RHinCT

I found the whitelist option, though you call it something else, so the problem was resolved. The dangerous (not) software retrieved the password, after which I uninstalled it and removed the whitelist override. Sorry to have been a bother.

I need to use a piece of software that Malwarebytes considers dangerous. When I try to run it, Malwarebytes puts it in Quarantine. I then go into the Quarantine screen and Restore it. And when I try again Malwarebytes puts it in Quarantine. I restore it, it puts it back. I guess I can disable Malwarebytes for a few minutes but I just don't get the point of Restore if it will still be blocked. I do not believe the software itself will compromise my machine or I would not be trying to use it. It is considered a hacker's tool, and I suspect that is the reason for the way Malwarebytes treats it. The program name is Snadboy, and I need it to retrieve a lost password. It is downloadable from well known sites.

I've taken all those steps right at the start. Thanks for your advice. I will consider this one closed... (unless it happens again). FYI, I believe that if MBAM had not stopped it that Zone Alarm firewall would have. It was set to "ask" for letting the spooler reach the internet; I think I would have been smart enough to say No. Today I set ZA to disallow the print spooler access to the internet, just the local network is permitted. Thanks again!

No problem with the delay. As I said, I would be grateful for any light you can shed on what might have been trying to exploit the print spooler. If you have any thoughts I would like to hear them. There have been no additional blocks of this by Malwarebytes since the ones listed in my original message. I still have no idea what might have been trying to use that path out.

Running Malwarebytes Premium. Here is a sample from the log. Detection, 9/6/2015 6:02 PM, SYSTEM, GROMIT, Protection, Malicious Website Protection, IP, 198.105.244.114, gromit.local, 49219, Outbound, C:\Windows\System32\spoolsv.exe, Detection, 9/6/2015 6:02 PM, SYSTEM, GROMIT, Protection, Malicious Website Protection, IP, 198.105.244.114, gromit.local, 49219, Outbound, C:\Windows\System32\spoolsv.exe, Detection, 9/6/2015 6:02 PM, SYSTEM, GROMIT, Protection, Malicious Website Protection, IP, 198.105.244.114, gromit.local, 49231, Outbound, C:\Windows\System32\spoolsv.exe, Detection, 9/6/2015 6:02 PM, SYSTEM, GROMIT, Protection, Malicious Website Protection, IP, 198.105.244.114, gromit.local, 49243, Outbound, C:\Windows\System32\spoolsv.exe, Detection, 9/6/2015 6:02 PM, SYSTEM, GROMIT, Protection, Malicious Website Protection, IP, 198.105.244.114, gromit.local, 49255, Outbound, C:\Windows\System32\spoolsv.exe, Detection, 9/6/2015 6:02 PM, SYSTEM, GROMIT, Protection, Malicious Website Protection, IP, 198.105.244.114, gromit.local, 49267, Outbound, C:\Windows\System32\spoolsv.exe, Detection, 9/6/2015 6:02 PM, SYSTEM, GROMIT, Protection, Malicious Website Protection, IP, 198.105.244.114, gromit.local, 49279, Outbound, C:\Windows\System32\spoolsv.exe, Detection, 9/6/2015 6:02 PM, SYSTEM, GROMIT, Protection, Malicious Website Protection, IP, 198.105.244.114, gromit.local, 49291, Outbound, C:\Windows\System32\spoolsv.exe, Detection, 9/6/2015 6:02 PM, SYSTEM, GROMIT, Protection, Malicious Website Protection, IP, 198.105.244.114, gromit.local, 49303, Outbound, C:\Windows\System32\spoolsv.exe, Detection, 9/6/2015 6:02 PM, SYSTEM, GROMIT, Protection, Malicious Website Protection, IP, 198.105.244.114, gromit.local, 49315, Outbound, C:\Windows\System32\spoolsv.exe, Detection, 9/6/2015 6:02 PM, SYSTEM, GROMIT, Protection, Malicious Website Protection, IP, 198.105.244.114, gromit.local, 49327, Outbound, C:\Windows\System32\spoolsv.exe, 198.105.244.114 is a know bad place to go. Neither Malwarebytes nor Microsoft's security program finds any problems with spoolsv.exe, the print spooler. The Properties of spoolsv.exe matches other copies exactly, including size. My tentative conclusion is that something is trying to "print" to the network as a means of phoning home. Identifying that something is my immediate concern. One recent change in my system is installing a new hard drive, onto which a copy of W7 was installed as dual boot with this copy of W7. The new copy was then updated to the latest 7.1, fully patched, and then to W10. Since then I have had to uninstall one Gigabyte utility from the W10 copy. Note that I have done minimal browsing from W10 but I am running there without Malwarebytes. Both hard drives are visible from both copies of Windows. I can't see how the W10 copy could be involved, but what do I know? Thanks for any light you can shed! RH in CT FRST.txt Addition.txt