2015-12-19 19:47 - 00000270 _____ C:\Users\Jonathan\Desktop\Sex site on my computer has appeared - Am I infected What do I do.URL
2015-12-19 11:06 - 2015-12-19 13:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-18 15:39 - 2015-12-18 15:39 - 00000284 _____ C:\Users\Jonathan\Desktop\Find answers from universal_fashion.URL
2015-12-16 16:56 - 2015-12-16 16:56 - 00000248 _____ C:\Users\Jonathan\Desktop\Star Wars The Force Awakens Tickets Film Trailer Preview Release Date.URL
2015-12-14 14:50 - 2015-12-14 14:51 - 00000350 _____ C:\Users\Jonathan\Desktop\power.txt
2015-12-11 13:17 - 2015-12-11 13:17 - 00000000 ____D C:\Users\Jonathan\Desktop\alert message
2015-12-11 13:12 - 2015-12-11 13:12 - 00000065 _____ C:\Users\Jonathan\Desktop\New Text Document (3).txt
2015-12-11 12:30 - 2015-12-11 12:30 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-07 12:25 - 2015-12-07 12:25 - 00000254 _____ C:\Users\Jonathan\Desktop\eBay.URL
2015-12-05 16:28 - 2015-12-05 16:28 - 18270432 _____ C:\Users\Jonathan\Desktop\EOS_600D_Instruction_Manual_EN.pdf
2015-12-05 16:06 - 2015-12-05 16:09 - 00000000 ____D C:\Users\Jonathan\Desktop\rotate pics
2015-12-03 16:49 - 2015-12-03 16:57 - 00000000 ____D C:\Users\Jonathan\Desktop\models
2015-12-02 18:25 - 2015-12-02 18:25 - 00000256 _____ C:\Users\Jonathan\Desktop\JD0002254308634322 Yodel.URL
2015-12-02 15:51 - 2015-12-02 15:52 - 00000016 _____ C:\Users\Jonathan\Desktop\sports.txt
2015-12-01 21:07 - 2015-12-01 21:10 - 00000310 _____ C:\Users\Jonathan\Desktop\AdWords Express.URL
2015-12-01 19:27 - 2015-12-01 19:27 - 00000267 _____ C:\Users\Jonathan\Desktop\How to rehome - Adopting a rescued animal - Rehoming & Adoption.URL
2015-12-01 19:15 - 2015-12-01 19:15 - 00000072 _____ C:\Users\Jonathan\Desktop\cat.txt
2015-12-01 14:20 - 2015-12-01 14:20 - 01886274 _____ (Anny Studio (www.annystudio.com) ) C:\Users\Jonathan\Downloads\jpegr_setup.exe
2015-12-01 13:32 - 2015-12-01 13:32 - 07194192 _____ (ObviousIdea ) C:\Users\Jonathan\Downloads\light_image_resizer4_setup.exe
2015-12-01 13:20 - 2015-12-01 13:20 - 32961680 _____ (Bits&Coffee) C:\Users\Jonathan\Downloads\batchphoto.exe
2015-12-01 12:56 - 2015-12-01 12:56 - 10187720 _____ (TSR Software ) C:\Users\Jonathan\Downloads\WatermarkImageSetup.exe
2015-12-01 12:54 - 2015-12-01 12:54 - 09149240 _____ C:\Users\Jonathan\Downloads\uMark.zip
2015-12-01 12:38 - 2015-12-01 12:39 - 09535797 _____ C:\Users\Jonathan\Downloads\TotalWatermarkPro.zip
2015-12-01 12:09 - 2015-12-01 12:09 - 14911412 _____ (High Motion Software ) C:\Users\Jonathan\Downloads\setup-imbatch-latest.exe
2015-11-30 16:03 - 2015-11-30 16:03 - 00000349 _____ C:\Users\Jonathan\Desktop\LOG IN.URL
2015-11-30 16:01 - 2015-11-30 16:01 - 00000215 _____ C:\Users\Jonathan\Desktop\Office 365.URL
2015-11-29 17:49 - 2015-12-01 20:44 - 00001456 _____ C:\Users\Jonathan\Desktop\business idea.txt
2015-11-24 20:45 - 2015-11-24 20:45 - 00000259 _____ C:\Users\Jonathan\Desktop\World War Three could be just 30 SECONDS away as Turkey shoots down Russian fighter jet - Mirror Online.URL
2015-11-24 15:58 - 2015-11-21 18:08 - 00000027 _____ C:\Users\Jonathan\Desktop\KB3035583.txt
2015-11-21 15:21 - 2015-11-21 15:21 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-21 14:28 - 2015-11-18 14:53 - 00000332 _____ C:\Users\Jonathan\Desktop\Gods of Egypt trailer reveals Gerard Butler and Nikolaj Coster-Waldau Daily Mail Online.URL

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-20 15:20 - 2014-10-20 11:31 - 00000000 ____D C:\FRST
2015-12-20 15:12 - 2009-07-14 05:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-20 15:12 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2015-12-20 15:09 - 2014-05-23 18:17 - 00000000 ____D C:\Users\Jonathan\Documents\Reflect
2015-12-20 15:09 - 2013-03-27 13:47 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\Skype
2015-12-20 15:08 - 2014-02-05 18:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-20 15:05 - 2013-03-27 17:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-20 14:28 - 2015-06-16 08:18 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2393814480-1901860420-2681352935-1002UA.job
2015-12-20 14:28 - 2014-09-26 15:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-20 12:58 - 2009-07-14 04:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-20 12:58 - 2009-07-14 04:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-20 12:54 - 2013-03-28 10:01 - 08425472 _____ C:\Users\Jonathan\Documents\My Money.mny
2015-12-20 12:53 - 2014-04-29 18:04 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\Dropbox
2015-12-20 12:53 - 2014-02-05 18:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-20 12:52 - 2013-04-09 10:36 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-20 12:52 - 2013-03-25 07:25 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-20 12:52 - 2012-10-09 18:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-20 12:52 - 2012-10-09 18:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-20 12:52 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-20 12:52 - 2009-07-14 04:45 - 00346616 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-20 12:51 - 2013-03-27 15:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-20 12:50 - 2012-10-09 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-20 12:49 - 2013-08-15 19:30 - 00000000 ____D C:\Windows\system32\MRT
2015-12-20 12:45 - 2012-10-09 12:17 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-20 12:23 - 2013-03-25 07:25 - 00000000 ____D C:\Users\UpdatusUser
2015-12-20 12:22 - 2013-03-27 12:57 - 00000000 ____D C:\Users\Jonathan
2015-12-19 19:33 - 2013-03-27 15:39 - 00000000 ____D C:\Users\Jonathan\Desktop\dece2012
2015-12-19 13:35 - 2013-10-26 17:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-14 12:15 - 2013-03-27 14:12 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-12-12 10:28 - 2015-06-16 08:18 - 00000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2393814480-1901860420-2681352935-1002Core.job
2015-12-09 13:05 - 2013-03-27 17:14 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-09 13:05 - 2013-03-27 17:14 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-09 13:05 - 2013-03-27 17:14 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-09 03:39 - 2010-11-21 03:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-05 12:03 - 2014-02-05 18:25 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-05 12:03 - 2014-02-05 18:25 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-05 11:40 - 2013-04-14 09:35 - 00000000 ____D C:\Users\Jonathan\dwhelper
2015-12-05 11:37 - 2013-03-27 13:47 - 00000000 ____D C:\ProgramData\Skype
2015-12-02 15:31 - 2014-09-26 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-12-01 19:04 - 2015-05-02 11:30 - 00297984 ___SH C:\Users\Jonathan\Desktop\Thumbs.db
2015-11-27 18:16 - 2015-11-03 14:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-24 16:27 - 2015-06-10 13:31 - 00141304 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2015-11-24 16:27 - 2014-09-26 22:12 - 00396152 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2015-11-21 15:21 - 2014-09-26 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-21 15:21 - 2014-09-26 15:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-21 14:31 - 2014-06-07 13:49 - 00061972 _____ C:\Windows\Macrium Reflect Patch Log.txt

==================== Files in the root of some directories =======

2013-12-19 17:56 - 2014-01-28 09:56 - 0000119 _____ () C:\Users\Jonathan\AppData\Roaming\WB.CFG
2013-12-11 17:33 - 2015-07-25 19:00 - 0005120 _____ () C:\Users\Jonathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-25 18:30 - 2013-10-25 18:30 - 0007600 _____ () C:\Users\Jonathan\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\Jonathan\en_res.dll
C:\Users\Jonathan\es_res.dll
C:\Users\Jonathan\fr_res.dll
C:\Users\Jonathan\grm_res.dll
C:\Users\Jonathan\it_res.dll
C:\Users\Jonathan\jp_res.dll
C:\Users\Jonathan\mfc80u.dll
C:\Users\Jonathan\msvcr80.dll
C:\Users\Jonathan\PCPE Setup.exe
C:\Users\Jonathan\pt_res.dll
C:\Users\Jonathan\ResourceReader.dll
C:\Users\Jonathan\ru_res.dll
C:\Users\Jonathan\zh_res.dll


Some files in TEMP:
====================
C:\Users\Jonathan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwcbsec.dll
C:\Users\Jonathan\AppData\Local\Temp\reflectPatch.exe
C:\Users\Jonathan\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-10 18:08

==================== End of FRST.txt ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version:19-12-2015
Ran by Jonathan (2015-12-20 15:20:48)
Running from C:\Users\Jonathan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-03-27 12:57:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2393814480-1901860420-2681352935-500 - Administrator - Disabled)
Guest (S-1-5-21-2393814480-1901860420-2681352935-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2393814480-1901860420-2681352935-1004 - Limited - Enabled)
Jonathan (S-1-5-21-2393814480-1901860420-2681352935-1002 - Administrator - Enabled) => C:\Users\Jonathan
UpdatusUser (S-1-5-21-2393814480-1901860420-2681352935-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 17.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - )
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.0.0.1 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version:  - )
Call of Duty: Ghosts (HKLM-x32\...\Steam App 209160) (Version:  - Infinity Ward)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro (HKLM-x32\...\Easy-PhotoPrint Pro) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG6200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series) (Version:  - )
Canon MG6200 series On-screen Manual (HKLM-x32\...\Canon MG6200 series On-screen Manual) (Version:  - )
Canon MG6200 series User Registration (HKLM-x32\...\Canon MG6200 series User Registration) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Command and Conquer 3: Tiberium Wars (HKLM-x32\...\Steam App 24790) (Version:  - EA Los Angeles)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
eSupport UndeletePlus 3.0.4.513 (HKLM-x32\...\eSupport UndeletePlus_is1) (Version:  - Copyright © 2011 eSupport.com • All Rights Reserved)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP Color LaserJet Pro MFP M277 (HKLM-x32\...\{7ac49734-541c-48e7-99be-02f41e43e79d}) (Version: 14.0.14309.409 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{A772EA32-AE5B-4474-BFC0-4C69C04AFF6A}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPCLJProM277 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 3.0.26.32 - HP) Hidden
HPLJUTCore (x32 Version: 014.000.0001 - HP) Hidden
HPLJUTM277 (x32 Version: 014.000.0001 - HP) Hidden
hppLaserJetService (x32 Version: 009.033.00926 - Hewlett-Packard) Hidden
hppM277LaserJetService (x32 Version: 001.034.00686 - Hewlett-Packard) Hidden
HPScanPlugin (HKLM-x32\...\{0D118BA9-4706-49DE-8E2F-1A12317EDBF6}) (Version: 28.11.0.0 - Hewlett-Packard Co.)
hpStatusAlerts (x32 Version: 140.040.00231 - Hewlett Packard) Hidden
hpStatusAlertsM277 (x32 Version: 140.046.00129 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{F20A04CF-5BE6-404A-9295-D59046238245}) (Version: 12.3.6.6 - HP)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
LJDXPHelperUI (x32 Version: 140.069.007 - HP) Hidden
Macrium Reflect Home Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Home Edition (Version: 6.1.871 - Paramount Software (UK) Ltd.) Hidden
MagicTunePremium (HKLM-x32\...\{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}) (Version: 4.0.07 - Samsung Electronics Ltd.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Money (HKLM-x32\...\{01A2E33A-8ADA-42D1-9173-8F65149E952F}) (Version: 11.0.100 - Microsoft)
Microsoft Money System Pack (HKLM-x32\...\{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}) (Version: 11.0.120 - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\MyFreeCodec) (Version:  - )
NVIDIA 3D Vision Controller Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.07 - NVIDIA Corporation)
NVIDIA Graphics Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.07 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.6.4639 - Electronic Arts, Inc.)
Paint Shop Pro 7 Anniversary Edition (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version:  - Uber Entertainment)
PlayMemories Home (HKLM-x32\...\{1E5C7043-09C5-4974-A69F-A5271FD82BBC}) (Version: 7.0.00.11271 - Sony Corporation)
PowerChute Business Edition Agent (HKLM-x32\...\{BCE9F441-9027-4911-82E0-5FB28057897D}) (Version: 9.0.1.608 - American Power Conversion)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Rapport (x32 Version: 3.5.1507.99 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.103 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
Supreme Commander: Forged Alliance (HKLM-x32\...\Steam App 9420) (Version:  - Gas Powered Games)
TP-LINK 300Mbps Wireless USB Adapter Driver (HKLM-x32\...\{67A2AE56-F0CA-48AB-B511-F142C612BDF6}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.99 - Trusteer)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll => No File
CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
CustomCLSID: HKU\S-1-5-21-2393814480-1901860420-2681352935-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File

==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EFAA443-DD9B-4401-9746-A3AA582D8DB0} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2393814480-1901860420-2681352935-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {14FF0BB7-173F-4581-921A-79A7A697D938} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2393814480-1901860420-2681352935-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {4AE39DD9-21DB-4461-ACBF-63EB96C83FE8} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2393814480-1901860420-2681352935-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {53329619-2F2F-476B-97E9-AC7FC33EFAFE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2393814480-1901860420-2681352935-1002UA => C:\Users\Jonathan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {5C7F54FB-F225-4112-8E55-0B552A3B320A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2393814480-1901860420-2681352935-1002Core => C:\Users\Jonathan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {5C9802AC-CC3F-4459-8C2E-26072D868BC9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {70100AB3-F4CC-4B11-A285-48C73A3231D8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)
Task: {728DA556-CF36-48EF-9751-9D4EE547C647} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {894B2348-5AE7-4E6E-AF10-8E0F3EDB9689} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2393814480-1901860420-2681352935-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {8F2E7692-DAB2-4FEA-BDB4-D06A53AE8C8A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)
Task: {BFB19088-F8CB-4C4C-B4BC-4BD5BBD9DB88} - System32\Tasks\{E8E50606-BC56-461E-966B-7DF8E6B7D9BA} => pcalua.exe -a C:\Users\Jonathan\Downloads\wlsetup-web.exe -d C:\Users\Jonathan\Downloads
Task: {C73514CF-B2F3-482D-A43B-0DB2AA281C69} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {D5B0F1C1-CEF0-4107-BC5D-FFEC870D6B71} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2014-10-19] (Hewlett Packard)
Task: {FBB51D4E-8E66-43A0-9C7E-3167DCA98A4F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2393814480-1901860420-2681352935-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2393814480-1901860420-2681352935-1002Core.job => C:\Users\Jonathan\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2393814480-1901860420-2681352935-1002UA.job => C:\Users\Jonathan\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-03-27 14:12 - 2011-02-07 07:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-12-26 11:24 - 2013-12-26 11:24 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-03-25 07:25 - 2013-02-10 01:04 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-05-22 19:04 - 2013-05-22 19:04 - 00400704 _____ () C:\Users\Jonathan\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2013-03-27 13:40 - 2009-10-05 13:06 - 00036864 _____ () C:\Program Files\MagicTune Premium\GammaTray.exe
2013-03-27 13:40 - 2010-10-29 11:27 - 00067584 _____ () C:\Program Files\MagicTune Premium\VESADll.dll
2013-03-27 13:40 - 2010-10-29 11:27 - 00068096 _____ () C:\Program Files\MagicTune Premium\IPROFILE.dll
2013-03-27 13:40 - 2010-10-29 11:27 - 00056832 _____ () C:\Program Files\MagicTune Premium\DPROFILE.dll
2013-03-27 13:40 - 2010-10-29 11:27 - 00058880 _____ () C:\Program Files\MagicTune Premium\EPROFILE.dll
2013-03-27 13:40 - 2010-10-29 11:27 - 00050176 _____ () C:\Program Files\MagicTune Premium\DEVICEINTERFACE.dll
2013-03-27 13:40 - 2010-10-29 11:27 - 00023552 _____ () C:\Program Files\MagicTune Premium\Highlight.dll
2013-03-27 13:40 - 2010-10-29 11:29 - 00026624 _____ () C:\Program Files\MagicTune Premium\HzZone.dll
2013-03-27 13:40 - 2010-10-29 11:29 - 00052736 _____ () C:\Program Files\MagicTune Premium\MTResEng.dll
2014-12-18 10:32 - 2005-01-05 17:13 - 00027648 _____ () C:\Program Files (x86)\APC\PowerChute Business Edition\agent\lib\win32\win32com.dll
2014-12-18 10:32 - 2011-02-28 13:18 - 00032768 _____ () C:\Program Files (x86)\APC\PowerChute Business Edition\agent\lib\win32\ApcUsb_ul.dll
2013-03-25 13:23 - 2015-11-10 19:55 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 10:02 - 2015-07-03 16:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-20 10:02 - 2015-07-03 16:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 10:02 - 2015-07-03 16:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-22 13:42 - 2015-12-14 20:01 - 02547280 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 08:49 - 2015-09-24 00:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 08:49 - 2015-09-24 00:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 08:49 - 2015-09-24 00:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 08:49 - 2015-09-24 00:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 08:49 - 2015-09-24 00:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-08-15 19:40 - 2015-12-14 20:01 - 00804432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-22 07:59 - 2015-11-03 22:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-12-11 12:30 - 2015-10-31 00:59 - 00034768 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-11 12:30 - 2015-10-31 01:00 - 00019408 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00022848 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00023352 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00042296 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-11 12:30 - 2015-10-31 00:59 - 00116688 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-11 12:30 - 2015-10-31 00:59 - 00093640 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-11 12:30 - 2015-10-31 00:59 - 00018376 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00019760 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-11 12:30 - 2015-10-31 01:00 - 00105928 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-11 12:30 - 2015-10-31 00:59 - 00392144 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-11 12:30 - 2015-12-08 21:36 - 00381752 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-11 12:30 - 2015-10-31 00:59 - 00692688 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00020816 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 12:30 - 2015-10-31 01:00 - 00109520 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 01737032 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00020808 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00020800 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00021840 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00038696 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-11 12:30 - 2015-10-31 01:00 - 00024528 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-11 12:30 - 2015-10-31 01:00 - 00020936 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-11 12:30 - 2015-10-31 01:00 - 00114640 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00021320 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-11 12:30 - 2015-10-31 01:00 - 00124880 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-11 12:30 - 2015-10-31 01:00 - 00030160 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-11 12:30 - 2015-10-31 01:00 - 00043472 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-11 12:30 - 2015-10-31 01:00 - 00175560 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-11 12:30 - 2015-10-31 01:00 - 00028616 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-11 12:30 - 2015-10-31 01:00 - 00024016 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-11 12:30 - 2015-10-31 01:00 - 00048592 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00024392 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-11 12:30 - 2015-10-31 01:00 - 00036296 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-11 12:30 - 2015-10-31 01:00 - 00024016 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00117056 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00023376 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 12:30 - 2015-10-31 00:59 - 00134608 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-11 12:30 - 2015-10-31 00:59 - 00134088 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-11 12:30 - 2015-10-31 01:00 - 00240584 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00020280 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00052024 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00021304 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-11 12:30 - 2015-10-31 01:00 - 00350152 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00084792 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-11 12:30 - 2015-12-08 21:36 - 01826608 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-11 12:30 - 2015-10-31 01:00 - 00083912 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 03891504 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 01950000 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00519984 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00133936 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00225080 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00207672 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00024904 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00486704 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-11 12:30 - 2015-12-08 21:36 - 00357680 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 21:45 - 2015-10-31 01:01 - 00019920 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 21:45 - 2015-10-31 01:00 - 00786904 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-08-08 09:11 - 2015-10-31 01:00 - 00063448 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 21:45 - 2015-10-31 01:00 - 00019408 _____ () C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-07-21 16:02 - 2015-07-21 16:02 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2013-08-15 19:40 - 2015-11-17 00:31 - 47846176 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-10-16 16:40 - 2014-10-16 16:40 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
2012-10-09 17:43 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-10-09 17:42 - 2012-02-07 16:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2393814480-1901860420-2681352935-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: EADM => "e:\Program Files (x86)\Origin\Origin.exe" -AutoStart

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5591A086-2B7A-4ACE-B397-5DC14BD19E7A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{7E911025-C56C-4933-B8D9-EC596B4CB720}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{8AF8C205-76F7-4421-A2A0-FE91E725654B}C:\program files\magictune premium\magictune.exe] => (Allow) C:\program files\magictune premium\magictune.exe
FirewallRules: [uDP Query User{3E99F489-948C-4480-87A1-B5830BD33B9B}C:\program files\magictune premium\magictune.exe] => (Allow) C:\program files\magictune premium\magictune.exe
FirewallRules: [{E6FF469E-2360-4C12-9B63-7DD16D4FD8CA}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{A6C14FED-EC1A-464A-ACFA-4473B19EC23D}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{93B34B40-8AC5-4DB4-B466-64A2A058F76D}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{70155640-06A9-4E08-A236-8FC2560E5015}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{D9E9811D-018C-46D3-ABA7-B6C6539FE5AE}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{39AF3744-BFF6-4E15-88D9-03537F7F71D2}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{7D967BC6-559C-41D0-8B34-054FDF5BBA38}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{CB66D671-CCAA-4DF0-988F-E63CA2006D71}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{C50472A4-DCCD-4CDA-B13C-A02D7F85067C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{257A9890-2643-4F34-9E4E-47A96CC198D9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{97F8B26B-50AC-43F0-BF4F-716D1BECB18E}D:\easysetupassistant\wr841n\easysetupassistant.exe] => (Allow) D:\easysetupassistant\wr841n\easysetupassistant.exe
FirewallRules: [uDP Query User{43F56D0C-E775-4A92-BC63-50A07028B64E}D:\easysetupassistant\wr841n\easysetupassistant.exe] => (Allow) D:\easysetupassistant\wr841n\easysetupassistant.exe
FirewallRules: [TCP Query User{C90D98AC-D633-40C8-BCE1-ED468A05FC42}D:\easysetupassistant\wr841n\easysetupassistant.exe] => (Allow) D:\easysetupassistant\wr841n\easysetupassistant.exe
FirewallRules: [uDP Query User{BBB3375C-A232-4AE5-9159-DB69CC837EEE}D:\easysetupassistant\wr841n\easysetupassistant.exe] => (Allow) D:\easysetupassistant\wr841n\easysetupassistant.exe
FirewallRules: [TCP Query User{EE1FB5A7-AD65-4651-910A-522D21A5FCF3}C:\program files\magictune premium\magictune.exe] => (Block) C:\program files\magictune premium\magictune.exe
FirewallRules: [uDP Query User{895D5832-0CF2-4C1A-BB58-97B925081CEF}C:\program files\magictune premium\magictune.exe] => (Block) C:\program files\magictune premium\magictune.exe
FirewallRules: [{667CB375-12DD-4BC3-9093-73F54BBE89A4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4305EEB1-8206-4719-BB0B-571E993460A5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{2433D013-B359-4E19-B0EC-31A4E8E13CDE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{02D4560A-D288-4BA7-BEED-ABFE3FF4AE1D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{81CB44AD-06A0-4E66-B49A-5C0E48FC4154}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [TCP Query User{2C5FA7D5-E080-4114-B22F-DF2232B07B0C}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [uDP Query User{0EBA328C-7F16-4A05-ADA0-CC42B68F821E}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{C30270D7-A870-4660-B0DB-B6935D6D4DEF}] => (Allow) E:\steam2\SteamApps\common\Call of Duty Ghosts\iw6mp64_ship.exe
FirewallRules: [{8B86C6CE-1070-4F4E-A545-23AD1B863E98}] => (Allow) E:\steam2\SteamApps\common\Call of Duty Ghosts\iw6mp64_ship.exe
FirewallRules: [{E2BA4B70-CBCC-4387-B19C-E3917B7ADBB5}] => (Allow) E:\steam2\SteamApps\common\Call of Duty Ghosts\iw6sp64_ship.exe
FirewallRules: [{2785389D-71EE-43DB-821C-87AED412E516}] => (Allow) E:\steam2\SteamApps\common\Call of Duty Ghosts\iw6sp64_ship.exe
FirewallRules: [{F5FE58A0-C6C3-4AF2-AA1E-2E395A5A6167}] => (Allow) E:\steam2\SteamApps\common\Call of Duty Ghosts\iw6sp64_ship.exe
FirewallRules: [{4AF21E66-8F6F-4D32-A480-E1FA656C011C}] => (Allow) E:\steam2\SteamApps\common\Call of Duty Ghosts\iw6sp64_ship.exe
FirewallRules: [{D1F03316-A905-483B-BF26-16870CDFE443}] => (Allow) E:\steam2\SteamApps\common\Call of Duty Ghosts\iw6mp64_ship.exe
FirewallRules: [{E4ACA84E-789E-4F60-AB3A-5ED51046D42A}] => (Allow) E:\steam2\SteamApps\common\Call of Duty Ghosts\iw6mp64_ship.exe
FirewallRules: [{AF59FD2C-F730-4BD6-A1F7-2456DA99E22C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1B70DBD6-D47C-496D-8A96-4E386A2C75DD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{AAA7612E-E788-493B-9F1C-FCD1E20C4987}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4225C9B2-022D-4AB2-9F93-33B3D6CEF14C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7A3FAEF7-7A10-4693-82C9-6202C2354531}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{77516DAC-B598-4B92-ACDE-FED71BABA634}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{DEAC8DF2-7171-4C91-A077-FAE2FDF16D50}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{FAE1A024-0D5C-4EA0-BF28-0D2FAE74074D}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{A39EBC06-4742-400A-9B2E-8ABBC0AAAED7}] => (Allow) E:\steam2\SteamApps\common\Command and Conquer 3 Tiberium Wars\CNC3.exe
FirewallRules: [{CB88DA6D-29EF-45D5-AF9D-11FCA68D0049}] => (Allow) E:\steam2\SteamApps\common\Command and Conquer 3 Tiberium Wars\CNC3.exe
FirewallRules: [{8ED1B84A-B8AC-418D-AC99-B1F225D1593C}] => (Allow) E:\steam2\SteamApps\common\Command and Conquer 3 Tiberium Wars\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{DF144665-EB6E-4B4C-A75B-8010F2977BE7}] => (Allow) E:\steam2\SteamApps\common\Command and Conquer 3 Tiberium Wars\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{85797BF0-711A-4B8D-8A95-59D952066DF3}] => (Allow) E:\steam2\steamapps\common\Command and Conquer 3 Tiberium Wars\RetailExe\1.9\cnc3game.dat
FirewallRules: [{B25D71BE-B30D-48DE-8184-D4664AD17B00}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{6EF63AA7-3119-475B-8BF3-FA4BA8220777}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{985B5725-F014-4110-A65E-B5F6A65016C1}] => (Allow) E:\steam2\SteamApps\common\Supreme Commander Forged Alliance\bin\SupremeCommander.exe
FirewallRules: [{F0AEB5BB-C7FF-452F-9E6B-F48A2E5FB0C1}] => (Allow) E:\steam2\SteamApps\common\Supreme Commander Forged Alliance\bin\SupremeCommander.exe
FirewallRules: [{79A6DB5C-3FC3-4D17-BC72-3C40C1DA1E09}] => (Allow) C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{AA7330E2-A1E2-4D11-AAD9-F459D5EE11CD}] => (Allow) C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{89D50B79-2546-4231-A747-374206BC60A9}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{CB923FF4-2808-4E68-BF6E-685570C17CC7}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{C87D7DC3-D89E-4FE6-B381-B5FEC79498C8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3E3ACCBC-E7DC-4178-A895-82265A9A28AB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{613EA18D-EBB0-42EC-83B6-694B0F7640A1}] => (Allow) E:\steam2\SteamApps\common\Planetary Annihilation\PA.exe
FirewallRules: [{5F0EF784-68FF-470D-B086-A815A14FE8B3}] => (Allow) E:\steam2\SteamApps\common\Planetary Annihilation\PA.exe
FirewallRules: [{45FDFF93-0D0D-4B61-9E41-5CCD368FF4AB}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{2CFBB518-9183-4470-AB19-3DDFA8B04294}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{C9AD95AE-176E-4BCC-9B56-BC68370CD0AE}C:\users\jonathan\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\jonathan\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [uDP Query User{2641EBBF-2709-4124-AC21-0475F7824D7C}C:\users\jonathan\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\jonathan\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{02DC3CA5-E3ED-430B-9B4C-DFC312AC6063}] => (Allow) C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe
FirewallRules: [{CE219332-5AED-4CA7-977C-B12E6DC43CFB}] => (Allow) C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe
FirewallRules: [{43F7CD6D-BE9C-42A5-829F-6937F71D41E2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{24840B55-0836-47B9-AAA0-0783C0483859}] => (Allow) LPort=2869
FirewallRules: [{A04EAF54-0771-4B27-AFF9-2B8BDC978D32}] => (Allow) LPort=1900
FirewallRules: [{8AF08295-5172-410B-B349-4796F3610B8E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{96DB532D-9D25-4CAC-B154-311AA12A0309}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B08B40C4-EEE4-45B6-B606-6D273CA8EDBD}] => (Allow) E:\steam2\SteamApps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [{4B02646A-50CF-4DD1-8F80-75A2AB90B5EB}] => (Allow) E:\steam2\SteamApps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [TCP Query User{26F4FFFC-2088-409A-A7D7-2BBC25436D21}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [uDP Query User{6088CD5E-0304-4E12-B02A-39515D367C76}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{C6D119EC-67DC-4734-A45D-7B89748A4CFA}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\7ac49734-541c-48e7-99be-02f41e43e79d\Installer\hpbcsiInstaller.exe
FirewallRules: [{0073ACE2-C7E3-4076-B6DE-A729EA904794}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\7ac49734-541c-48e7-99be-02f41e43e79d\Installer\hpbcsiInstaller.exe
FirewallRules: [{7DD50AB4-E28B-41A5-B55C-6716196FD6AE}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M277\bin\SendAFax.exe
FirewallRules: [{05B72D74-5EA2-4593-8756-9E969C7CD9B1}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M277\bin\FaxPrinterUtility.exe
FirewallRules: [{110642D5-F69E-43DA-936A-6026D59A9B96}] => (Allow) C:\Program Files\HP\HP Color LaserJet Pro MFP M277\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B0F31133-C98A-4234-A97E-384665790AFD}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M277\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{DE97569F-FFD7-4005-BC5C-2D5A57F10424}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M277\bin\DigitalWizards.exe
FirewallRules: [{4D38C9B9-52E2-4E50-8EB9-899675C6D4EF}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M277\bin\FaxApplications.exe
FirewallRules: [{7FC241C8-F950-4826-9D43-4AB6B8F69D50}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro MFP M277\bin\EWSProxy.exe
FirewallRules: [{B61CA8EE-C64C-40B0-B16B-7E31EFFD2E06}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4D0343D4-E298-4319-8786-F920C6DFA9D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{45098CD2-020E-4C0D-A609-8D976AB0A1D2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/20/2015 12:54:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2015 12:53:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/20/2015 12:53:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/20/2015 12:52:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/20/2015 12:52:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/20/2015 12:34:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2015 12:32:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/20/2015 12:32:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/20/2015 12:32:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/20/2015 12:32:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (12/20/2015 12:52:26 PM) (Source: volsnap) (EventID: 27) (User: )
Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.

Error: (12/20/2015 12:52:24 PM) (Source: volsnap) (EventID: 27) (User: )
Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.

Error: (12/20/2015 12:51:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.213.247.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (12/20/2015 12:51:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.213.247.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (12/20/2015 12:23:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/20/2015 12:23:00 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (12/17/2015 12:08:25 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (12/17/2015 12:08:25 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (12/17/2015 11:44:56 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (12/17/2015 11:44:56 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


==================== Memory info ===========================

Processor: Intel® Core i5-3570 CPU @ 3.40GHz
Percentage of memory in use: 33%
Total physical RAM: 8141.91 MB
Available physical RAM: 5416.76 MB
Total Virtual: 16282.02 MB
Available Virtual: 13425.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.45 GB) (Free:36.74 GB) NTFS
Drive e: () (Fixed) (Total:1863.01 GB) (Free:1655.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: F50D7583)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 53412077)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.