amiller73

Original problem of real time web protection would not turn on. Used Malwarebytes tool for clean uninstall. Downloaded and activated latest version of Malwarebytes. Now Malwarebytes will not update. Dashboard states updates are not current however all efforts to update do nothing. Any advice on how to fix is appreciated.

So sorry...I did run Sophos Av and it came up clean, so no log.

Fixlog attached and Zemana and AWDcleaner log pasted below. Performance so far so good. Thanks Zemana AntiMalware 2.21.2.94 (Installed) ------------------------------------------------------- Scan Result : Completed Scan Date : 2016/6/29 Operating System : Windows 10 64-bit Processor : 4X Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz BIOS Mode : Legacy CUID : 1240EF61BC8EEB8200D89F Scan Type : Deep Scan Duration : 23m 26s Scanned Objects : 362019 Detected Objects : 2 Excluded Objects : 0 Read Level : SCSI Auto Upload : Enabled Detect All Extensions : Disabled Scan Documents : Disabled Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- stflt.sys Status : Scanned Object : %systemroot%\system32\drivers\stflt.sys MD5 : B9657A0AFF28C1CB114ACC0CB93EE4BB Publisher : Crawler, LLC Size : 51496 Version : 4.0.1.1 Detection : Win32/Browser.Hijacker.Crawler!Ep Cleaning Action : Quarantine Related Objects : File - %systemroot%\system32\drivers\stflt.sys unins000.exe Status : Scanned Object : %programfiles%\rid spyware\unins000.exe MD5 : 3CBA922F0EF27888AFFF95530403DCB2 Publisher : Crawler, LLC Size : 1287032 Version : 51.51.0.0 Detection : Win32/Browser.Hijacker.Crawler!Ep Cleaning Action : Quarantine Related Objects : File - %programfiles%\rid spyware\unins000.exe Cleaning Result ------------------------------------------------------- Cleaned : 2 Reported as safe : 0 Failed : 0 AdwCleaner v5.200 - Logfile created 29/06/2016 at 19:09:16 # Updated 14/06/2016 by ToolsLib # Database : 2016-06-29.1 [Server] # Operating system : Windows 10 Home (X64) # Username : Alison - ALISONHP # Running from : C:\Users\Alison\Desktop\AdwCleaner.exe # Option : Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\Users\Public\Documents\iWin [-] Folder Deleted : C:\Program Files (x86)\Rid Spyware [-] Folder Deleted : C:\Users\Alison_2\AppData\Local\VirtualStore\Program Files (x86)\Movies Toolbar [#] Folder Deleted : C:\Users\Alison_2\AppData\Local\VirtualStore\Program Files (x86)\movies toolbar ***** [ Files ] ***** [-] File Deleted : C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.searchnu.com_0.localstorage [-] File Deleted : C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.searchnu.com_0.localstorage-journal ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D} ***** [ Web browsers ] ***** [-] [C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com [-] [C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com [-] [C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search-results.com [-] [C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : dts.search.ask.com [-] [C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com [-] [C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [2763 bytes] - [29/06/2016 19:09:16] C:\AdwCleaner\AdwCleaner[S1].txt - [2700 bytes] - [29/06/2016 19:06:57] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2909 bytes] ########## Fixlog.txt

So sorry, I am not seeing the attachment with fixlist.txt for step one. Is it possible it is not attached....or maybe I am just blind ( ;

Thanks for the reply. Attached are the files hopefully as requested. Rkill.txt mbamlog.txt FRST.txt Addition.txt

Referred by Firefox from another section of the forum for likely infection. Have followed directions for MBAM clean, to fully remove and install Malwarebytes. Attached are FRST.txt and Addition.txt. Both ran not as administrator. Do I need to run them again as the administrator? Thanks Firefox for sending me in the right direction. Addition.txt FRST.txt

Messages only popup when I login as administrator. As far as a good cleanup...the link provided relates to a malware infection. Should I still do this even if I don't know that I have a malware issue Thanks

Hopefully I have done this correctly. can result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2016 02 Ran by Alison_2 (ATTENTION: The user is not administrator) on ALISONHP (27-06-2016 07:00:53) Running from C:\Users\Alison_2\Downloads Loaded Profiles: Alison & Alison_2 (Available Profiles: Alison & Alison_2 & Jackson & DefaultAppPool) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> wininit.exe Failed to access process -> services.exe Failed to access process -> lsass.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> TrueSuiteService.exe Failed to access process -> svchost.exe Failed to access process -> WUDFHost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> spoolsv.exe Failed to access process -> svchost.exe Failed to access process -> AppleMobileDeviceService.exe Failed to access process -> svchost.exe Failed to access process -> HPDrvMntSvc.exe Failed to access process -> svchost.exe Failed to access process -> HPSupportSolutionsFrameworkService.exe Failed to access process -> jhi_service.exe Failed to access process -> n360.exe Failed to access process -> svchost.exe Failed to access process -> mqsvc.exe Failed to access process -> pdfsvc.exe Failed to access process -> HPClientServices.exe Failed to access process -> mDNSResponder.exe Failed to access process -> dasHost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> FitbitConnectService.exe Failed to access process -> SMSvcHost.exe Failed to access process -> SMSvcHost.exe Failed to access process -> mbamservice.exe Failed to access process -> SearchIndexer.exe Failed to access process -> mbamscheduler.exe Failed to access process -> esrv_svc.exe Failed to access process -> HPSA_Service.exe Failed to access process -> LMS.exe Failed to access process -> UNS.exe Failed to access process -> svchost.exe Failed to access process -> iPodService.exe Failed to access process -> csrss.exe Failed to access process -> winlogon.exe Failed to access process -> dwm.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\n360.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe () C:\Users\Alison_2\AppData\Local\Amazon Music\Amazon Music Helper.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Google Inc.) C:\Users\Alison_2\AppData\Local\Google\Update\GoogleUpdate.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe Failed to access process -> SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe Failed to access process -> fontdrvhost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe Failed to access process -> rundll32.exe Failed to access process -> VSSVC.exe Failed to access process -> svchost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe Failed to access process -> OSPPSVC.EXE (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> svchost.exe Failed to access process -> csrss.exe Failed to access process -> winlogon.exe Failed to access process -> dwm.exe Failed to access process -> sihost.exe Failed to access process -> mbam.exe Failed to access process -> taskhostw.exe Failed to access process -> RuntimeBroker.exe Failed to access process -> explorer.exe Failed to access process -> unsecapp.exe Failed to access process -> ShellExperienceHost.exe Failed to access process -> SearchUI.exe Failed to access process -> n360.exe Failed to access process -> hkcmd.exe Failed to access process -> igfxpers.exe Failed to access process -> OneDrive.exe Failed to access process -> hpwuschd2.exe Failed to access process -> jusched.exe Failed to access process -> esrv.exe Failed to access process -> conhost.exe Failed to access process -> svchost.exe Failed to access process -> SearchProtocolHost.exe Failed to access process -> ApplicationFrameHost.exe Failed to access process -> SearchFilterHost.exe Failed to access process -> svchost.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> Fitbit Connect.exe Failed to access process -> ApplePhotoStreams.exe Failed to access process -> APSDaemon.exe Failed to access process -> iCloudServices.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\Run: [Amazon Music] => C:\Users\Alison_2\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-20] () HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.) HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\Run: [Google Update] => C:\Users\Alison_2\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-12-02] (Google Inc.) HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\RunOnce: [Uninstall C:\Users\Alison_2\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alison_2\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\RunOnce: [Uninstall C:\Users\Alison_2\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alison_2\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64" HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\RunOnce: [Uninstall C:\Users\Alison_2\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alison_2\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64" HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\RunOnce: [Uninstall C:\Users\Alison_2\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alison_2\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\RunOnce: [Uninstall C:\Users\Alison_2\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alison_2\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64" ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\buShell.dll [2016-06-08] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\buShell.dll [2016-06-08] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\buShell.dll [2016-06-08] (Symantec Corporation) Startup: C:\Users\Alison_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-09-01] ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{e6a63496-cdb4-47f3-ace8-c1f620148c62}: [NameServer] 75.75.75.75,75.75.76.76 Internet Explorer: ================== HKU\S-1-5-21-4210471962-3087493860-930690135-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP URLSearchHook: [S-1-5-21-4210471962-3087493860-930690135-1000] ATTENTION => Default URLSearchHook is missing SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-4210471962-3087493860-930690135-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869 BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-08-25] (HP) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-20] (Oracle Corporation) BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-08-25] (HP) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-11-04] (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.922.1\NativeBHO.dll [2014-09-22] (WhiteSky) BHO-x32: No Name -> {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} -> No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-20] (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.) DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29] (Skype Technologies S.A.) Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-4210471962-3087493860-930690135-1003 -> hxxp://my.xfinity.com/ FireFox: ======== FF ProfilePath: C:\Users\Alison_2\AppData\Roaming\Mozilla\Firefox\Profiles\l9bh9g3r.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-16] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-20] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-20] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-01-24] (Nexon) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-21] () FF Plugin HKU\S-1-5-21-4210471962-3087493860-930690135-1003: @nsroblox.roblox.com/launcher -> C:\Users\Alison_2\AppData\Local\Roblox\Versions\version-e1544481252d4990\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-4210471962-3087493860-930690135-1003: @nsroblox.roblox.com/launcher64 -> C:\Users\Alison_2\AppData\Local\Roblox\Versions\version-e1544481252d4990\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-4210471962-3087493860-930690135-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\Alison_2\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-4210471962-3087493860-930690135-1003: @talk.google.com/O1DPlugin -> C:\Users\Alison_2\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-4210471962-3087493860-930690135-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Alison_2\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin HKU\S-1-5-21-4210471962-3087493860-930690135-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Alison_2\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin HKU\S-1-5-21-4210471962-3087493860-930690135-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alison_2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-10] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Users\Alison_2\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Alison_2\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-06-20] FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-04-25] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{40211632-250D-4B8C-B04E-DA45BAE6DF8C}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn => not found FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon Chrome: ======= CHR Profile: C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-21] CHR Extension: (Star Wars VII: Kylo Ren's Saber) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\agihmbgondgffhpjdhldopeigmpldbid [2016-01-21] CHR Extension: (Google Docs) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-21] CHR Extension: (Google Drive) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-21] CHR Extension: (YouTube) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-21] CHR Extension: (Norton Security Toolbar) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-01-21] CHR Extension: (Google Search) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-21] CHR Extension: (Website Logon) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef [2015-06-12] CHR Extension: (Google Sheets) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-21] CHR Extension: (Google Docs Offline) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-21] CHR Extension: (Norton Identity Safe) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-06-12] CHR Extension: (Chrome Web Store Payments) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-21] CHR Extension: (Gmail) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-21] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-20] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-20] CHR HKLM-x32\...\Chrome\Extension: [dfaldikcoaplhepekpbngkepfcoiihef] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-22] CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-02-03] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2015-11-25] () R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company) R3 lmhosts; C:\Windows\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation) R3 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\N360.exe [289080 2016-06-16] (Symantec Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation) R2 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation) R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc) S2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [112792 2015-11-25] () S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2015-11-25] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160621.003\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1607000.04C\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160624.001\IDSvia64.sys [876248 2016-05-24] (Symantec Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-27] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-10-12] () R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] () R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1607000.04C\SRTSP64.SYS [773360 2016-06-01] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1607000.04C\SRTSPX64.SYS [48888 2016-06-01] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-01] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\N360x64\1607000.04C\SymELAM.sys [24192 2015-07-10] (Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-06-20] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1607000.04C\Ironx64.SYS [291056 2016-06-01] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1607000.04C\SYMNETS.SYS [567536 2016-06-01] (Symantec Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) U3 idsvc; no ImagePath S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160620.002\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160620.002\EX64.SYS [X] U3 wpcsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-27 07:00 - 2016-06-27 07:01 - 00029982 _____ C:\Users\Alison_2\Downloads\FRST.txt 2016-06-27 06:49 - 2016-06-27 07:00 - 00000000 ____D C:\FRST 2016-06-27 06:48 - 2016-06-27 06:48 - 02389504 _____ (Farbar) C:\Users\Alison_2\Downloads\FRST64.exe 2016-06-26 10:13 - 2016-06-26 10:13 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1F356559.sys 2016-06-26 09:01 - 2016-06-26 09:01 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\06492DD8.sys 2016-06-25 22:50 - 2016-06-27 07:01 - 00000000 ____D C:\Program Files (x86)\Steam 2016-06-25 22:50 - 2016-06-25 22:50 - 01380712 _____ C:\Users\Alison_2\Downloads\SteamSetup (2).exe 2016-06-25 22:50 - 2016-06-25 22:50 - 00001034 _____ C:\Users\Public\Desktop\Steam.lnk 2016-06-25 22:50 - 2016-06-25 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2016-06-25 22:16 - 2016-06-25 22:16 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-06-25 22:16 - 2016-06-25 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-06-25 22:16 - 2016-06-25 22:16 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-06-25 22:16 - 2016-06-25 22:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-06-25 22:16 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-06-25 22:16 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-06-25 22:16 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-06-25 21:36 - 2016-06-25 21:36 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\18FD21C9.sys 2016-06-25 21:35 - 2016-06-25 21:35 - 01380712 _____ C:\Users\Alison_2\Downloads\SteamSetup (1).exe 2016-06-25 21:29 - 2016-06-25 21:29 - 01380712 _____ C:\Users\Alison_2\Downloads\SteamSetup.exe 2016-06-20 17:37 - 2016-06-20 17:38 - 00780354 _____ C:\Users\Alison_2\Downloads\PTC News Jun 17, 2016.pdf 2016-06-20 11:09 - 2016-06-20 11:09 - 00002415 _____ C:\Users\Public\Desktop\Norton 360.lnk 2016-06-15 04:22 - 2016-05-27 21:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2016-06-15 04:22 - 2016-05-27 21:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2016-06-15 04:22 - 2016-05-27 21:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-06-15 04:22 - 2016-05-27 21:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2016-06-15 04:22 - 2016-05-27 21:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll 2016-06-15 04:22 - 2016-05-27 21:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2016-06-15 04:22 - 2016-05-27 21:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll 2016-06-15 04:22 - 2016-05-27 21:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-06-15 04:22 - 2016-05-27 21:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-06-15 04:22 - 2016-05-27 21:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2016-06-15 04:22 - 2016-05-27 21:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll 2016-06-15 04:22 - 2016-05-27 21:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2016-06-15 04:22 - 2016-05-27 21:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-06-15 04:22 - 2016-05-27 21:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2016-06-15 04:22 - 2016-05-27 21:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2016-06-15 04:22 - 2016-05-27 21:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-06-15 04:22 - 2016-05-27 21:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll 2016-06-15 04:22 - 2016-05-27 21:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2016-06-15 04:22 - 2016-05-27 21:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2016-06-15 04:22 - 2016-05-27 21:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2016-06-15 04:22 - 2016-05-27 21:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2016-06-15 04:22 - 2016-05-27 21:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-06-15 04:22 - 2016-05-27 21:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2016-06-15 04:22 - 2016-05-27 21:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-06-15 04:22 - 2016-05-27 21:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2016-06-15 04:22 - 2016-05-27 21:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2016-06-15 04:22 - 2016-05-27 20:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 2016-06-15 04:21 - 2016-05-27 23:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-06-15 04:21 - 2016-05-27 23:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-06-15 04:21 - 2016-05-27 23:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-06-15 04:21 - 2016-05-27 22:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll 2016-06-15 04:21 - 2016-05-27 22:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-06-15 04:21 - 2016-05-27 22:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-06-15 04:21 - 2016-05-27 22:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-06-15 04:21 - 2016-05-27 22:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-06-15 04:21 - 2016-05-27 22:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-06-15 04:21 - 2016-05-27 22:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-06-15 04:21 - 2016-05-27 22:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-06-15 04:21 - 2016-05-27 22:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-06-15 04:21 - 2016-05-27 21:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-06-15 04:21 - 2016-05-27 21:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2016-06-15 04:21 - 2016-05-27 21:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2016-06-15 04:21 - 2016-05-27 21:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2016-06-15 04:21 - 2016-05-27 21:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2016-06-15 04:21 - 2016-05-27 21:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2016-06-15 04:21 - 2016-05-27 21:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2016-06-15 04:21 - 2016-05-27 21:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2016-06-15 04:21 - 2016-05-27 21:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2016-06-15 04:21 - 2016-05-27 21:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe 2016-06-15 04:21 - 2016-05-27 21:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll 2016-06-15 04:21 - 2016-05-27 21:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys 2016-06-15 04:21 - 2016-05-27 21:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe 2016-06-15 04:21 - 2016-05-27 21:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll 2016-06-15 04:21 - 2016-05-27 21:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2016-06-15 04:21 - 2016-05-27 21:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll 2016-06-15 04:21 - 2016-05-27 21:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-06-15 04:21 - 2016-05-27 21:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2016-06-15 04:21 - 2016-05-27 21:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2016-06-15 04:21 - 2016-05-27 21:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2016-06-15 04:21 - 2016-05-27 21:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2016-06-15 04:21 - 2016-05-27 21:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2016-06-15 04:21 - 2016-05-27 21:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll 2016-06-15 04:21 - 2016-05-27 21:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2016-06-15 04:21 - 2016-05-27 21:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2016-06-15 04:21 - 2016-05-27 21:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-06-15 04:21 - 2016-05-27 21:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll 2016-06-15 04:21 - 2016-05-27 21:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-06-15 04:21 - 2016-05-27 21:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2016-06-15 04:21 - 2016-05-27 21:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-06-15 04:21 - 2016-05-27 21:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll 2016-06-15 04:21 - 2016-05-27 21:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll 2016-06-15 04:21 - 2016-05-27 21:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2016-06-15 04:21 - 2016-05-27 21:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-06-15 04:21 - 2016-05-27 21:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2016-06-15 04:21 - 2016-05-27 21:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-06-15 04:21 - 2016-05-27 21:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll 2016-06-15 04:21 - 2016-05-27 21:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2016-06-15 04:21 - 2016-05-27 21:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll 2016-06-15 04:21 - 2016-05-27 21:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2016-06-15 04:21 - 2016-05-27 21:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll 2016-06-15 04:21 - 2016-05-27 21:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-06-15 04:21 - 2016-05-27 21:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-06-15 04:21 - 2016-05-27 21:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-06-15 04:21 - 2016-05-27 21:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll 2016-06-15 04:21 - 2016-05-27 21:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-06-15 04:21 - 2016-05-27 21:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-06-15 04:21 - 2016-05-27 21:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2016-06-15 04:21 - 2016-05-27 21:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2016-06-15 04:21 - 2016-05-27 21:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-06-15 04:21 - 2016-05-27 21:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-06-15 04:21 - 2016-05-27 21:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-06-15 04:21 - 2016-05-27 21:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll 2016-06-15 04:21 - 2016-05-27 21:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-06-15 04:21 - 2016-05-27 21:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2016-06-15 04:21 - 2016-05-27 21:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll 2016-06-15 04:21 - 2016-05-27 21:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-06-15 04:21 - 2016-05-27 21:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2016-06-15 04:21 - 2016-05-27 21:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-06-15 04:21 - 2016-05-27 21:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll 2016-06-15 04:21 - 2016-05-27 21:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-06-15 04:21 - 2016-05-27 21:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-06-15 04:21 - 2016-05-27 21:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-06-15 04:21 - 2016-05-27 20:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-06-15 04:21 - 2016-05-27 20:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-06-15 04:21 - 2016-05-27 20:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2016-06-15 04:21 - 2016-05-27 20:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-06-15 04:20 - 2016-05-27 23:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-06-15 04:20 - 2016-05-27 23:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-06-15 04:20 - 2016-05-27 23:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-06-15 04:20 - 2016-05-27 22:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll 2016-06-15 04:20 - 2016-05-27 22:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll 2016-06-15 04:20 - 2016-05-27 22:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll 2016-06-15 04:20 - 2016-05-27 22:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2016-06-15 04:20 - 2016-05-27 22:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2016-06-15 04:20 - 2016-05-27 22:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2016-06-15 04:20 - 2016-05-27 22:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll 2016-06-15 04:20 - 2016-05-27 22:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll 2016-06-15 04:20 - 2016-05-27 22:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-06-15 04:20 - 2016-05-27 22:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-06-15 04:20 - 2016-05-27 22:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe 2016-06-15 04:20 - 2016-05-27 22:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2016-06-15 04:20 - 2016-05-27 22:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys 2016-06-15 04:20 - 2016-05-27 22:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2016-06-15 04:20 - 2016-05-27 22:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-06-15 04:20 - 2016-05-27 22:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2016-06-15 04:20 - 2016-05-27 22:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-06-15 04:20 - 2016-05-27 22:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2016-06-15 04:20 - 2016-05-27 22:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2016-06-15 04:20 - 2016-05-27 22:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-06-15 04:20 - 2016-05-27 22:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-06-15 04:20 - 2016-05-27 22:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-06-15 04:20 - 2016-05-27 22:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2016-06-15 04:20 - 2016-05-27 22:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2016-06-15 04:20 - 2016-05-27 22:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-06-15 04:20 - 2016-05-27 22:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll 2016-06-15 04:20 - 2016-05-27 22:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll 2016-06-15 04:20 - 2016-05-27 22:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll 2016-06-15 04:20 - 2016-05-27 21:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-06-15 04:20 - 2016-05-27 21:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2016-06-15 04:20 - 2016-05-27 21:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll 2016-06-15 04:20 - 2016-05-27 21:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll 2016-06-15 04:20 - 2016-05-27 21:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-06-15 04:20 - 2016-05-27 21:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll 2016-06-15 04:20 - 2016-05-27 21:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-06-15 04:20 - 2016-05-27 21:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe 2016-06-15 04:20 - 2016-05-27 21:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe 2016-06-15 04:20 - 2016-05-27 21:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-06-15 04:20 - 2016-05-27 21:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys 2016-06-15 04:20 - 2016-05-27 21:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2016-06-15 04:20 - 2016-05-27 21:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2016-06-15 04:20 - 2016-05-27 21:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll 2016-06-15 04:20 - 2016-05-27 21:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll 2016-06-15 04:20 - 2016-05-27 21:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2016-06-15 04:20 - 2016-05-27 21:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll 2016-06-15 04:20 - 2016-05-27 21:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-06-15 04:20 - 2016-05-27 21:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2016-06-15 04:20 - 2016-05-27 21:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys 2016-06-15 04:20 - 2016-05-27 21:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-06-15 04:20 - 2016-05-27 21:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll 2016-06-15 04:20 - 2016-05-27 21:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-06-15 04:20 - 2016-05-27 21:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll 2016-06-15 04:20 - 2016-05-27 21:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-06-15 04:20 - 2016-05-27 21:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2016-06-15 04:20 - 2016-05-27 21:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll 2016-06-15 04:20 - 2016-05-27 21:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll 2016-06-15 04:20 - 2016-05-27 21:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll 2016-06-15 04:20 - 2016-05-27 21:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll 2016-06-15 04:20 - 2016-05-27 21:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll 2016-06-15 04:20 - 2016-05-27 21:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll 2016-06-15 04:20 - 2016-05-27 21:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-06-15 04:20 - 2016-05-27 21:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-06-15 04:20 - 2016-05-27 21:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll 2016-06-15 04:20 - 2016-05-27 21:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll 2016-06-15 04:20 - 2016-05-27 21:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2016-06-15 04:20 - 2016-05-27 21:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2016-06-15 04:20 - 2016-05-27 21:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL 2016-06-15 04:20 - 2016-05-27 21:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll 2016-06-15 04:20 - 2016-05-27 21:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll 2016-06-15 04:20 - 2016-05-27 21:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-06-15 04:20 - 2016-05-27 21:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2016-06-15 04:20 - 2016-05-27 21:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2016-06-15 04:20 - 2016-05-27 21:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2016-06-15 04:20 - 2016-05-27 21:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2016-06-15 04:20 - 2016-05-27 21:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll 2016-06-15 04:20 - 2016-05-27 21:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2016-06-15 04:20 - 2016-05-27 21:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll 2016-06-15 04:20 - 2016-05-27 21:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll 2016-06-15 04:20 - 2016-05-27 21:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2016-06-15 04:20 - 2016-05-27 21:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll 2016-06-15 04:20 - 2016-05-27 21:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2016-06-15 04:20 - 2016-05-27 21:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2016-06-15 04:20 - 2016-05-27 21:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2016-06-15 04:20 - 2016-05-27 21:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2016-06-15 04:20 - 2016-05-27 21:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-06-15 04:20 - 2016-05-27 21:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2016-06-15 04:20 - 2016-05-27 21:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll 2016-06-15 04:20 - 2016-05-27 21:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2016-06-15 04:20 - 2016-05-27 21:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2016-06-15 04:20 - 2016-05-27 21:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll 2016-06-15 04:20 - 2016-05-27 21:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2016-06-15 04:20 - 2016-05-27 21:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll 2016-06-15 04:20 - 2016-05-27 21:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll 2016-06-15 04:20 - 2016-05-27 21:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll 2016-06-15 04:20 - 2016-05-27 21:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2016-06-15 04:20 - 2016-05-27 21:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2016-06-15 04:20 - 2016-05-27 21:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-06-15 04:20 - 2016-05-27 21:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2016-06-15 04:20 - 2016-05-27 21:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-06-15 04:20 - 2016-05-27 21:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2016-06-15 04:20 - 2016-05-27 21:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2016-06-15 04:20 - 2016-05-27 21:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2016-06-15 04:20 - 2016-05-27 20:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2016-06-15 04:20 - 2016-05-27 20:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-06-15 04:20 - 2016-05-27 20:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-06-15 04:20 - 2016-05-27 20:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2016-06-08 08:51 - 2016-06-08 08:51 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk 2016-06-08 08:51 - 2016-06-08 08:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-06-08 08:50 - 2016-06-08 08:51 - 00000000 ____D C:\Program Files\iTunes 2016-06-08 08:50 - 2016-06-08 08:50 - 00000000 ____D C:\Program Files\iPod 2016-06-08 08:50 - 2016-06-08 08:50 - 00000000 ____D C:\Program Files (x86)\iTunes 2016-06-06 08:13 - 2016-06-06 08:13 - 00069936 _____ C:\Users\Alison_2\Downloads\TheDigestiveSystem.pdf 2016-06-04 08:11 - 2016-06-04 08:11 - 00178034 _____ C:\Users\Alison_2\Downloads\WalkerGarbage052716.pdf 2016-06-03 18:02 - 2016-06-03 18:02 - 00686061 _____ C:\Users\Alison_2\Downloads\PTC News Jun 03, 2016.pdf 2016-06-02 09:48 - 2016-06-02 09:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-27 06:58 - 2011-12-21 16:38 - 00000000 ____D C:\Users\Alison_2\AppData\LocalLow\AuthenTec 2016-06-27 06:55 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-06-27 06:54 - 2015-09-09 09:45 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-06-27 06:54 - 2012-01-02 23:13 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-27 06:54 - 2011-12-21 16:21 - 00000000 ____D C:\Users\Alison\AppData\LocalLow\AuthenTec 2016-06-27 06:47 - 2011-10-12 02:53 - 00000000 ____D C:\ProgramData\truesuite 2016-06-27 06:43 - 2014-01-05 14:41 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-06-27 06:38 - 2012-01-02 23:13 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-26 20:30 - 2011-12-29 16:48 - 00000342 _____ C:\WINDOWS\Tasks\HPCeeScheduleForALISONHP$.job 2016-06-26 20:09 - 2011-12-21 19:10 - 00000000 ____D C:\Users\Alison_2\AppData\Local\CrashDumps 2016-06-26 19:29 - 2016-01-21 21:13 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4210471962-3087493860-930690135-1003Core.job 2016-06-26 14:21 - 2014-01-10 19:49 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAlison_2.job 2016-06-26 12:58 - 2015-03-13 15:55 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-06-26 11:42 - 2012-08-01 09:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon 2016-06-26 11:42 - 2012-08-01 09:21 - 00000000 ____D C:\Program Files (x86)\Amazon 2016-06-26 11:21 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-06-26 10:15 - 2016-01-13 14:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-06-26 10:15 - 2011-10-12 02:49 - 00000000 ____D C:\ProgramData\PDFC 2016-06-26 08:58 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-06-25 23:00 - 2016-01-09 16:05 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect 2016-06-25 21:38 - 2015-10-30 00:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2016-06-25 21:38 - 2015-01-31 16:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-06-25 21:38 - 2015-01-31 16:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-06-25 21:31 - 2016-01-13 16:05 - 00000000 ____D C:\Users\Alison_2\AppData\Local\Packages 2016-06-23 12:18 - 2015-01-31 16:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-06-22 09:12 - 2016-01-13 16:05 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-06-20 11:32 - 2014-01-05 13:16 - 00000000 ____D C:\ProgramData\Oracle 2016-06-20 11:22 - 2016-01-18 18:38 - 00000000 ____D C:\Users\Alison_2\.oracle_jre_usage 2016-06-20 11:22 - 2014-10-18 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-06-20 11:22 - 2012-02-02 17:42 - 00000000 ____D C:\Program Files (x86)\Java 2016-06-20 11:21 - 2016-01-18 18:37 - 00097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2016-06-20 11:10 - 2016-01-14 11:03 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64 2016-06-20 11:10 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF 2016-06-20 11:09 - 2016-01-13 14:20 - 00000000 ____D C:\Users\Alison_2 2016-06-20 11:09 - 2015-04-01 10:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite 2016-06-20 11:06 - 2015-04-01 10:13 - 00101112 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS 2016-06-20 11:06 - 2015-04-01 10:13 - 00008270 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT 2016-06-18 15:20 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache 2016-06-18 13:22 - 2016-01-13 14:12 - 00301344 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-06-18 13:19 - 2015-10-30 00:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs 2016-06-18 13:19 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2016-06-18 13:19 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-06-18 13:13 - 2014-10-18 08:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-06-18 12:31 - 2016-01-19 16:38 - 00001140 _____ C:\Users\Alison_2\Desktop\nativelog.txt 2016-06-18 12:30 - 2013-01-11 17:45 - 00000000 ____D C:\Users\Alison_2\AppData\Roaming\.minecraft 2016-06-18 10:43 - 2011-10-12 02:49 - 00000000 ____D C:\Program Files (x86)\PDF Complete 2016-06-17 18:40 - 2015-04-01 10:09 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-17 18:40 - 2015-04-01 10:09 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-06-17 07:38 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-06-15 07:33 - 2013-07-10 03:06 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-06-15 07:23 - 2012-08-07 12:32 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-06-14 11:33 - 2016-05-24 14:07 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-06-14 11:33 - 2016-05-24 14:07 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-06-08 08:50 - 2011-12-21 22:58 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-06-02 06:13 - 2016-01-13 14:19 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-06-02 06:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports ==================== Files in the root of some directories ======= 2011-10-12 02:52 - 2011-06-09 16:44 - 0002792 _____ () C:\Program Files\HP SimplePass 2011 2013-01-14 23:56 - 2013-01-15 00:01 - 0012976 _____ () C:\Users\Alison_2\AppData\Roaming\Comma Separated Values (Windows).CAL 2012-01-02 12:54 - 2013-12-04 13:00 - 0000173 _____ () C:\Users\Alison_2\AppData\Local\msmathematics.qat.Alison_2 2015-04-19 08:32 - 2015-04-19 08:32 - 0000000 _____ () C:\Users\Alison_2\AppData\Local\{E51AA556-1167-49B1-8573-BBB31387344D} 2013-01-16 11:18 - 2013-01-16 11:18 - 0000057 _____ () C:\ProgramData\Ament.ini ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. The user is not administrator ==================== End of FRST.txt ============================ dditional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2016 02 Ran by Alison_2 (2016-06-27 07:01:45) Running from C:\Users\Alison_2\Downloads Windows 10 Home Version 1511 (X64) (2016-01-13 23:04:55) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4210471962-3087493860-930690135-500 - Administrator - Disabled) Alison (S-1-5-21-4210471962-3087493860-930690135-1000 - Administrator - Enabled) => C:\Users\Alison Alison_2 (S-1-5-21-4210471962-3087493860-930690135-1003 - Limited - Enabled) => C:\Users\Alison_2 DefaultAccount (S-1-5-21-4210471962-3087493860-930690135-503 - Limited - Disabled) Guest (S-1-5-21-4210471962-3087493860-930690135-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4210471962-3087493860-930690135-1006 - Limited - Enabled) Jackson (S-1-5-21-4210471962-3087493860-930690135-1004 - Limited - Enabled) => C:\Users\Jackson ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.01.18.0 - Ralink) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated) Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - ) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden Amazon Music (HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC) Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version: - Studio Wildcard) AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic) Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.) Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.139.918 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.) Get Yahoo! Messenger (HKLM-x32\...\Get Yahoo! Messenger) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard) HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company) HP SimplePass PE 2011 (HKLM-x32\...\{4741965C-AFD0-4D00-81D1-1039F96D4DC3}) (Version: 5.3.0.273 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard) HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.) Intel Driver Update Utility (HKLM-x32\...\{a699b395-cd93-4135-85ec-828113841355}) (Version: 2.2.0.6 - Intel) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Driver Update Utility 2.2.0.6 (x32 Version: 2.2.0.1 - Intel) Hidden Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation) iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation) Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden LEGO® Jurassic World (HKLM-x32\...\Steam App 352400) (Version: - TT Games Ltd) Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech) Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech) Mabinogi (HKLM-x32\...\Mabinogi) (Version: - devCAT) Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation) Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Motorola Device Manager (HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.3.4 - Motorola Mobility) Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla) Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - ) Norton Security Suite (HKLM-x32\...\N360) (Version: 22.7.0.76 - Symantec Corporation) PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Pin It (HKLM-x32\...\Pin It_is1) (Version: 0.0.4 - Pinterest) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.) Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) ROBLOX Player for Alison_2 (HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Studio for Alison_2 (HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.8.8855 - Skype Technologies S.A.) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Torch (HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\Torch) (Version: 29.0.0.5394 - Torch Media, Inc) <==== ATTENTION Unity Web Player (HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden VIP Access SDK (1.0.1.4) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.) Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden VS10Runtimex64 (Version: 1.0.0 - sourcefire) Hidden WildTangent Games App for HP (x32 Version: 4.0.11.14 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => <==== ATTENTION Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => <==== ATTENTION Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4210471962-3087493860-930690135-1003Core.job => C:\Users\Alison_2\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4210471962-3087493860-930690135-1003UA.job => C:\Users\Alison_2\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForALISONHP$.job => Task: C:\WINDOWS\Tasks\HPCeeScheduleForAlison_2.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-04-12 10:32 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-12 10:32 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-05-24 14:09 - 2016-05-24 14:09 - 00959168 _____ () C:\Users\Alison_2\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-06-15 04:20 - 2016-05-27 20:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-04-19 05:17 - 2016-04-19 05:17 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-01-13 14:07 - 2016-01-13 14:07 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-05-10 19:22 - 2016-04-22 21:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-06-15 04:21 - 2016-05-27 20:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-06-15 04:20 - 2016-05-27 20:55 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-06-15 04:21 - 2016-05-27 20:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-06-15 04:21 - 2016-05-27 20:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-06-01 22:00 - 2015-06-01 22:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-10-27 11:14 - 2015-07-20 22:02 - 05887808 _____ () C:\Users\Alison_2\AppData\Local\Amazon Music\Amazon Music Helper.exe 2016-01-18 19:15 - 2015-11-25 22:36 - 00458904 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe 2016-01-18 19:15 - 2015-11-25 22:46 - 00709272 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll 2016-01-18 19:15 - 2015-11-25 22:45 - 00185496 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\foreground_window_input.dll 2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4210471962-3087493860-930690135-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Alison_2\Pictures\Jeff Vietnam 3_2015\P1020661.JPG DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: Creative WebCam Tray => C:\Program Files (x86)\Creative\Shared Files\CAMTRAY.EXE MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming MSCONFIG\startupreg: HP Officejet Pro 8600 (NET) => "C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN296BXGNC05KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1 MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "Fitbit Connect" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{C690BDAF-04CB-47AE-8290-FA2DBC769642}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{7D73FABE-402A-4302-BAED-B249B4A68DB5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{208229AB-1429-4DFF-ABE6-63396C2C8DBE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{31D87CCA-EE6E-4792-80DF-0747C1DEE1EB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{5AB1CE48-29E6-45E2-A5C4-75026E3E058E}] => (Allow) C:\Users\Alison\AppData\Local\Temp\7zSF388.tmp\SymNRT.exe FirewallRules: [{1B0E3F99-69B6-4850-A65A-27B782CA9A28}] => (Allow) C:\Users\Alison\AppData\Local\Temp\7zSF388.tmp\SymNRT.exe FirewallRules: [{704DD0EF-948B-4C8F-BDFE-968318F94246}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E7433654-9C80-4BEF-AEEE-75D470A8974B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{94CE31C2-3FF8-4A6B-9DFF-CA18990D7E3D}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe FirewallRules: [{BF55E9F8-8B69-49B1-AB8C-8A6080CA7706}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe FirewallRules: [{52502181-B07A-44D0-8419-76B2EEDF69D4}] => (Allow) C:\Users\Alison\AppData\Local\Temp\7zS4CD2\HPDiagnosticCoreUI.exe FirewallRules: [{95FC1602-B4A8-4DC1-AE42-E1780A5FEF4D}] => (Allow) C:\Users\Alison\AppData\Local\Temp\7zS4CD2\HPDiagnosticCoreUI.exe FirewallRules: [{8132AD7D-DB8B-4D70-8E48-56672CD7FBCB}] => (Allow) C:\Users\Alison\AppData\Local\Temp\7zS3D6F\HPDiagnosticCoreUI.exe FirewallRules: [{00D83074-C4EB-4C4A-96CE-83EEE80550C2}] => (Allow) C:\Users\Alison\AppData\Local\Temp\7zS3D6F\HPDiagnosticCoreUI.exe FirewallRules: [{BE5FC637-AC0B-4C0E-A9EF-3A1EFA4DE70C}] => (Allow) C:\Users\Alison\AppData\Local\Temp\7zS28CD\HPDiagnosticCoreUI.exe FirewallRules: [{66D7066F-5E1C-408E-A04F-3CAFB8844A5C}] => (Allow) C:\Users\Alison\AppData\Local\Temp\7zS28CD\HPDiagnosticCoreUI.exe FirewallRules: [{BE8A9E68-6448-4219-BC0A-EA53B60975D6}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe FirewallRules: [{CDFEF599-F03B-4BB3-904F-36B86459FE31}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe FirewallRules: [{61321D3A-0AB2-47DB-B27F-C7CB261999D8}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe FirewallRules: [{AD70F4CB-5DB9-466B-9F0D-349580A193E4}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{ABA1BEE8-08D5-4FE6-9909-506780619135}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe FirewallRules: [{72658F51-0FB8-4C96-A170-5B6D4949DA6A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe FirewallRules: [{69DA08A9-9365-4F10-98D2-1DA4013C786C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe FirewallRules: [{D456A896-E28B-4573-BFD7-6F366DDFE55F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe FirewallRules: [{D36C869F-9170-493F-955F-C5B5BBB2D313}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe FirewallRules: [{FC32EA84-20D7-4648-B7B8-B3D9FA39EF37}] => (Allow) C:\Users\Alison\AppData\Local\Temp\7zS69EA\HPDiagnosticCoreUI.exe FirewallRules: [{89EE8DC1-7520-42E1-A022-C6D719A1C590}] => (Allow) C:\Users\Alison\AppData\Local\Temp\7zS69EA\HPDiagnosticCoreUI.exe FirewallRules: [{92DC7EB8-2829-49EC-974D-EBAFB1B9A86F}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe FirewallRules: [{31B454A6-BF59-4425-98DE-6D72026FBAD3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe FirewallRules: [{9FF35612-721E-4998-BEAD-473506DDB2C2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{F995E64E-462B-4E25-9097-2DD89D2C9F5A}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{7E08BB73-3B9C-4BFE-94C5-4B51A60526F8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{DA7376BA-F2EE-4D90-988D-854CA5988502}] => (Allow) LPort=1900 FirewallRules: [{DD478BFB-D7BC-4C27-AFE5-62D3F063199F}] => (Allow) LPort=2869 FirewallRules: [{F929A970-C0E6-492F-B58D-2B5951D1B5C9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{D963A9BD-C486-42B7-BF27-B2F3DD3A436F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe FirewallRules: [{31603311-6352-4432-AC50-2086FD8C7706}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe FirewallRules: [{30D56280-AA33-4BE3-8A74-B55AB9BF02FF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe FirewallRules: [{FA3ABCD3-BC0D-4837-AF28-2BC00236220A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe FirewallRules: [{86E80672-D173-449C-871A-1D3486ED490E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{97CFE2B1-735B-4667-9006-5152C281650A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{26802BF2-98E5-45F9-A4F2-B192CEB7DD6B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{64D68D7A-D641-42BF-A4EF-DFD7AD0E16FD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{061A4BE4-22A4-4C66-BCAC-814BFC040E3D}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{3755A88C-1630-49D8-9B94-CB56A1AB12CE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{CDFD6BA1-210E-4978-8ECD-BDCEE3999AD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe FirewallRules: [{EACA8FA9-EF14-46E5-AC37-1099161D29BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe FirewallRules: [{286C1510-3A41-4D47-9115-6CCFDA53F051}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe FirewallRules: [{B2C34586-F18B-4993-BB35-C3FA486BEFD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. mbam-check result log version: 2.3.2.0 ======================================== User Account type: Limited User DomainComputer: No OS: Windows 10 64 bit Operating System Current Version and Build: 10.0.10586 OS Product Info: Home Edition Malwarebytes Anti-Malware: 2.2.1.1043 Installed On: 2016/06/25 Malware Database: 2016.06.27.03 Rootkit Database: 2016.05.27.01 Remediation Database: 2016.06.21.01 IP Database: 2016.06.27.01 Domain Database: 2016.06.27.01 License: Premium Malware Protection: 4 (The service is running.) Malicious Website Protection: 4 (The service is running.) Chameleon: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon Log Created: 2016/06/27 07:09:36 User Information for Local System: =========================================== User Account: Administrator Account Level: Admin User Account: Alison Account Level: Admin User Account: Alison_2 Account Level: Limited User User Account: DefaultAccount Account Level: Guest User Account: Guest Account Level: Guest User Account: HomeGroupUser$ Account Level: Guest User Account: Jackson Account Level: Limited User Total # of user entries: 7 UAC Settings: =================== SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA DWORD 1 Status: ON SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin DWORD 5 Status: ON AntiVirus Information: =================== AntiVirus Software Installed: "Norton Security Suite" AntiVirus Software Installed: "Windows Defender" FireWall Information: =================== 3rd Party Firewall Software Installed: "Norton Security Suite" AntiSpyware Information: =================== AntiSpyware Software Installed: "Windows Defender" AntiSpyware Software Installed: "Norton Security Suite" Machine Information =============================================== Machine ID: a9e54fcf31b2cac71fbb71b274827270a4fe861c Installation Token: LkqoMEzVxW8_Es2hmz8F1466918238 System has been up for: 20.9106 Hours Current Date: 2016-Jun-27 14:09:36.274230 Date Booted: 2016-Jun-26 18:09:36.274230 Detection and Protection Settings =============================================== Use Advanced Heuristics Engine (Shuriken): true Scan for rootkits: true Scan within archives: true PUP (Potentially Unwanted Program) detections: Treat Detections as Malware PUM (Potentially Unwanted Modification) detections: Treat Detections as Malware Compatibility Flag Settings: ================================= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\Program Files\Logitech\SetPointP\SetPoint.exeREG_SZ DISABLEUSERCALLBACKEXCEPTION C:\Users\Alison_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YH9CD9KD\MabinogiSetup190R.exeREG_SZ VISTARTM HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers Malwarebytes Anti-Malware Shell Extension Block Check: ====================================================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked: MBAM Startup Entries: ===================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Malwarebytes Anti-Malware Service and Driver Status: ======================================================= --------------Driver File Info:-------------- C:\WINDOWS\system32\drivers\mbam.sys File Size: 27008 BYTES FileVersion: 0.1.16.0 MD5: [78bff5425e044086e74e78650a359fbb] C:\WINDOWS\system32\drivers\mwac.sys File Size: 65408 BYTES FileVersion: 1.0.6.0 MD5: [898415ac0b5f1d2a9a48abcb68a6dc4b] C:\WINDOWS\system32\drivers\mbamswissarmy.sys File Size: 192216 BYTES FileVersion: 0.3.0.4 MD5: [78488af2ab2111d67b3c4044707a519b] C:\WINDOWS\system32\drivers\mbamchameleon.sys File Size: 140672 BYTES FileVersion: 1.1.22.0 MD5: [1239597bab7eed2bb16d035af87e65d9] --------------MBAMProtector:-------------- Type: 2 State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 --------------MBAMService:-------------- Type: 16 State: 4 (The service is running.) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 --------------MBAMScheduler:-------------- Type: 16 State: 4 (The service is running.) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 --------------MBAMChameleon:-------------- Type: N/A State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon WIN32_EXIT_CODE: N/A SERVICE_EXIT_CODE: N/A CHECKPOINT: N/A WAIT_HINT: N/A --------------MBAMWebAccessControl:-------------- Type: 2 State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 Required Dependencies: ====================== --------------BFE:-------------- Type: 32 State: 4 (The service is running.) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE DisplayName REG_SZ @%SystemRoot%\system32\bfe.dll,-1001 ErrorControl REG_DWORD 1 Group REG_SZ NetworkProvider ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork Start REG_DWORD 2 Type REG_DWORD 32 Description REG_SZ @%SystemRoot%\system32\bfe.dll,-1002 DependOnService REG_MULTI_SZ RpcSs ObjectName REG_SZ NT AUTHORITY\LocalService ServiceSidType REG_DWORD 3 RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege FailureActions REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll ServiceDllUnloadOnStop REG_DWORD 1 ServiceMain REG_SZ BfeServiceMain --------------fltmgr:-------------- Type: 2 State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr AttachWhenLoaded REG_DWORD 1 DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001 ErrorControl REG_DWORD 3 Group REG_SZ FSFilter Infrastructure ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys Start REG_DWORD 0 Tag REG_DWORD 1 Type REG_DWORD 2 Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000 C:\WINDOWS\system32\drivers\fltmgr.sys File Size: 377696 BYTES FileVersion: 6.2.10586.0 MD5: [25d7a58625e1453e40d36825de74e4f1] C:\WINDOWS\SysWOW64\mscomctl.ocx File Size: 1070232 BYTES FileVersion: 6.1.98.46 MD5: [273676426739b02a45a0fc9349500b65] C:\WINDOWS\SysWOW64\olepro32.dll File Size: 88576 BYTES FileVersion: 6.2.10586.420 MD5: [56deb6f17f290b8c4af8b2aa10097b55] MBAM Registry Settings and License Info: ======================================== --------------Settings:-------------- Advanced: AutomaticQuarantine: true AutostartProtection: true LimitedMode: false StartSilentMode: false StartupDelay: -15 ApplicationState: First-Run-After-Installation: false General: DaysUntilNotifyExpiration: 5 Language: en RightClickAccess: true SilentErrors: false Logging: ExportLog: true Marketing: LastPostScanMarketingIndex: 2 Notification: ProtectionTray: DisplayMilliseconds: 3000 ScanHistory: Duration_Complete: 22423 Duration_Driver: 0 Duration_Filesystem: 23 Duration_Heuristics: 968050 Duration_Loading: 0 Duration_MasterBootRecord: 0 Duration_Memory: 40000 Duration_PreScan: 9584 Duration_Registry: 10263 Duration_Sector: 0 Duration_Startup: 7899 ItemCount_Complete: 169967 ItemCount_Driver: 0 ItemCount_Filesystem: 60672 ItemCount_Heuristics: 44795 ItemCount_Loading: 0 ItemCount_MasterBootRecord: 0 ItemCount_Memory: 2797 ItemCount_PreScan: 0 ItemCount_Registry: 798 ItemCount_Sector: 0 ItemCount_Startup: 1036 LastRemovalRequiredDOR: false LastScanDateEpoch: 1467018801530 LastScanType: 1 (Threat Scan) Update: LastUpdate: 2016-06-27T13:13:33 NotifyInstallReady: true NotifyOutdatedDatabase: 1 ProxyPassword: ProxyPort: 0 ProxyServer: ProxyUsername: UseProxy: false UseProxyAuthentication: false CheckProgramUpdates: true --------------Account:-------------- Account Status: Premium Expiration Time: 2016/07/10 05:17:19 Activation Time: 2016/06/25 22:19:11 Trial Used: true --------------Access Policies:-------------- Scheduler Queue: ================ tasks: 11ff8439-b8e9-4993-b5d0-0cac36e6ad2e: parameters: AutoDelete: false CheckForUpdatesBeforeScanStart: true ScanConfig: ExportLog: true FileSystemOption: true Quarantine: Prompt RebootSystemWhenMalwareDetected: false ScanArchives: true ScanExtra: true ScanHeuristic: true ScanMemoryObjects: true ScanPUM: Treat Detections as Malware ScanPUP: Treat Detections as Malware ScanRegistry: true ScanRootkits: false ScanSource: 1 ScanStartup: true ScanTargets: ScanType: 1 (Threat Scan) Silent: true StartTaskFromSystemAccount: false TaskType: 0 triggers: c1e84b30-070c-438e-91c5-b795fa984bdc: dateinterval: 1:0:0 (Days:Months:Years) lastscheduled: Mon, 27 Jun 2016 02:13:19.010622 -0700 lasttriggered: Mon, 27 Jun 2016 02:13:19.010622 -0700 nextscheduled: Tue, 28 Jun 2016 02:00:15 -0700 recovery: 23:00:00 (Hours:Minutes:Seconds) start: Sun, 26 Jun 2016 02:12:11 -0700 timeinterval: 00:00:00 (Hours:Minutes:Seconds) type: Daily uuid: c1e84b30-070c-438e-91c5-b795fa984bdc type: scan uuid: 11ff8439-b8e9-4993-b5d0-0cac36e6ad2e 62728ac3-b673-417a-b263-ee85cd91c499: parameters: NotifyWhenUpdateCompletes: false TaskType: 3 triggers: 69e4316a-4ea6-4c1d-abc1-472b75b73705: dateinterval: 0:0:0 (Days:Months:Years) lastscheduled: Mon, 27 Jun 2016 06:10:27.071381 -0700 lasttriggered: Mon, 27 Jun 2016 06:10:27.071381 -0700 nextscheduled: Mon, 27 Jun 2016 07:15:11.071107 -0700 recovery: 00:00:00 (Hours:Minutes:Seconds) start: Sat, 25 Jun 2016 23:00:11.071107 -0700 timeinterval: 01:00:00 (Hours:Minutes:Seconds) type: Hourly uuid: 69e4316a-4ea6-4c1d-abc1-472b75b73705 type: update uuid: 62728ac3-b673-417a-b263-ee85cd91c499 Pending File Rename Operations: ================================ If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation. Pending File Rename Operations: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\ PendingFileRenameOperations REG_MULTI_SZ \??\C:\Users\Alison\AppData\Local\Temp\~nsu.tmp\Au_.exe MBAMProtector Registry Values: ============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector Type REG_DWORD 2 Start REG_DWORD 3 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ \??\C:\WINDOWS\system32\drivers\mbam.sys Group REG_SZ FSFilter Anti-Virus DependOnService REG_MULTI_SZ FltMgr WOW64 REG_DWORD 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances DefaultInstance REG_SZ MBAMProtector Instance HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance Altitude REG_SZ 328800 Flags REG_DWORD 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters PassThruFile REG_SZ mbampt.exe ProductPath REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware MBAMService Registry Values: ============================ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService Type REG_DWORD 16 Start REG_DWORD 2 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" DependOnService REG_MULTI_SZ MBAMProtector WOW64 REG_DWORD 1 ObjectName REG_SZ LocalSystem Description REG_SZ Malwarebytes Anti-Malware service DelayedAutostart REG_DWORD 0 MBAMScheduler Registry Values: ============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler Type REG_DWORD 16 Start REG_DWORD 2 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" WOW64 REG_DWORD 1 ObjectName REG_SZ LocalSystem Description REG_SZ Malwarebytes Anti-Malware scheduler Terminal Services Status for (null) entries in PM logs and GetUserToken errors: =============================================================================== --------------TERMService:-------------- Type: 32 State: 1 (The service is not running.) (State is stopped) WIN32_EXIT_CODE: 1077 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 TermService Start is set to: 3 (Manual Startup) Proxy Status: No proxy is Set LAN Settings: ============= only 'Automatically detect settings' is selected SystemPartition: ================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\ SystemPartition REG_SZ \Device\HarddiskVolume1 Balloon Tips Status: ==================== Enabled Time Format Settings: ===================== Should be: h:mm:ss tt AM PM : Currently: REG_SZ h:mm:ss tt REG_SZ AM REG_SZ PM REG_SZ : Language and Regional Settings: =============================== ACP: Language is English (United States) MACCP: Language is English (United States) OEMCP: Language is English (United States) Startup Folders for Error_Expanding_Variables Check: ==================================================== All Users Startup Folder Exists. Current User's Startup Folder Exists. Context Menu Entries: ===================== HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1 (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE} (Default): REG_SZ IMBAMShlExt HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID (Default): REG_SZ MBAMExt.MBAMShlExt HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware List of MBAM Related Directories: ================================= C:\Program Files (x86)\Malwarebytes Anti-Malware\ 7z.dll File Size: 922080 BYTES FileVersion: 9.20.0.0 MD5: [14079a2411fa2bb7f78bc100c92bbcc2] changes.txt File Size: 1596 BYTES FileVersion: N/A MD5: [09371a0c8bd9e9554571da257d554d3e] cloud-enumeration.dll File Size: 287200 BYTES FileVersion: 1.0.1.0 MD5: [84ac20b9327dbd4d94039be93384dad5] cloud.dll File Size: 352736 BYTES FileVersion: 1.0.1.0 MD5: [5659790448fb136a80be407c4a0dbb50] license.rtf File Size: 38870 BYTES FileVersion: N/A MD5: [ed36ea764c3a452334416713c8cf1eed] master.conf File Size: 1258 BYTES FileVersion: N/A MD5: [9702ca5e82d3756c6d8af34a2ababaea] mbam.dll File Size: 609760 BYTES FileVersion: 1.0.40.0 MD5: [c4a51c1cb174066fdaf383c09f0d574b] mbam.exe File Size: 9926112 BYTES FileVersion: 2.3.173.0 MD5: [8e98e3ec16d2641005b4748cd330fb45] mbamcore.dll File Size: 2127840 BYTES FileVersion: 1.3.24.0 MD5: [63ce66ef2b30a09308eafe29baec6a75] mbamdor.exe File Size: 55264 BYTES FileVersion: 1.0.2.0 MD5: [297c1bdcc26adb339d4c0f0550e434d6] mbamext.dll File Size: 431072 BYTES FileVersion: 3.1.1.0 MD5: [67a6ec1735c77c2623b49cc1f284c8a0] mbampt.exe File Size: 40928 BYTES FileVersion: 1.0.57.0 MD5: [04d0b942b0ad4a5d2eee45d9b7d6545b] mbamresearch.exe File Size: 1949152 BYTES FileVersion: 1.1.1.0 MD5: [e601f9ca6a72493bc8185bedda17eee8] mbamscheduler.exe File Size: 1514464 BYTES FileVersion: 3.1.7.0 MD5: [9611577752e293259c7dce19e9026362] mbamservice.exe File Size: 1136608 BYTES FileVersion: 3.2.21.0 MD5: [f1a89a34388b5626f1548d393b23ecb1] mbamsrv.dll File Size: 3863008 BYTES FileVersion: 2.1.10.0 MD5: [a33629c51295570fe9f252a39ddcea93] mbamtoast.dll File Size: 98272 BYTES FileVersion: 1.70.0.0 MD5: [b55f6f7b61ae6070a6e023e11fda92ee] msvcp100.dll File Size: 422880 BYTES FileVersion: 10.0.40219.325 MD5: [53a5f1b984f585997968cd0dfb27400c] msvcr100.dll File Size: 775648 BYTES FileVersion: 10.0.40219.325 MD5: [dc0213118e61e5ca865092109860792c] Qt5Core.dll File Size: 4646880 BYTES FileVersion: 5.4.1.0 MD5: [91c7c50b2a290b82604163b5a679ea24] Qt5Gui.dll File Size: 4640224 BYTES FileVersion: 5.4.1.0 MD5: [1d59b3e632aef8e24cc1707fd411113b] Qt5Network.dll File Size: 673248 BYTES FileVersion: 5.4.1.0 MD5: [e089635a8cbed229ec30cdbe29748c08] Qt5Widgets.dll File Size: 4474848 BYTES FileVersion: 5.4.1.0 MD5: [33881dda0ccc3898facadf1e4d1df237] unins000.dat File Size: 37895 BYTES FileVersion: N/A MD5: [9d7102551daff528cc3549bece4754c9] unins000.exe File Size: 720085 BYTES FileVersion: 51.52.0.0 MD5: [f1505d347325c77e3eeef418495e1f57] C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows chameleon.chm File Size: 235882 BYTES FileVersion: N/A MD5: [c4190b71f037714aa77aba294434ba5b] firefox.com File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] firefox.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] firefox.pif File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] firefox.scr File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] iexplore.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.com File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.pif File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.scr File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-killer.exe File Size: 1504736 BYTES FileVersion: 3.0.15.0 MD5: [b79d3c2fca170c4dd15d7316067a1fd3] rundll32.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] svchost.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] windows.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] winlogon.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats qgif.dll File Size: 29664 BYTES FileVersion: 5.4.1.0 MD5: [0b528e4c9bbd9efdea9bc8ac6a967d6d] qico.dll File Size: 29664 BYTES FileVersion: 5.4.1.0 MD5: [7b36d94db81b8b0dfd9323228dd96b51] C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages lang_ar.qm File Size: 87404 BYTES FileVersion: N/A MD5: [269d3107ca72a75fe154ce4ff718af50] lang_bg.qm File Size: 133911 BYTES FileVersion: N/A MD5: [376ad1e4ad206bc32da09b12b564ecc4] lang_ca.qm File Size: 92634 BYTES FileVersion: N/A MD5: [2d35f58b0c2db44ad2717f4a4526a085] lang_cs.qm File Size: 105193 BYTES FileVersion: N/A MD5: [2c191de828d5e05fd7afa27ee1245023] lang_da.qm File Size: 88039 BYTES FileVersion: N/A MD5: [f8a4941d5d388160d252832a77ab584f] lang_de.qm File Size: 139276 BYTES FileVersion: N/A MD5: [b55f37281f0fcadfae67aecf0bf4cca5] lang_el.qm File Size: 126897 BYTES FileVersion: N/A MD5: [bd671253e071bac626beea63393abcda] lang_en.qm File Size: 3081 BYTES FileVersion: N/A MD5: [e2790b3cd9fdd9d3e266e9623fe477af] lang_es.qm File Size: 138468 BYTES FileVersion: N/A MD5: [cc4f3aab63d933d5964e2bba62df4277] lang_et.qm File Size: 107794 BYTES FileVersion: N/A MD5: [aa4845cd64b20377cea0ebc66eed4a42] lang_fi.qm File Size: 130793 BYTES FileVersion: N/A MD5: [00653d1fb2f790817aef991025c176aa] lang_fr.qm File Size: 141996 BYTES FileVersion: N/A MD5: [e06db8ef6b826b75ec5859913651ed44] lang_he.qm File Size: 98928 BYTES FileVersion: N/A MD5: [2954e902664f2e129f8a8d8238e90552] lang_hu.qm File Size: 132359 BYTES FileVersion: N/A MD5: [6bf3b8c78fd393ef2811a19742518b9a] lang_id.qm File Size: 129135 BYTES FileVersion: N/A MD5: [6be058072a90897595c6f097a3caa797] lang_it.qm File Size: 134154 BYTES FileVersion: N/A MD5: [183990148beec433023688db65a7bf2e] lang_ja.qm File Size: 73762 BYTES FileVersion: N/A MD5: [f6bfd643cb92fa760ae6ec64344ee7e1] lang_ko.qm File Size: 85731 BYTES FileVersion: N/A MD5: [53b5a94eb309d69993a5bc3cd43a85e4] lang_lt.qm File Size: 90799 BYTES FileVersion: N/A MD5: [eecd8edca1fb068ad3bd88aa711bdae2] lang_lv.qm File Size: 90659 BYTES FileVersion: N/A MD5: [683950904e725821740217824df440ff] lang_nl.qm File Size: 133514 BYTES FileVersion: N/A MD5: [442a6cf7e07e6f676d8b5ae41637549c] lang_no.qm File Size: 129833 BYTES FileVersion: N/A MD5: [8949e21e367e5a32ca9f36d8d22c9771] lang_pl.qm File Size: 133827 BYTES FileVersion: N/A MD5: [48379f4ac164adfc8d448bf53c8e2df8] lang_pt_BR.qm File Size: 136918 BYTES FileVersion: N/A MD5: [b1ea2002cf5362b24ca0a026f448e3f1] lang_pt_PT.qm File Size: 136982 BYTES FileVersion: N/A MD5: [5e23b66cb6d8d9894b991cc8f33658af] lang_ro.qm File Size: 90458 BYTES FileVersion: N/A MD5: [bcf524020255c4f7a6fdbae8df2bfe81] lang_ru.qm File Size: 137874 BYTES FileVersion: N/A MD5: [5e28394fbd12f21301e2b7e1a9dbac94] lang_sk.qm File Size: 131080 BYTES FileVersion: N/A MD5: [68e0e95e7131d101188a57e3a413dee5] lang_sl.qm File Size: 107631 BYTES FileVersion: N/A MD5: [83755001a3f1bd527d0b4b7a77d0b37d] lang_sv.qm File Size: 129135 BYTES FileVersion: N/A MD5: [b3c38242beb63f895fabcc14bbc6807a] lang_tr.qm File Size: 88838 BYTES FileVersion: N/A MD5: [1e4a3c0dcd7074ad4a3971ce67762cda] lang_vi.qm File Size: 133386 BYTES FileVersion: N/A MD5: [586de19c023986bf884ad56fc29c8f5e] lang_zh_TW.qm File Size: 87797 BYTES FileVersion: N/A MD5: [e120a014cf077bdcbcdcbf98c3438188] C:\Program Files (x86)\Malwarebytes Anti-Malware\\platforms qwindows.dll File Size: 929760 BYTES FileVersion: 5.4.1.0 MD5: [6c54d2ebeaacbe9b56816536041c8281] C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins fixdamage.exe File Size: 823776 BYTES FileVersion: 1.4.0.1001 MD5: [bbfc25590af3e45d8cca1fab95648b40] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware actions.ref File Size: 8263 BYTES FileVersion: N/A MD5: [c312abcb0e4fa4d6007dcd1976b49b77] akadomains.ref File Size: 92 BYTES FileVersion: N/A MD5: [73d5774cbd8df165274a0691ae264808] akaips.ref File Size: 92 BYTES FileVersion: N/A MD5: [2a6869d1f91f0a0b87b1d27bd30ccc5c] domains.ref File Size: 665024 BYTES FileVersion: N/A MD5: [1a55c088b78e80c333ca8e7cd7b9d369] exclusions.dat File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e] ips.ref File Size: 137904 BYTES FileVersion: N/A MD5: [6c3fc2a051bf681388457c4b1d17bb2e] rules.ref File Size: 9665359 BYTES FileVersion: N/A MD5: [ea1c09839de6f347a325d0c995022595] swissarmy.ref File Size: 28249 BYTES FileVersion: N/A MD5: [796931ca33465057e4349a3844809397] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration build.conf File Size: 4597 BYTES FileVersion: N/A MD5: [c6dfb378179569c8780bde988db7e54b] database.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] gatekeeper.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] license.conf File Size: 3425 BYTES FileVersion: N/A MD5: [feb2427b408a0e7cc3eae65c34f6857a] manifest.conf File Size: 3409 BYTES FileVersion: N/A MD5: [2f060fff850b1e75fb71022ee92329d7] marketing.conf File Size: 7318 BYTES FileVersion: N/A MD5: [3160ac4f81161044b4ee01c9f0c70f5e] net.conf File Size: 7337 BYTES FileVersion: N/A MD5: [69fe93e6fc15317a1043ca27c9bb65ca] notifications.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] scheduler.conf File Size: 2119 BYTES FileVersion: N/A MD5: [e0133576b28ffa1f1fe7004e8fb9d5ff] settings.conf File Size: 2086 BYTES FileVersion: N/A MD5: [c5df652e3935db306ec795761c345b6a] statistics.conf File Size: 513 BYTES FileVersion: N/A MD5: [ba9ecb3372d82d7337d1b352166acd90] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore build.conf File Size: 4179 BYTES FileVersion: N/A MD5: [20d9566b3cf94f1e395de8f40046fc68] database.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] gatekeeper.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] license.conf File Size: 23 BYTES FileVersion: N/A MD5: [0ec01df616b565180556881d8042255b] manifest.conf File Size: 3171 BYTES FileVersion: N/A MD5: [a6e5576f7723acab40490fb9e64dfc1c] marketing.conf File Size: 6974 BYTES FileVersion: N/A MD5: [53bbca93e7bbeb7f5dca1ef9419ccb28] net.conf File Size: 6530 BYTES FileVersion: N/A MD5: [9fb4acfdc11c7af48a760db4c7bfebf0] notifications.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] scheduler.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] settings.conf File Size: 1724 BYTES FileVersion: N/A MD5: [e27b42126b89352fdaae8f1630b9a8d8] statistics.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs mbam-log-2016-06-25 (22-19-15).xml File Size: 2574 BYTES FileVersion: N/A MD5: [262c07a20a7290e91ab22028865380a7] mbam-log-2016-06-26 (08-38-21).xml File Size: 2576 BYTES FileVersion: N/A MD5: [22d8422c9ed0ee02702f038fdb0ed47a] mbam-log-2016-06-27 (02-13-19).xml File Size: 2578 BYTES FileVersion: N/A MD5: [5d999b7bec8e0909e36dfeb46a974236] protection-log-2016-06-25.xml File Size: 6005 BYTES FileVersion: N/A MD5: [a33e32e00f7dea22a43ecac4585e7650] protection-log-2016-06-26.xml File Size: 14127 BYTES FileVersion: N/A MD5: [ef6655996e400aebb6f1cf96fc9288cc] protection-log-2016-06-27.xml File Size: 8580 BYTES FileVersion: N/A MD5: [b662d68311f1dacbf8ddc9cde46ba4fb] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine Malware Exclusions: =================== Web Exclusions: ================ Quarantined Items: =================== =============================================================== END OF FILE

Receiving following errors: as well as another box the pops up saying " Error: Malywarebytes was unable to load the Anti-RootKit Driver. Error Code: 20025. Do you want to continue scan without anti-rootkit support?" Have followed directions for MBAM clean, to fully remove and install Malwarebytes. Unfortunately this did not resolve problem. How do I proceed? I apologize in advance as I am not tech savvy.

Results of screen317's Security Check version 0.99.78 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Security Suite WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 21 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 10.1.7 Adobe Reader out of Date! Google Chrome 31.0.1650.57 Google Chrome 31.0.1650.63 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 5% ````````````````````End of Log``````````````````````

As far as I can tell, yes. However, what about the "exploit.drop.70" file that is in my malwarebytes quarantine that cannot be deleted? Should I be concerned over this? amiller73

Thank you for your patience with my absence. Upon return I did double check to make sure that the browersafegaurd folders you mention really are gone and got a no items match your search on all 3. How do I proceed from here? amiller73

Thank you so much for your help so far. unfortunately I am going to be away from my computer for the next 3 days and will be unable to touch base. Is it possible to send you a PM when I return so we can resume? amiller73

Yes, I was able to manually delete that folder. amiller73

That's a hard question to answer because the only clue that I might have a problem was the inability for Norton to update prior to scanning. The "Exploit.Drop.70" is still stuck in my quarantine files. Again, not really sure what this is. There are also 3 other files in my quarantine. I ran a Malwarebytes scan a second time and the same 3 issues from my first scan reappear even after deleting/rebooting following the first scan. Which leads me to believe problem is not solved. Attached is the second scan log. Thanks, amiller73 mbam-log-2014-01-01 (12-12-56).txt

Attached are both Malwarebytes scan log and Adwcleaner log. How to proceed from here? Thanks, amiller73 mbam-log-2014-01-01 (09-12-30).txt AdwCleanerS0.txt

Attached is the Adw cleaner report. I'll be honest, I'm not computer savvy ...I have no idea what files might be important to save. If you would take a look. Thanks, amiller73 AdwCleanerR0.txt

Thanks for your response. Attached are the Malwarebytes log and the Roguekiller log. amiller73 mbam-log-2013-12-30 (08-56-10).txt RKreport0_S_12312013_103703.txt

I have both Norton and Malwarebytes loaded on my PC. I was trying to run a Norton scan and noticed it would not complete the updates so became concerned I had a virus issue. So I decided to run a Malwarebytes scan to see if I could resolve the issue. I was able to resolve the Norton update issue but then noticed an odd pattern with the Malwarebytes. Every time I run a complete scan with Malwarebytes , it comes up with 4 issues ( 1 registry, 1 folder, and 2 files). So I quarantine/delete and reboot my computer to completely remove the offender. The problem is that next time I run a scan the exact 4 come up. No matter how many times I scan, quarantine/delete and reboot the offenders don't go away. This is also an "Exploit.Drop.70" file stuck in my quarantine that cannot be deleted. I am unsure if these are related. Any advice you can offer would be appreciated! amiller73 attach.txt dds.txt