Jump to content

TripodBob

Honorary Members
  • Posts

    96
  • Joined

  • Last visited

Everything posted by TripodBob

  1. I don't get a list window so I don't get the three dots. Attached is the zip file mbst-grab-results.zip
  2. I'm not seeing the 'list' window. What I do see is a listing of my current ID and Key and a button that says 'activate this device' and when I try to activate I still get the bad token message. Should I now run the support tool or something else?
  3. Not sure I understand. If I deactivate the account how do I get it back?
  4. I either deactivated it or entirely removed it before activating program on new computer. At no time did I have 2 computers running the same licensed copy of Malwarebytes. BTW I do have other computers with their own licensed copy of Malwarebytes.
  5. Wow you guys are fast.. As I have upgraded my personal computers , I've unstalled malwarebytes from old computer and then re-installed it on the new one. This is probably the 3rd installation which I did a couple of years ago.
  6. I noticed that last scan was on 1/27/24 and nothing since. Premium had been set to scan daily. I then noticed that Malwarebytes was now listed as the free version. Now it won't accept key and ID to activate back to the premium version. I get message it doesn't accept token. What's up with that?
  7. All is well. Never had an issue with the 'pin' the icon extension checkmark before, didn't know it existed. I changed resolution to 100%, pinned the icon, and then finally got to see the 'lets go' button. After that I was able to change resolution back to 150% and Browser Guard continues to work fine.. Thanks for all your help.
  8. Here's the requested zip file. But now have a new wrinkle. I restarted my desktop this morning after my grandkids were playing games on it last night. After startup, the Browser Guard icon was missing, but Firefox said it was still installed and the iptest still triggered the blocked website screen. mbst-grab-results.zip
  9. Nope...Uninstalled Firefox, reinstalled and then installed Browser Guard.' still same results; clicking on icon shows welcome screen and nothing else is reachable
  10. Unfortunately, I can't see any other MBG screen except for the welcome screen. The icon does show a number indicating number of items detected but the usual display page showing the number and description of detected items can't be found. System is a PC running Windows 10 22H2
  11. Strange...on my installation the 'lets go' is not a button, so no way to get to a reports page. But I do get a trojan block at the test page
  12. Reinstalled browser guard to Firefox after uninstalling it several months ago. Now all I get when clicking on the Browser Guard Icon is the welcome screen and the "ready to jump in?" phrase. Didn't use to act like that. Is this normal operation now?
  13. Windows 10 running premium MBAM 4.0.4. Just installed MBAE and noticed that the Real Time Protection setting for Exploit Protection is grayed out in MBAM. Normal?
  14. 16 kb bad sectors have been there for years, probably not the issue.
  15. Chkdsk sez: Cleaning up minor inconsistencies on the drive. Cleaning up 13 unused index entries from index $SII of file 0x9. Cleaning up 13 unused index entries from index $SDH of file 0x9. Cleaning up 13 unused security descriptors. CHKDSK is verifying file data (stage 4 of 5)... File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... Free space verification is complete. 312560608 KB total disk space. 115227960 KB in 130030 files. 47292 KB in 10902 indexes. 16 KB in bad sectors. 244936 KB in use by the system. 65536 KB occupied by the log file. 197040404 KB available on disk. 4096 bytes in each allocation unit. 78140152 total allocation units on disk. 49260101 allocation units available on disk. Internal Info: d0 86 02 00 8e 26 02 00 c2 1a 03 00 00 00 00 00 .....&.......... 58 07 00 00 12 00 00 00 70 0a 00 00 00 00 00 00 X.......p....... 0e e9 f2 0b 00 00 00 00 36 cc c8 75 00 00 00 00 ........6..u.... 56 97 33 11 00 00 00 00 24 84 b2 f9 05 00 00 00 V.3.....$....... b8 e6 5a fb 05 00 00 00 58 40 bd 8e 0c 00 00 00 ..Z.....X@...... 99 9e 36 00 00 00 00 00 00 39 07 00 ee fb 01 00 ..6......9...... 00 00 00 00 00 e0 f4 78 1b 00 00 00 96 2a 00 00 .......x.....*.. Windows has finished checking your disk. MBAM currently 17 minutes running and still in Pre-Scan Operations.
  16. Requested files. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-06-2016 Ran by My Name Here (administrator) on ROB (15-06-2016 12:48:19) Running from C:\Documents and Settings\My Name Here\Desktop Loaded Profiles: My Name Here & (Available Profiles: My Name Here & kodak & Administrator) Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe (Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe (Nero AG) C:\Program Files\Nero\Nero 7\InCD\InCD.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe (NETGEAR Inc.) C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Michel Krämer) C:\Program Files\Spamihilator\spamihilator.exe (Microsoft Corporation) C:\WINDOWS\system32\netdde.exe (ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (Nero AG) C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe () C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [814608 2016-06-13] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [866584 2006-11-03] (Microsoft Corporation) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.) HKLM\...\Run: [RUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20064872 2011-10-14] (Realtek Semiconductor Corp.) HKLM\...\Run: [P17Helper] => Rundll32 P17.dll,P17Helper HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-04-15] (Malwarebytes Corporation) HKLM\...\Run: [InCD] => C:\Program Files\Nero\Nero 7\InCD\InCD.exe [1057328 2007-05-07] (Nero AG) HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION) HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-19] (Avira Operations GmbH & Co. KG) HKLM Group Policy restriction on software: %allusersprofile%\Application Data\vzinhomeagent.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\wrdata\wrupdate3919656.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\verizon\wrapper.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\verizon\wrapper.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\vzinhomeagent.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\vzinhomeagent.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\weather.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\verizon\wrapper.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\vzinhomeagent.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\wrdata\wrupdate3919656.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\wrdata\wrupdate3919656.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Application Data\verizon\wrapper.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\weather.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\vzinhomeagent.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\gotoassistdownloadhelper.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\gotoassistdownloadhelper.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Application Data\wrdata\wrupdate3919656.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\wrdata\wrupdate3919656.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\verizon\wrapper.exe <====== ATTENTION Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2010-04-06] (ATI Technologies Inc.) HKLM\...\Policies\Explorer: [NoViewOnDrive] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKLM\...\Policies\Explorer: [NoViewContextMenu] 0 HKLM\...\Policies\Explorer: [NoShellSearchButton] 0 HKLM\...\Policies\Explorer: [NoFile] 0 HKLM\...\Policies\Explorer: [HideClock] 0 HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0 HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKLM\...\Policies\Explorer: [NoSetFolders] 0 HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKLM\...\Policies\Explorer: [NoSetTaskbar] 0 HKLM\...\Policies\Explorer: [NoDeletePrinter] 0 HKLM\...\Policies\Explorer: [NoDFSTab] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\...\Policies\Explorer: [NoLogoff] 0 HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0 HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0 HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 0 HKLM\...\Policies\Explorer: [NoSaveSettings] 0 HKLM\...\Policies\Explorer: [NoHardwareTab] 0 HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [603392 2015-08-26] (NETGEAR Inc.) HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [603392 2015-08-26] (NETGEAR Inc.) HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-839522115-115176313-682003330-1012-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [NeroHomeFirstStart] => C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [16432 2007-05-07] (Nero AG) HKU\S-1-5-21-839522115-115176313-682003330-1013-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [NeroHomeFirstStart] => C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [16432 2007-05-07] (Nero AG) HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0 ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation) Startup: C:\Documents and Settings\My Name Here\Start Menu\Programs\Startup\Spamihilator.lnk [2015-02-21] ShortcutTarget: Spamihilator.lnk -> C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{40628E54-3350-4389-A185-C4588B457EED}: [DhcpNameServer] 10.0.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-839522115-115176313-682003330-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-839522115-115176313-682003330-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-839522115-115176313-682003330-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome URLSearchHook: [S-1-5-21-839522115-115176313-682003330-1012-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION => Default URLSearchHook is missing URLSearchHook: [S-1-5-21-839522115-115176313-682003330-1013-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION => Default URLSearchHook is missing URLSearchHook: [S-1-5-21-839522115-115176313-682003330-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION => Default URLSearchHook is missing SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab FireFox: ======== FF ProfilePath: C:\Documents and Settings\My Name Here\Application Data\Mozilla\Firefox\Profiles\o9buhfoa.default-1447643124975 FF DefaultSearchEngine.US: Google FF Homepage: about:blank FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-13] () FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files\Sony\Media Go\npmediago.dll [No File] FF Plugin HKU\S-1-5-21-839522115-115176313-682003330-1004: ncr.com/NCRImageScan -> C:\Documents and Settings\My Name Here\Application Data\NCR Corporation\NCRImageScan\3.2.0.33\npNCRImageScan.dll [2011-10-17] (NCR Corporation) FF Plugin HKU\S-1-5-21-839522115-115176313-682003330-1004: sony.com/MediaGoDetector -> C:\Program Files\Sony\Media Go\npMediaGoDetector.dll [2014-01-16] (Sony Network Entertainment International LLC) FF Plugin HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ncr.com/NCRImageScan -> C:\Documents and Settings\My Name Here\Application Data\NCR Corporation\NCRImageScan\3.2.0.33\npNCRImageScan.dll [2011-10-17] (NCR Corporation) FF Plugin HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: sony.com/MediaGoDetector -> C:\Program Files\Sony\Media Go\npMediaGoDetector.dll [2014-01-16] (Sony Network Entertainment International LLC) FF Extension: VTzilla - C:\Documents and Settings\My Name Here\Application Data\Mozilla\Firefox\Profiles\o9buhfoa.default-1447643124975\extensions\info@virustotal.com.xpi [2016-04-28] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-22] [not signed] FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2013-09-28] [not signed] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc.exe [955712 2016-06-13] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [467016 2016-06-13] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [467016 2016-06-13] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\AVWEBGRD.EXE [1238968 2016-06-13] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [285176 2016-05-19] (Avira Operations GmbH & Co. KG) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation) R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION) S4 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [114688 2013-02-13] (Brio) [File not signed] R2 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [864816 2007-05-07] (Nero AG) S4 KodakDigitalDisplayService; C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [98304 2009-05-14] (Orb Networks, Inc.) [File not signed] S3 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed] R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-04-15] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S3 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2015-08-26] (NETGEAR) S3 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [605168 2013-12-20] (Paramount Software UK Ltd) S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia) S3 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [43672 2010-12-01] (Oak Technology Inc.) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-17] (Creative) S1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-06-19] (Advanced Micro Devices) R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) S3 AN983; C:\WINDOWS\System32\DRIVERS\AN983.sys [36224 2004-08-03] (ADMtek Incorporated.) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [109016 2016-03-08] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [137240 2016-06-13] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2016-02-17] (Avira Operations GmbH & Co. KG) R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [50016 2016-04-15] () S3 gdrv; C:\WINDOWS\gdrv.sys [15600 2016-06-13] (Windows (R) 2000 DDK provider) R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed] S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43376 2016-03-16] () R4 InCDfs; C:\WINDOWS\System32\drivers\InCDFs.sys [108592 2007-05-07] (Nero AG) R1 InCDPass; C:\WINDOWS\System32\drivers\InCDPass.sys [37040 2007-05-07] (Nero AG) U1 InCDrec; C:\WINDOWS\system32\Drivers\InCDrec.sys [16304 2007-05-07] (Nero AG) R1 incdrm; C:\WINDOWS\System32\drivers\InCDRm.sys [39472 2007-05-07] (Nero AG) R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [75504 2011-08-11] (Atheros Communications, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-06-15] (Malwarebytes) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-17] (Creative Technology Ltd.) R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35088 2015-12-19] (CACE Technologies, Inc.) S3 P17; C:\WINDOWS\System32\drivers\P17.sys [1127936 2007-06-15] (Creative Technology Ltd.) R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [14572 2002-02-11] (Padus, Inc.) [File not signed] S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia) S3 PSMounterEx; C:\WINDOWS\system32\drivers\psmounterex.sys [65144 2013-08-01] (Paramount Software UK Ltd) R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software) R3 rusb3hub; C:\WINDOWS\System32\DRIVERS\rusb3hub.sys [90248 2012-08-27] (Renesas Electronics Corporation) R3 rusb3xhc; C:\WINDOWS\System32\DRIVERS\rusb3xhc.sys [180744 2012-08-27] (Renesas Electronics Corporation) R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [31848 2016-02-17] (Avira Operations GmbH & Co. KG) U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-15 12:48 - 2016-06-15 12:48 - 00040836 _____ C:\Documents and Settings\My Name Here\Desktop\FRST.txt 2016-06-15 12:43 - 2016-06-15 12:44 - 01706112 _____ (Malwarebytes) C:\Documents and Settings\My Name Here\Desktop\mbam-check-2.3.2.0.exe 2016-06-15 12:42 - 2016-06-15 12:43 - 01736192 _____ (Farbar) C:\Documents and Settings\My Name Here\Desktop\FRST.exe 2016-06-15 12:33 - 2016-06-15 12:34 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-06-15 12:32 - 2016-06-15 12:32 - 00000816 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2016-06-15 12:32 - 2016-06-15 12:32 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2016-06-15 12:32 - 2016-06-15 12:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2016-06-15 12:32 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-06-15 12:32 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-06-15 11:31 - 2016-06-15 12:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2016-06-13 21:31 - 2016-06-13 21:35 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-06-13 12:29 - 2016-06-13 12:29 - 00015600 _____ (Windows (R) 2000 DDK provider) C:\WINDOWS\gdrv.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-15 12:48 - 2015-02-15 10:11 - 00000000 ____D C:\FRST 2016-06-15 12:48 - 2010-11-28 16:15 - 00000000 ____D C:\Documents and Settings\My Name Here\Local Settings\Temp 2016-06-15 12:47 - 2015-11-23 13:03 - 00000000 ____D C:\Documents and Settings\My Name Here\Desktop\Downloads from FireFox 2016-06-15 12:45 - 2012-10-20 19:31 - 00002479 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk 2016-06-15 12:44 - 2010-12-17 11:20 - 00000000 ____D C:\Documents and Settings\My Name Here\Desktop\Repair_Test Tools 2016-06-15 12:31 - 2010-11-28 10:11 - 00308308 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-06-15 12:29 - 2014-03-30 10:37 - 00000330 ____H C:\WINDOWS\Tasks\MP Scheduled Scan.job 2016-06-15 12:26 - 2015-02-20 15:11 - 00000000 ____D C:\Documents and Settings\My Name Here\Application Data\Spamihilator 2016-06-15 12:26 - 2010-11-28 16:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-06-15 12:26 - 2004-08-04 08:00 - 00001374 _____ C:\WINDOWS\system32\wpa.dbl 2016-06-15 12:25 - 2014-01-16 12:20 - 00065536 _____ C:\WINDOWS\system32\config\ACEEvent.evt 2016-06-15 12:25 - 2012-05-22 09:15 - 03837134 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-839522115-115176313-682003330-1004-0.dat 2016-06-15 12:25 - 2012-05-22 09:15 - 00278342 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2016-06-15 12:25 - 2010-11-28 16:15 - 00000178 ___SH C:\Documents and Settings\My Name Here\ntuser.ini 2016-06-15 12:25 - 2010-11-28 16:15 - 00000000 ____D C:\Documents and Settings\My Name Here 2016-06-15 12:25 - 2010-11-28 16:14 - 00032628 _____ C:\WINDOWS\SchedLgU.Txt 2016-06-15 12:14 - 2016-04-08 23:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-06-15 11:03 - 2010-11-28 23:05 - 00000000 ____D C:\Documents and Settings\My Name Here\My Documents\Quicken 2016-06-15 06:49 - 2010-12-01 16:15 - 00000000 ____D C:\WINDOWS\system32\NtmsData 2016-06-15 05:41 - 2010-11-28 15:24 - 00000000 ____D C:\WINDOWS\Registration 2016-06-15 05:01 - 2010-11-28 15:27 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp 2016-06-14 23:22 - 2010-11-29 20:28 - 00000000 ____D C:\Program Files\Einstein 2016-06-14 18:43 - 2014-03-23 16:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2016-06-14 11:24 - 2010-11-28 10:06 - 00000000 ___DC C:\WINDOWS\system32\dllcache 2016-06-14 11:01 - 2012-11-26 20:35 - 00000000 ____D C:\Documents and Settings\My Name Here\My Documents\Attachments 2016-06-14 10:38 - 2012-11-08 01:00 - 00000000 ____D C:\Documents and Settings\My Name Here\My Documents\Agent Downloads 2016-06-13 21:45 - 2014-02-10 15:48 - 00797376 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-06-13 21:45 - 2014-02-10 15:48 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-06-13 21:35 - 2014-05-24 18:06 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-06-13 15:47 - 2010-11-30 23:23 - 00000000 ____D C:\Documents and Settings\My Name Here\Desktop\Lessons 2016-06-13 15:31 - 2011-04-08 10:04 - 00000000 ____D C:\Documents and Settings\My Name Here\My Documents\TurboTax 2016-06-13 15:16 - 2010-11-28 10:06 - 00000000 ___HD C:\WINDOWS\inf 2016-06-13 12:24 - 2014-05-04 08:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache 2016-06-13 10:54 - 2016-02-24 20:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira 2016-06-13 10:53 - 2016-02-24 20:22 - 00137240 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2016-06-13 10:46 - 2014-10-04 07:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit 2016-06-13 10:46 - 2014-03-31 12:51 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit 2016-06-13 10:46 - 2014-03-31 12:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Exploit ==================== Files in the root of some directories ======= 2015-07-19 14:03 - 2015-07-22 13:29 - 0004158 _____ () C:\Program Files\suit.log 2011-02-14 17:26 - 2011-02-14 17:26 - 0000036 _____ () C:\Documents and Settings\My Name Here\Local Settings\Application Data\housecall.guid.cache 2015-10-27 16:22 - 2015-10-27 16:22 - 0000594 _____ () C:\Documents and Settings\My Name Here\Local Settings\Application Data\LMIR0001.tmp.bat 2015-10-27 16:22 - 2015-10-27 16:22 - 0000519 _____ () C:\Documents and Settings\My Name Here\Local Settings\Application Data\LMIR0001.tmp_r.bat 2015-11-17 16:42 - 2015-11-17 16:42 - 0000594 _____ () C:\Documents and Settings\My Name Here\Local Settings\Application Data\LMIR0002.tmp.bat 2015-11-17 16:42 - 2015-11-17 16:42 - 0000519 _____ () C:\Documents and Settings\My Name Here\Local Settings\Application Data\LMIR0002.tmp_r.bat 2015-10-27 09:42 - 2015-10-27 16:15 - 0000600 _____ () C:\Documents and Settings\My Name Here\Local Settings\Application Data\PUTTY.RND 2014-11-19 17:04 - 2014-11-19 17:04 - 0000719 _____ () C:\Documents and Settings\My Name Here\Local Settings\Application Data\recently-used.xbel 2012-08-05 14:46 - 2012-08-05 15:12 - 0000041 ___SH () C:\Documents and Settings\All Users\Application Data\.zreglib 2013-01-23 13:42 - 2013-01-23 13:42 - 0000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini 2012-01-23 21:51 - 2016-04-10 11:55 - 0001485 _____ () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc 2011-01-11 11:27 - 2011-04-23 15:10 - 0001454 _____ () C:\Documents and Settings\All Users\Application Data\ss.ini 2015-07-20 14:07 - 2014-06-16 15:18 - 0009216 _____ () C:\Documents and Settings\All Users\Application Data\Z@!-65b6bbaf-9b0a-467e-944b-3f9c1eb543ca.tmp Some files in TEMP: ==================== C:\Documents and Settings\My Name Here\Local Settings\Temp\avgnt.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-06-2016 Ran by My Name Here (2016-06-15 12:49:13) Running from C:\Documents and Settings\My Name Here\Desktop Microsoft Windows XP Home Edition Service Pack 3 (X86) (2010-11-30 14:39:26) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-839522115-115176313-682003330-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator ASPNET (S-1-5-21-839522115-115176313-682003330-1008 - Limited - Enabled) Guest (S-1-5-21-839522115-115176313-682003330-501 - Limited - Enabled) HelpAssistant (S-1-5-21-839522115-115176313-682003330-1000 - Limited - Disabled) kodak (S-1-5-21-839522115-115176313-682003330-1013 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\kodak My Name Here (S-1-5-21-839522115-115176313-682003330-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\My Name Here SUPPORT_388945a0 (S-1-5-21-839522115-115176313-682003330-1002 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden Adobe Flash Player 21 ActiveX (HKLM\...\{FA944726-00F8-43B5-BB97-33E6FF409C22}) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM\...\{C4E4BF86-4E27-4B8B-8BF9-A5BF1C7573A4}) (Version: 21.0.0.242 - Adobe Systems Incorporated) AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies) Asoftech Data Recovery (HKLM\...\{1AED6EB7-8FEA-4021-B8FD-EBAA6B21679F}) (Version: 1.00 - ) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.) Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM\...\{761cd2c4-5249-4346-8318-a499d06d2681}) (Version: 1.1.63.21885 - Avira Operations GmbH & Co. KG) Avira Launcher (Version: 1.1.63.21885 - Avira Operations GmbH & Co. KG) Hidden ccc-core-preinstall (Version: 2010.0406.2133.36843 - ATI) Hidden ccc-core-static (Version: 2010.0406.2133.36843 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform) CCS64 V3.9.1 (HKLM\...\{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}) (Version: 1.0.0 - Computerbrains C.C.S.) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) DESCENT II (HKLM\...\Descent2DeinstKey) (Version: - ) DigitImg (Version: 2.00.0000 - Hewlett-Packard) Hidden Doom 3 (HKLM\...\InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}) (Version: 1.00.0000 - Activision) Doom 3 (Version: 1.00.0000 - Activision) Hidden Einstein Puzzle (HKLM\...\Einstein) (Version: - ) Elsie (HKLM\...\Elsie) (Version: 2.72 - Tonne Software) Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation) Epson E-Web Print (HKLM\...\{695C8469-7822-4B31-A673-5ED84815B649}) (Version: 1.17.0000 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) Evince 2.32.0.145 (HKLM\...\{AA38CC00-F12C-495E-AF00-7EE413D3BFB2}) (Version: 2.32.0.145 - (Custom build)) FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes) Finale SongWriter 2012 (HKLM\...\Finale SongWriter 2012) (Version: 2012..r3.0 - MakeMusic) Folder Size (HKLM\...\{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}) (Version: 2.6 - Brio) Forté Agent (HKLM\...\{DA5ECEAB-28C6-4306-9FBB-811DEF6DD780}) (Version: 7.20.1218 - Forté Internet Software, Inc.) Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.) HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) HP Memories Disc (HKLM\...\{D35191B3-F340-4C11-A4E0-8B09477B4302}) (Version: 1.0.8.816 - Hewlett-Packard Company) HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company) HP Update (HKLM\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard) HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!) IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan) KEDDS (Version: 1.04.0000.0005 - EASTMAN KODAK Company) Hidden Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company) LightScribe System Software (HKLM\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe) Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 5.2.6377 - Paramount Software (UK) Ltd.) Hidden Malwarebytes Anti-Exploit version 1.8.1.1196 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1196 - Malwarebytes) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MasterSplitter Program (HKLM\...\MasterSplitter) (Version: - ) Media Go (HKLM\...\{7547239C-FA8A-4FA4-84A6-31EAC0777E1B}) (Version: 2.7.341 - Sony) Media Go Network Downloader (HKLM\...\{73FA7631-3015-4EEC-A002-09488C47A07C}) (Version: 1.5.19.0 - Sony) Media Go Video Playback Engine 2.4.104.12040 (HKLM\...\{7C5AEEE1-6D7C-8922-4548-7BF9096077EC}) (Version: 2.4.104.12040 - Sony) Microdem/Terra Base II (HKLM\...\Microdem/Terra Base II) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Bootvis (HKLM\...\{0F9196C6-58B4-445B-B56E-B1200FECC151}) (Version: 1.3.37 - Microsoft) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Office 2000 SR-1 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.9327 - Microsoft Corporation) Microsoft Tool Web Package:WntIpcfg.exe (HKLM\...\{EA82FF50-E258-4DFE-839B-8F26A01A34A7}) (Version: 1.0.0.1 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Windows XP Video Decoder Checkup Utility (HKLM\...\DECCHECK) (Version: - ) Mobipocket Reader 6.2 (HKLM\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com) Mozilla Firefox 47.0 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MuseScore 2 (HKLM\...\{D0969A82-E79E-45D9-95D2-B2824880F780}) (Version: 2.0.2 - Werner Schweer and Others) NCRImageScan (HKLM\...\{38D6A364-8601-4571-BBC9-FB91F48F0AE5}) (Version: 3.2.0.33 - NCR Corporation) Nero 7 Essentials (HKLM\...\{E11BD6A7-5046-4D25-ABCB-386A54F71033}) (Version: 7.02.8124 - Nero AG) neroxml (HKLM\...\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}) (Version: 1.0.0 - Nero AG) netbrdg (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.4.18.00 - NETGEAR Inc.) NWZ-E380 WALKMAN Guide (HKLM\...\{D98ED583-338D-4425-B2EF-A4C7FB93CE88}) (Version: 2.2.0.05230 - Sony Corporation) OneClickdigital Media Manager (HKLM\...\{C259BBE2-2531-4387-B5E3-9E6845854272}) (Version: 61.0.0.0 - Recorded Books) PlayStation(R)Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.18.0.15698 - Sony Computer Entertainment Inc.) PS7700 (Version: 1.01.0000 - Hewlett-Packard) Hidden PSShortcuts (Version: 1.01.0000 - Hewlett-Packard) Hidden PSUsage (Version: 1.30.0000 - Hewlett-Packard) Hidden QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden Quake 3 Arena Demo (HKLM\...\Quake 3 Arena Demo) (Version: - ) Quicken 2011 (HKLM\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6482 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform) Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden Renesas Electronics USB 3.0 Host Controller Driver (Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden R-Studio 7.2 (HKLM\...\R-Studio 7.2NSIS) (Version: 7.2.154997 - R-Tools Technology Inc.) R-Studio Emergency Startup Media Creator 7.0 (HKLM\...\R-Studio Emergency Startup Media Creator 7.0NSIS) (Version: 7.0.551 - R-Tools Technology Inc.) Samsung_MonSetup (HKLM\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung) Sansa Updater (HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation) Sansa Updater (HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation) Secunia PSI (2.0.0.4003) (HKLM\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia) SFR (Version: 7.00.0000.0004 - Eastman Kodak Company) Hidden Software Updater (HKLM\...\{A3B308B9-BE96-4334-816F-3D82B19A7DE2}) (Version: 4.1.7 - SEIKO EPSON CORPORATION) Sound Blaster Audigy (HKLM\...\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}) (Version: 1.0 - ) Spamihilator 1.6.0 (32 bit) (HKLM\...\{961B37CC-64A0-4F1C-900C-80DD57D2B788}) (Version: 1.6.0 - Michel Krämer) Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform) TurboTax 2010 (HKLM\...\TurboTax 2010) (Version: - Intuit, Inc) TurboTax 2011 (HKLM\...\TurboTax 2011) (Version: - Intuit, Inc) TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc) TurboTax 2014 (HKLM\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc) TurboTax 2015 (HKLM\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc) Tweak UI (HKLM\...\Tweak UI 2.10) (Version: - ) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden Vz In Home Agent (HKLM\...\{149C2374-E707-4B53-A487-A2DA2064E03D}) (Version: 8.03.41 - Verizon) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden WinDjView 1.0.3 (HKLM\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun) Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.21 - Microsoft Corporation) Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows PowerShell(TM) 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) WinUpdatesList (HKLM\...\WinUpdatesList) (Version: 1.23 - NirSoft) Wrapper (HKLM\...\{394E7D98-28C7-4CD8-B503-7E43BC43A0F2}) (Version: 1.00.0000 - Verizon) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-839522115-115176313-682003330-1004_Classes\CLSID\{2B4C13BC-0DEB-40D4-B33D-1A1D320F004D}\InprocServer32 -> C:\Documents and Settings\My Name Here\Application Data\NCR Corporation\NCRImageScan\3.2.0.33\NCRScanServerPS.dll () CustomCLSID: HKU\S-1-5-21-839522115-115176313-682003330-1004_Classes\CLSID\{6D3C4877-F0BE-46AD-8C8B-FCF954BDB1F5}\localserver32 -> C:\Documents and Settings\My Name Here\Application Data\NCR Corporation\NCRImageScan\3.2.0.33\NCRScanServer.exe (NCR Corporation) CustomCLSID: HKU\S-1-5-21-839522115-115176313-682003330-1004_Classes\CLSID\{FEA4FCB7-C3C0-591D-A2FC-D707ED32BEC8}\InprocServer32 -> C:\Documents and Settings\My Name Here\Application Data\NCR Corporation\NCRImageScan\3.2.0.33\npNCRImageScan.dll (NCR Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2013-09-05 12:49 - 2013-09-05 12:49 - 00077944 _____ () C:\Program Files\Macrium\Reflect\AESDll.dll 2010-12-06 23:39 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll 2005-05-03 07:38 - 2005-05-03 19:38 - 00064512 _____ () C:\WINDOWS\system32\P17.dll 2013-09-28 21:14 - 2013-09-28 21:14 - 03369922 _____ () C:\Program Files\NETGEAR Genie\bin\icuin51.dll 2013-09-28 21:13 - 2013-09-28 21:13 - 00544817 _____ () C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dll 2013-09-28 21:13 - 2013-09-28 21:13 - 00989805 _____ () C:\Program Files\NETGEAR Genie\bin\libstdc++-6.dll 2013-09-28 21:14 - 2013-09-28 21:14 - 01978690 _____ () C:\Program Files\NETGEAR Genie\bin\icuuc51.dll 2013-09-28 21:14 - 2013-09-28 21:14 - 22378434 _____ () C:\Program Files\NETGEAR Genie\bin\icudt51.dll 2013-09-28 21:14 - 2013-09-28 21:14 - 01233408 _____ () C:\Program Files\NETGEAR Genie\bin\platforms\qwindows.dll 2015-11-17 04:23 - 2015-11-17 04:23 - 00672256 _____ () C:\Program Files\NETGEAR Genie\bin\Genie.dll 2015-11-17 04:08 - 2015-11-17 04:08 - 01691136 _____ () C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dll 2015-11-10 05:52 - 2015-11-10 05:52 - 00192512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dll 2015-11-10 05:53 - 2015-11-10 05:53 - 00631296 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dll 2015-11-17 04:13 - 2015-11-17 04:13 - 06942208 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dll 2014-06-29 21:55 - 2014-06-29 21:55 - 00068608 _____ () C:\Program Files\NETGEAR Genie\bin\QRCode.dll 2015-11-10 06:49 - 2015-11-10 06:49 - 01165312 _____ () C:\Program Files\NETGEAR Genie\bin\qwt.dll 2015-11-15 23:34 - 2015-11-15 23:34 - 02979854 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll 2012-10-15 16:27 - 2012-10-15 16:27 - 00111616 _____ () C:\Program Files\NETGEAR Genie\bin\libvlc.dll 2012-10-15 16:28 - 2012-10-15 16:28 - 02286592 _____ () C:\Program Files\NETGEAR Genie\bin\libvlccore.dll 2015-11-17 04:14 - 2015-11-17 04:14 - 01058304 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll 2014-09-11 04:39 - 2014-09-11 04:39 - 00144896 _____ () C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dll 2015-11-15 23:34 - 2015-11-15 23:34 - 01205248 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll 2015-11-10 03:55 - 2015-11-10 03:55 - 11147776 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dll 2015-11-15 23:35 - 2015-11-15 23:35 - 02593280 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll 2015-11-17 04:15 - 2015-11-17 04:15 - 00200192 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dll 2015-11-17 04:16 - 2015-11-17 04:16 - 00892928 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dll 2015-11-10 06:17 - 2015-11-10 06:17 - 00438272 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dll 2013-09-28 21:13 - 2013-09-28 21:13 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qgif.dll 2013-08-25 15:07 - 2013-08-25 15:07 - 00052224 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qico.dll 2013-09-28 21:13 - 2013-09-28 21:13 - 00261120 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg.dll 2013-08-25 15:16 - 2013-08-25 15:16 - 00381952 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qmng.dll 2013-08-25 15:09 - 2013-08-25 15:09 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qsvg.dll 2013-08-25 15:16 - 2013-08-25 15:16 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qtga.dll 2013-08-25 15:16 - 2013-08-25 15:16 - 00390144 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qtiff.dll 2013-08-25 15:16 - 2013-08-25 15:16 - 00045056 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qwbmp.dll 2015-11-10 05:52 - 2015-11-10 05:52 - 00081408 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dll 2015-04-17 06:36 - 2015-04-17 06:36 - 00146944 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dll 2015-08-24 04:41 - 2015-08-24 04:41 - 02360622 _____ () C:\Program Files\NETGEAR Genie\bin\drivers\libntgr_api.dll 2015-03-28 10:50 - 2015-03-28 10:50 - 00113152 _____ () C:\Program Files\NETGEAR Genie\bin\drivers\NETGEAR_PLC_L2_API.dll 2015-02-03 06:09 - 2015-02-03 06:09 - 00072192 _____ () C:\Program Files\NETGEAR Genie\bin\SVTUtils.dll 2014-09-04 02:00 - 2014-09-04 02:00 - 00074240 _____ () C:\Program Files\NETGEAR Genie\bin\NetcardApi.dll 2014-09-04 02:00 - 2014-09-04 02:00 - 00136704 _____ () C:\Program Files\NETGEAR Genie\bin\airprintdll.dll 2012-10-15 16:28 - 2012-10-15 16:28 - 00219648 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll 2012-10-15 16:28 - 2012-10-15 16:28 - 00049664 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll 2012-10-15 16:28 - 2012-10-15 16:28 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll 2012-10-15 16:28 - 2012-10-15 16:28 - 00070144 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll 2013-09-28 21:13 - 2013-09-28 21:13 - 00040960 _____ () C:\Program Files\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll 2015-11-17 04:16 - 2015-11-17 04:16 - 00642560 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dll 2015-11-10 06:18 - 2015-11-10 06:18 - 00458752 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll 2014-06-29 22:33 - 2014-06-29 22:33 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dll 2014-09-04 02:00 - 2014-09-04 02:00 - 00066560 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupDll.dll 2014-04-27 19:19 - 2014-04-27 19:19 - 00014848 _____ () C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll 2009-11-24 13:36 - 2009-11-24 13:36 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll 2014-04-27 19:20 - 2014-04-27 19:20 - 00270336 _____ () C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2015-02-20 15:10 - 2015-02-20 15:10 - 00060416 _____ () C:\Program Files\Spamihilator\zlib1.dll 2015-02-20 15:10 - 2015-02-20 15:10 - 00279040 _____ () C:\Program Files\Spamihilator\sqlite3.dll 2015-08-26 10:21 - 2015-08-26 10:21 - 00105216 _____ () C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe 2004-08-04 08:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:638E6F6B [136] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION HKU\S-1-5-21-839522115-115176313-682003330-1004\Software\Classes\exefile: "%1" %* <===== ATTENTION HKU\S-1-5-21-839522115-115176313-682003330-1004\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004\...\amidoncorp.com -> hxxps://www.amidoncorp.com IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004\...\express-scripts.com -> hxxps://www.express-scripts.com IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004\...\malwarebytes.org -> hxxps://forums.malwarebytes.org IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004\...\medcohealth.com -> hxxps://host1.medcohealth.com IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004\...\microsoft.com -> hxxp://v4.windowsupdate.microsoft.com IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004\...\microsoft.com -> hxxps://v4.windowsupdate.microsoft.com IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004\...\pccuing.org -> hxxps://www.pccuing.org IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004\...\vanguard.com -> vanguard.com IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\amidoncorp.com -> hxxps://www.amidoncorp.com IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\express-scripts.com -> hxxps://www.express-scripts.com IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\malwarebytes.org -> hxxps://forums.malwarebytes.org IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\medcohealth.com -> hxxps://host1.medcohealth.com IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\microsoft.com -> hxxp://v4.windowsupdate.microsoft.com IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\microsoft.com -> hxxps://v4.windowsupdate.microsoft.com IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\pccuing.org -> hxxps://www.pccuing.org IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\vanguard.com -> vanguard.com ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2004-08-04 08:00 - 2016-06-13 22:14 - 00505052 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 0.0.0.0 m.fr.a2dfp.net 0.0.0.0 mfr.a2dfp.net 0.0.0.0 ad.a8.net 0.0.0.0 asy.a8ww.net 0.0.0.0 static.a-ads.com 0.0.0.0 atlas.aamedia.ro 0.0.0.0 abcstats.com 0.0.0.0 ad4.abradio.cz 0.0.0.0 a.abv.bg 0.0.0.0 adserver.abv.bg 0.0.0.0 adv.abv.bg 0.0.0.0 bimg.abv.bg 0.0.0.0 ca.abv.bg 0.0.0.0 track.acclaimnetwork.com 0.0.0.0 accuserveadsystem.com 0.0.0.0 www.accuserveadsystem.com 0.0.0.0 achmedia.com 0.0.0.0 csh.actiondesk.com 0.0.0.0 ads.activepower.net 0.0.0.0 app.activetrail.com 0.0.0.0 stat.active24stats.nl #[Tracking.Cookie] 0.0.0.0 traffic.acwebconnecting.com 0.0.0.0 office.ad1.ru 0.0.0.0 cms.ad2click.nl 0.0.0.0 ad2games.com 0.0.0.0 ads.ad2games.com 0.0.0.0 content.ad20.net 0.0.0.0 core.ad20.net 0.0.0.0 banner.ad.nu There are 11958 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None) HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None) HKU\S-1-5-21-839522115-115176313-682003330-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\My Name Here\Local Settings\Application Data\Microsoft\Wallpaper1.bmp HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\My Name Here\Local Settings\Application Data\Microsoft\Wallpaper1.bmp HKU\S-1-5-21-839522115-115176313-682003330-1012-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None) HKU\S-1-5-21-839522115-115176313-682003330-1013-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None) HKU\S-1-5-21-839522115-115176313-682003330-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None) DNS Servers: 10.0.0.1 Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) StandardProfile\AuthorizedApplications: [C:\Program Files\MagicTune Premium\MagicTune.exe] => Disabled:MagicTune StandardProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\iexplore.exe] => Enabled:Internet Explorer StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe] => :LocalSubNet:Disabled:Intuit Update Shared Downloads Server StandardProfile\AuthorizedApplications: [C:\Q3Ademo\quake3.exe] => Disabled:quake3 StandardProfile\AuthorizedApplications: [C:\Documents and Settings\My Name Here\Local Settings\Temp\7zS4DE4\EnterpriseDU.exe] => Enabled:DeviceUpdate StandardProfile\AuthorizedApplications: [C:\Program Files\EPSON Software\Event Manager\EEventManager.exe] => Enabled:EEventManager.exe StandardProfile\AuthorizedApplications: [D:\Common\EpsonNet Setup\ENEasyApp.exe] => Enabled:EpsonNet Setup StandardProfile\AuthorizedApplications: [C:\Program Files\EPSON Software\ECPrinterSetup\ENPApp.exe] => Enabled:Epson Connect Printer Setup StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Disabled:Microsoft Management Console StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Media Player\setup_wm.exe] => Disabled:setup_wm.exe StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Media Player\mplayer2.exe] => Disabled:mplayer2.exe StandardProfile\AuthorizedApplications: [C:\Program Files\Raptr\raptr.exe] => Disabled:Raptr Desktop App StandardProfile\AuthorizedApplications: [C:\Program Files\Raptr\raptr_im.exe] => Disabled:Raptr IM StandardProfile\AuthorizedApplications: [C:\Program Files\Webroot\WRSA.exe] => Enabled:Webroot SecureAnywhere StandardProfile\AuthorizedApplications: [C:\Program Files\Spamihilator\spamihilator.exe] => Enabled:Spamihilator StandardProfile\AuthorizedApplications: [C:\Program Files\Spamihilator\cdcc.exe] => Enabled:Spamihilator DCC Filter Configuration StandardProfile\AuthorizedApplications: [C:\Program Files\Spamihilator\dccproc.exe] => Enabled:Spamihilator DCC Filter StandardProfile\AuthorizedApplications: [C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe] => Enabled:VSDC Free Video Editor StandardProfile\AuthorizedApplications: [C:\Program Files\FlashIntegro\VideoEditor\Updater.exe] => Enabled:VSDC Free Video Editor Updater StandardProfile\AuthorizedApplications: [C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe] => Enabled:NETGEAR Genie StandardProfile\AuthorizedApplications: [C:\Program Files\Kodak\Digital Display\KodakDigitalDisplaySoftware.exe] => Enabled:Kodak digital display software StandardProfile\AuthorizedApplications: [C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe] => Enabled:KodakDigitalDisplayService StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Media Player\wmdbexport.exe] => :LocalSubNet:Enabled:wmdbexport.exe StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Media Player\wmlaunch.exe] => :LocalSubNet:Enabled:wmlaunch.exe StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Media Player\wmsetsdk.exe] => :LocalSubNet:Enabled:wmsetsdk.exe StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Media Player\wmplayer.exe] => :LocalSubNet:Disabled:wmplayer.exe StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Media Player\wmpenc.exe] => :LocalSubNet:Disabled:wmpenc.exe StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Media Player\wmpnetwk.exe] => :LocalSubNet:Disabled:wmpnetwk.exe StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Media Player\wmpnscfg.exe] => :LocalSubNet:Disabled:wmpnscfg.exe StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Media Player\wmpshare.exe] => :LocalSubNet:Disabled:wmpshare.exe StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe] => :LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox) DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004 DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005 DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001 DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002 StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004 StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005 StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001 StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002 ==================== Restore Points ========================= 16-04-2016 12:42:57 System Checkpoint 16-04-2016 12:47:33 Software Distribution Service 3.0 16-04-2016 16:52:10 Software Distribution Service 3.0 16-04-2016 16:59:46 Software Distribution Service 3.0 16-04-2016 18:22:37 Software Distribution Service 3.0 16-04-2016 18:27:08 Software Distribution Service 3.0 17-04-2016 19:09:17 System Checkpoint 18-04-2016 10:14:58 Installed Windows XP KB942288-v3. 19-04-2016 03:01:08 Software Distribution Service 3.0 19-04-2016 11:04:27 Software Distribution Service 3.0 19-04-2016 11:05:34 Software Distribution Service 3.0 19-04-2016 16:21:41 Software Distribution Service 3.0 20-04-2016 17:15:35 System Checkpoint 21-04-2016 13:32:40 Restore Point Created by FRST 22-04-2016 03:01:23 Software Distribution Service 3.0 22-04-2016 16:06:44 Software Distribution Service 3.0 23-04-2016 03:01:16 Software Distribution Service 3.0 24-04-2016 07:06:19 System Checkpoint 25-04-2016 07:47:54 System Checkpoint 26-04-2016 08:28:36 System Checkpoint 27-04-2016 09:48:43 System Checkpoint 28-04-2016 11:23:39 System Checkpoint 29-04-2016 12:14:36 System Checkpoint 30-04-2016 12:15:42 System Checkpoint 13-06-2016 16:15:16 System Checkpoint 13-06-2016 21:44:25 Removed Adobe Flash Player 21 NPAPI. 13-06-2016 21:45:07 Removed Adobe Flash Player 21 ActiveX. 13-06-2016 21:47:14 Removed Java 8 Update 77 14-06-2016 22:43:17 System Checkpoint ==================== Faulty Device Manager Devices ============= Name: Beep Description: Beep Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Beep Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (06/15/2016 11:04:43 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application qw.exe, version 20.1.8.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (06/14/2016 05:12:35 PM) (Source: Application Error) (EventID: 1004) (User: ) Description: Faulting application spoolsv.exe, version 5.1.2600.6024, faulting module unknown, version 0.0.0.0, fault address 0x4ec67403. Error in creating result PEAP-TLV in response to received PEAP-TLV (spoolsv.exe!ld!) Error: (06/14/2016 10:56:46 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application agent.exe, version 7.20.1218.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (06/14/2016 10:56:44 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application agent.exe, version 7.20.1218.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (06/14/2016 10:56:44 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application agent.exe, version 7.20.1218.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. System errors: ============= Error: (06/15/2016 12:10:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (06/15/2016 10:22:41 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (40000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (06/14/2016 08:40:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (40000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (06/14/2016 06:40:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (40000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (06/14/2016 05:13:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (40000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (06/14/2016 11:25:54 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (40000 milliseconds) waiting for a transaction response from the MBAMService service. ==================== Memory info =========================== Processor: AMD FX(tm)-4100 Quad-Core Processor Percentage of memory in use: 38% Total physical RAM: 3325.48 MB Available physical RAM: 2057.93 MB Total Virtual: 8038.77 MB Available Virtual: 6355.85 MB ==================== Drives ================================ Drive c: (Local Disk) (Fixed) (Total:298.08 GB) (Free:187.64 GB) NTFS ==>[drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 000ADE0F) Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Potential issues: ============================== LAN Settings: No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ mbam-check result log version: 2.3.2.0 ======================================== User Account type: Administrator DomainComputer: No OS: Windows XP Service Pack 3 Service Pack 3 32 bit Operating System Current Version and Build: 5.1.2600 OS Product Info: Home Edition Malwarebytes Anti-Malware: 2.2.1.1043 Installed On: 2016/06/15 Malware Database: 2016.06.15.04 Rootkit Database: 2016.05.27.01 Remediation Database: 2016.05.25.01 IP Database: 2016.06.15.01 Domain Database: 2016.06.15.04 License: Premium Malware Protection: 4 (The service is running.) Malicious Website Protection: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMWebAccessControl Chameleon: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon Log Created: 2016/06/15 13:16:53 User Information for Local System: =========================================== User Account: Administrator Account Level: Admin User Account: ASPNET Account Level: Limited User User Account: Guest Account Level: Guest User Account: HelpAssistant Account Level: Guest User Account: kodak Account Level: Admin User Account: My Name Here Account Level: Admin User Account: SUPPORT_388945a0 Account Level: Guest Total # of user entries: 7 UAC Settings: =================== SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Couldn't Open ENABLELUA policy SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin Couldn't Open UAC Policies AntiVirus Information: =================== AntiVirus Software Installed: "Avira Antivirus" FireWall Information: =================== NO 3rd Party Firewall Software Installed AntiSpyware Information: =================== NO AntiSpyware Software Installed Machine Information =============================================== Machine ID: 65657d4779cb61f830fc9684ff494024a6ffbff6 Machine ID2: 8172f48ced95e0ecbf6407cd504f7aa503efd52a Windows ID: 6ad96771-1803-43b4-afa3-112083d08e4e NicMAC Address: BIOS ID: GBT - 42302e31:Award Modular BIOS v6.00PG::10/18/12 Machine ID3: 65657d4779cb61f830fc9684ff494024a6ffbff6 Installation Token: k4CJ4zrksBK_Anin3xJ11444769453 System has been up for: 0.848056 Hours System has been booted within the last hour Current Date: 2016-Jun-15 17:16:54.015625 Date Booted: 2016-Jun-15 17:16:54.015625 Detection and Protection Settings =============================================== Use Advanced Heuristics Engine (Shuriken): true Scan for rootkits: false Scan within archives: true PUP (Potentially Unwanted Program) detections: Treat Detections as Malware PUM (Potentially Unwanted Modification) detections: Treat Detections as Malware Compatibility Flag Settings: ================================= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\WINDOWS\system32\notepad.exeREG_SZ EnableNXShowUI C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exeREG_SZ ELEVATECREATEPROCESS C:\WINDOWS\system32\spoolsv.exeREG_SZ EnableNXShowUI HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exeREG_SZ ELEVATECREATEPROCESS Malwarebytes Anti-Malware Shell Extension Block Check: ====================================================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked MBAM Startup Entries: ===================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Malwarebytes Anti-Malware Service and Driver Status: ======================================================= --------------Driver File Info:-------------- C:\WINDOWS\system32\drivers\mbam.sys File Size: 24448 BYTES FileVersion: 0.1.16.0 MD5: [a1d52db330e18b5a7a718d31d950ca87] C:\WINDOWS\system32\drivers\mbamswissarmy.sys File Size: 170200 BYTES FileVersion: 0.3.0.4 MD5: [5023f594d5448e16f920157174c61358] C:\WINDOWS\system32\drivers\mbamchameleon.sys File Size: 123264 BYTES FileVersion: 1.1.22.0 MD5: [24a4b357d906d3cb52f370338fa3b62c] --------------MBAMProtector:-------------- Type: 2 State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 --------------MBAMService:-------------- Type: 16 State: 4 (The service is running.) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 --------------MBAMScheduler:-------------- Type: 16 State: 4 (The service is running.) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 --------------MBAMChameleon:-------------- Type: N/A State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon WIN32_EXIT_CODE: N/A SERVICE_EXIT_CODE: N/A CHECKPOINT: N/A WAIT_HINT: N/A --------------MBAMWebAccessControl:-------------- Type: N/A State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControl WIN32_EXIT_CODE: N/A SERVICE_EXIT_CODE: N/A CHECKPOINT: N/A WAIT_HINT: N/A Required Dependencies: ====================== --------------fltmgr:-------------- Type: 2 State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr Type REG_DWORD 2 Start REG_DWORD 0 ErrorControl REG_DWORD 1 Tag REG_DWORD 1 ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys DisplayName REG_SZ FltMgr Group REG_SZ FSFilter Infrastructure Description REG_SZ File System Filter Manager Driver AttachWhenLoaded REG_DWORD 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Security Security REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum 0 REG_SZ Root\LEGACY_FLTMGR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 C:\WINDOWS\system32\drivers\fltmgr.sys File Size: 129792 BYTES FileVersion: 5.1.2600.5512 MD5: [b2cf4b0786f8212cb92ed2b50c6db6b0] C:\WINDOWS\system32\comctl32.ocx File Size: 608448 BYTES FileVersion: 6.0.81.5 MD5: [eb5f811c1f78005b3c147599a0cccf51] C:\WINDOWS\system32\mscomctl.ocx File Size: 1066176 BYTES FileVersion: 6.0.88.62 MD5: [714cf24fc19a20ae0dc701b48ded2cf6] C:\WINDOWS\system32\olepro32.dll File Size: 84992 BYTES FileVersion: 5.1.2600.5512 MD5: [5652f6ce1d9e9d8068b9d29bc21b5409] MBAM Registry Settings and License Info: ======================================== --------------Settings:-------------- Advanced: AutomaticQuarantine: true AutostartProtection: true LimitedMode: false StartSilentMode: false StartupDelay: -15 ApplicationState: First-Run-After-Installation: false General: DaysUntilNotifyExpiration: 5 Language: en RightClickAccess: true SilentErrors: false Logging: ExportLog: true Notification: ProtectionTray: DisplayMilliseconds: 3000 ScanHistory: Duration_Driver: 0 Duration_Filesystem: 96000 Duration_Heuristics: 8000 Duration_Loading: 0 Duration_MasterBootRecord: 0 Duration_Memory: 40000 Duration_PreScan: 44000 Duration_Registry: 3000 Duration_Sector: 0 Duration_Startup: 7000 ItemCount_Driver: 0 ItemCount_Filesystem: 6890 ItemCount_Heuristics: 108509 ItemCount_Loading: 0 ItemCount_MasterBootRecord: 0 ItemCount_Memory: 2797 ItemCount_PreScan: 0 ItemCount_Registry: 38948 ItemCount_Sector: 0 ItemCount_Startup: 447 LastRemovalRequiredDOR: false LastScanDateEpoch: 1466008530625 LastScanType: 1 (Threat Scan) Update: LastUpdate: 2016-06-15T16:34:31 NotifyInstallReady: true NotifyOutdatedDatabase: 7 ProxyPassword: ProxyPort: 0 ProxyServer: ProxyUsername: UseProxy: false UseProxyAuthentication: false CheckProgramUpdates: true --------------Account:-------------- Account Status: Premium Expiration Time: Activation Time: 2016/06/15 12:34:20 Trial Used: true --------------Access Policies:-------------- Scheduler Queue: ================ tasks: 1c1bd69a-f36f-40cb-aa13-2f3814728b27: parameters: AutoDelete: false CheckForUpdatesBeforeScanStart: true ScanConfig: ExportLog: true FileSystemOption: true Quarantine: Prompt RebootSystemWhenMalwareDetected: false ScanArchives: true ScanExtra: true ScanHeuristic: true ScanMemoryObjects: true ScanPUM: Treat Detections as Malware ScanPUP: Treat Detections as Malware ScanRegistry: true ScanRootkits: false ScanSource: 1 ScanStartup: true ScanTargets: ScanType: 1 (Threat Scan) Silent: true StartTaskFromSystemAccount: false TaskType: 0 triggers: 65b730f2-09f9-4e55-9478-2f99edafd21d: dateinterval: 1:0:0 (Days:Months:Years) lastscheduled: lasttriggered: nextscheduled: Thu, 16 Jun 2016 03:19:51 -0400 recovery: 23:00:00 (Hours:Minutes:Seconds) start: Thu, 16 Jun 2016 03:24:04 -0400 timeinterval: 00:00:00 (Hours:Minutes:Seconds) type: Daily uuid: 65b730f2-09f9-4e55-9478-2f99edafd21d type: scan uuid: 1c1bd69a-f36f-40cb-aa13-2f3814728b27 3f265d52-21fc-4cf3-b6ad-6a1861abe662: parameters: NotifyWhenUpdateCompletes: false TaskType: 3 triggers: 73a44cb8-146f-4984-afb9-ec72c971305c: dateinterval: 0:0:0 (Days:Months:Years) lastscheduled: Wed, 15 Jun 2016 12:38:54.468750 -0400 lasttriggered: Wed, 15 Jun 2016 12:38:54.468750 -0400 nextscheduled: Wed, 15 Jun 2016 13:46:47.468750 -0400 recovery: 00:00:00 (Hours:Minutes:Seconds) start: Wed, 15 Jun 2016 12:36:34.468750 -0400 timeinterval: 01:00:00 (Hours:Minutes:Seconds) type: Hourly uuid: 73a44cb8-146f-4984-afb9-ec72c971305c type: update uuid: 3f265d52-21fc-4cf3-b6ad-6a1861abe662 Pending File Rename Operations: ================================ If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation. Pending File Rename Operations: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\ PendingFileRenameOperations REG_MULTI_SZ \??\C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll.old MBAMProtector Registry Values: ============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector Type REG_DWORD 2 Start REG_DWORD 3 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ \??\C:\WINDOWS\system32\drivers\mbam.sys Group REG_SZ FSFilter Anti-Virus DependOnService REG_MULTI_SZ FltMgr DependOnGroup REG_DWORD 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances DefaultInstance REG_SZ MBAMProtector Instance HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance Altitude REG_SZ 328800 Flags REG_DWORD 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters PassThruFile REG_SZ mbampt.exe ProductPath REG_SZ C:\Program Files\Malwarebytes Anti-Malware HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Security Security REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum 0 REG_SZ Root\LEGACY_MBAMPROTECTOR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 MBAMService Registry Values: ============================ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService Type REG_DWORD 16 Start REG_DWORD 2 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ "C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe" DependOnService REG_MULTI_SZ MBAMProtector DependOnGroup REG_DWORD 0 ObjectName REG_SZ LocalSystem Description REG_SZ Malwarebytes Anti-Malware service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Security Security REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Enum 0 REG_SZ Root\LEGACY_MBAMSERVICE\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 MBAMScheduler Registry Values: ============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler Type REG_DWORD 16 Start REG_DWORD 2 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ "C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe" ObjectName REG_SZ LocalSystem Description REG_SZ Malwarebytes Anti-Malware scheduler HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler\Security Security REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler\Enum 0 REG_SZ Root\LEGACY_MBAMSCHEDULER\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 Terminal Services Status for (null) entries in PM logs and GetUserToken errors: =============================================================================== --------------TERMService:-------------- Type: 32 State: 4 (The service is running.) (State is stopped) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 TermService Start is set to: 3 (Manual Startup) Proxy Status: No proxy is Set LAN Settings: ============= No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY SystemPartition: ================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\ SystemPartition REG_SZ \Device\HarddiskVolume1 Balloon Tips Status: ==================== Enabled Time Format Settings: ===================== Should be: h:mm:ss tt AM PM : Currently: REG_SZ h:mm:ss tt REG_SZ AM REG_SZ PM REG_SZ : Language and Regional Settings: =============================== ACP: Language is English (United States) MACCP: Language is English (United States) OEMCP: Language is English (United States) Startup Folders for Error_Expanding_Variables Check: ==================================================== All Users Startup Folder Exists. Current User's startup Folder Exists. Context Menu Entries: ===================== HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1 (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE} (Default): REG_SZ IMBAMShlExt HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 (Default): REG_SZ C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID (Default): REG_SZ MBAMExt.MBAMShlExt HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32 (Default): REG_SZ C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ C:\Program Files\Malwarebytes Anti-Malware List of MBAM Related Directories: ================================= C:\Program Files\Malwarebytes Anti-Malware\ 7z.dll File Size: 922080 BYTES FileVersion: 9.20.0.0 MD5: [14079a2411fa2bb7f78bc100c92bbcc2] changes.txt File Size: 1596 BYTES FileVersion: N/A MD5: [09371a0c8bd9e9554571da257d554d3e] cloud-enumeration.dll File Size: 287200 BYTES FileVersion: 1.0.1.0 MD5: [84ac20b9327dbd4d94039be93384dad5] cloud.dll File Size: 352736 BYTES FileVersion: 1.0.1.0 MD5: [5659790448fb136a80be407c4a0dbb50] license.rtf File Size: 38870 BYTES FileVersion: N/A MD5: [ed36ea764c3a452334416713c8cf1eed] master.conf File Size: 1258 BYTES FileVersion: N/A MD5: [9702ca5e82d3756c6d8af34a2ababaea] mbam.dll File Size: 609760 BYTES FileVersion: 1.0.40.0 MD5: [c4a51c1cb174066fdaf383c09f0d574b] mbam.exe File Size: 9926112 BYTES FileVersion: 2.3.173.0 MD5: [8e98e3ec16d2641005b4748cd330fb45] mbamcore.dll File Size: 2127840 BYTES FileVersion: 1.3.24.0 MD5: [63ce66ef2b30a09308eafe29baec6a75] mbamdor.exe File Size: 55264 BYTES FileVersion: 1.0.2.0 MD5: [297c1bdcc26adb339d4c0f0550e434d6] mbamext.dll File Size: 381920 BYTES FileVersion: 3.1.1.0 MD5: [1a29329d4abdb7d765a9ed2bfe39a515] mbampt.exe File Size: 40928 BYTES FileVersion: 1.0.57.0 MD5: [04d0b942b0ad4a5d2eee45d9b7d6545b] mbamresearch.exe File Size: 1949152 BYTES FileVersion: 1.1.1.0 MD5: [e601f9ca6a72493bc8185bedda17eee8] mbamscheduler.exe File Size: 1514464 BYTES FileVersion: 3.1.7.0 MD5: [9611577752e293259c7dce19e9026362] mbamservice.exe File Size: 1136608 BYTES FileVersion: 3.2.21.0 MD5: [f1a89a34388b5626f1548d393b23ecb1] mbamsrv.dll File Size: 3863008 BYTES FileVersion: 2.1.10.0 MD5: [a33629c51295570fe9f252a39ddcea93] msvcp100.dll File Size: 422880 BYTES FileVersion: 10.0.40219.325 MD5: [53a5f1b984f585997968cd0dfb27400c] msvcr100.dll File Size: 775648 BYTES FileVersion: 10.0.40219.325 MD5: [dc0213118e61e5ca865092109860792c] Qt5Core.dll File Size: 4646880 BYTES FileVersion: 5.4.1.0 MD5: [91c7c50b2a290b82604163b5a679ea24] Qt5Gui.dll File Size: 4640224 BYTES FileVersion: 5.4.1.0 MD5: [1d59b3e632aef8e24cc1707fd411113b] Qt5Network.dll File Size: 673248 BYTES FileVersion: 5.4.1.0 MD5: [e089635a8cbed229ec30cdbe29748c08] Qt5Widgets.dll File Size: 4474848 BYTES FileVersion: 5.4.1.0 MD5: [33881dda0ccc3898facadf1e4d1df237] unins000.dat File Size: 37455 BYTES FileVersion: N/A MD5: [d08b8761c52f7848f3992edd631e92f7] unins000.exe File Size: 720085 BYTES FileVersion: 51.52.0.0 MD5: [f1505d347325c77e3eeef418495e1f57] C:\Program Files\Malwarebytes Anti-Malware\\Chameleon C:\Program Files\Malwarebytes Anti-Malware\\Chameleon\Windows chameleon.chm File Size: 235882 BYTES FileVersion: N/A MD5: [c4190b71f037714aa77aba294434ba5b] firefox.com File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] firefox.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] firefox.pif File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] firefox.scr File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] iexplore.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.com File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.pif File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.scr File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-killer.exe File Size: 1504736 BYTES FileVersion: 3.0.15.0 MD5: [b79d3c2fca170c4dd15d7316067a1fd3] rundll32.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] svchost.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] windows.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] winlogon.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] C:\Program Files\Malwarebytes Anti-Malware\\imageformats qgif.dll File Size: 29664 BYTES FileVersion: 5.4.1.0 MD5: [0b528e4c9bbd9efdea9bc8ac6a967d6d] qico.dll File Size: 29664 BYTES FileVersion: 5.4.1.0 MD5: [7b36d94db81b8b0dfd9323228dd96b51] C:\Program Files\Malwarebytes Anti-Malware\\Languages lang_ar.qm File Size: 87404 BYTES FileVersion: N/A MD5: [269d3107ca72a75fe154ce4ff718af50] lang_bg.qm File Size: 133911 BYTES FileVersion: N/A MD5: [376ad1e4ad206bc32da09b12b564ecc4] lang_ca.qm File Size: 92634 BYTES FileVersion: N/A MD5: [2d35f58b0c2db44ad2717f4a4526a085] lang_cs.qm File Size: 105193 BYTES FileVersion: N/A MD5: [2c191de828d5e05fd7afa27ee1245023] lang_da.qm File Size: 88039 BYTES FileVersion: N/A MD5: [f8a4941d5d388160d252832a77ab584f] lang_de.qm File Size: 139276 BYTES FileVersion: N/A MD5: [b55f37281f0fcadfae67aecf0bf4cca5] lang_el.qm File Size: 126897 BYTES FileVersion: N/A MD5: [bd671253e071bac626beea63393abcda] lang_en.qm File Size: 3081 BYTES FileVersion: N/A MD5: [e2790b3cd9fdd9d3e266e9623fe477af] lang_es.qm File Size: 138468 BYTES FileVersion: N/A MD5: [cc4f3aab63d933d5964e2bba62df4277] lang_et.qm File Size: 107794 BYTES FileVersion: N/A MD5: [aa4845cd64b20377cea0ebc66eed4a42] lang_fi.qm File Size: 130793 BYTES FileVersion: N/A MD5: [00653d1fb2f790817aef991025c176aa] lang_fr.qm File Size: 141996 BYTES FileVersion: N/A MD5: [e06db8ef6b826b75ec5859913651ed44] lang_he.qm File Size: 98928 BYTES FileVersion: N/A MD5: [2954e902664f2e129f8a8d8238e90552] lang_hu.qm File Size: 132359 BYTES FileVersion: N/A MD5: [6bf3b8c78fd393ef2811a19742518b9a] lang_id.qm File Size: 129135 BYTES FileVersion: N/A MD5: [6be058072a90897595c6f097a3caa797] lang_it.qm File Size: 134154 BYTES FileVersion: N/A MD5: [183990148beec433023688db65a7bf2e] lang_ja.qm File Size: 73762 BYTES FileVersion: N/A MD5: [f6bfd643cb92fa760ae6ec64344ee7e1] lang_ko.qm File Size: 85731 BYTES FileVersion: N/A MD5: [53b5a94eb309d69993a5bc3cd43a85e4] lang_lt.qm File Size: 90799 BYTES FileVersion: N/A MD5: [eecd8edca1fb068ad3bd88aa711bdae2] lang_lv.qm File Size: 90659 BYTES FileVersion: N/A MD5: [683950904e725821740217824df440ff] lang_nl.qm File Size: 133514 BYTES FileVersion: N/A MD5: [442a6cf7e07e6f676d8b5ae41637549c] lang_no.qm File Size: 129833 BYTES FileVersion: N/A MD5: [8949e21e367e5a32ca9f36d8d22c9771] lang_pl.qm File Size: 133827 BYTES FileVersion: N/A MD5: [48379f4ac164adfc8d448bf53c8e2df8] lang_pt_BR.qm File Size: 136918 BYTES FileVersion: N/A MD5: [b1ea2002cf5362b24ca0a026f448e3f1] lang_pt_PT.qm File Size: 136982 BYTES FileVersion: N/A MD5: [5e23b66cb6d8d9894b991cc8f33658af] lang_ro.qm File Size: 90458 BYTES FileVersion: N/A MD5: [bcf524020255c4f7a6fdbae8df2bfe81] lang_ru.qm File Size: 137874 BYTES FileVersion: N/A MD5: [5e28394fbd12f21301e2b7e1a9dbac94] lang_sk.qm File Size: 131080 BYTES FileVersion: N/A MD5: [68e0e95e7131d101188a57e3a413dee5] lang_sl.qm File Size: 107631 BYTES FileVersion: N/A MD5: [83755001a3f1bd527d0b4b7a77d0b37d] lang_sv.qm File Size: 129135 BYTES FileVersion: N/A MD5: [b3c38242beb63f895fabcc14bbc6807a] lang_tr.qm File Size: 88838 BYTES FileVersion: N/A MD5: [1e4a3c0dcd7074ad4a3971ce67762cda] lang_vi.qm File Size: 133386 BYTES FileVersion: N/A MD5: [586de19c023986bf884ad56fc29c8f5e] lang_zh_TW.qm File Size: 87797 BYTES FileVersion: N/A MD5: [e120a014cf077bdcbcdcbf98c3438188] C:\Program Files\Malwarebytes Anti-Malware\\platforms qwindows.dll File Size: 929760 BYTES FileVersion: 5.4.1.0 MD5: [6c54d2ebeaacbe9b56816536041c8281] C:\Program Files\Malwarebytes Anti-Malware\\Plugins fixdamage.exe File Size: 823776 BYTES FileVersion: 1.4.0.1001 MD5: [bbfc25590af3e45d8cca1fab95648b40] C:\Documents and Settings\My Name Here\Application Data\Malwarebytes\Malwarebytes Anti-Malware C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware actions.ref File Size: 8123 BYTES FileVersion: N/A MD5: [40b607f02e52755e5cbee4bed846db9a] akadomains.ref File Size: 92 BYTES FileVersion: N/A MD5: [73d5774cbd8df165274a0691ae264808] akaips.ref File Size: 92 BYTES FileVersion: N/A MD5: [2a6869d1f91f0a0b87b1d27bd30ccc5c] domains.ref File Size: 630007 BYTES FileVersion: N/A MD5: [7ad24e2efebb2cfa8872354bbf2c2675] exclusions.dat File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e] ips.ref File Size: 134129 BYTES FileVersion: N/A MD5: [191efca2c7b6e623b5a430ba99965d0d] rules.ref File Size: 9521262 BYTES FileVersion: N/A MD5: [03f1c364023e203e71f57b2d7a6a1387] S-1-5-18-0-ntuser.dat S-1-5-18-0-ntuser.dat.LOG S-1-5-18-1-ntuser.dat File Size: 299008 BYTES FileVersion: N/A MD5: [b10816596d72bd53d3afcfe5250687a5] S-1-5-18-1-ntuser.dat.LOG File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e] S-1-5-19-0-ntuser.dat S-1-5-19-0-ntuser.dat.LOG S-1-5-19-1-ntuser.dat File Size: 237568 BYTES FileVersion: N/A MD5: [57581c736aac9f99da7116d2c7d17ac6] S-1-5-19-1-ntuser.dat.LOG File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e] S-1-5-19-1-UsrClass.dat File Size: 16384 BYTES FileVersion: N/A MD5: [ade86b229c302cec0f953dcdeecdc42e] S-1-5-20-0-ntuser.dat S-1-5-20-0-ntuser.dat.LOG S-1-5-20-1-ntuser.dat File Size: 237568 BYTES FileVersion: N/A MD5: [c9fee706933fe948e3ddf7016788c46c] S-1-5-20-1-ntuser.dat.LOG File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e] S-1-5-20-1-UsrClass.dat File Size: 16384 BYTES FileVersion: N/A MD5: [febbb46e702f658da7cde2cd6addff1e] S-1-5-21-839522115-115176313-682003330-1004-0-ntuser.datS-1-5-21-839522115-115176313-682003330-1004-0-ntuser.dat.LOGS-1-5-21-839522115-115176313-682003330-1004-1-ntuser.dat File Size: 10051584 BYTES FileVersion: N/A MD5: [a631f86d2ef2322243933a3358072d31] S-1-5-21-839522115-115176313-682003330-1004-1-ntuser.dat.LOG File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e] S-1-5-21-839522115-115176313-682003330-1004-1-UsrClass.dat File Size: 110592 BYTES FileVersion: N/A MD5: [65106c306a21240ac127711ac8a5cab0] S-1-5-21-839522115-115176313-682003330-1012-0-ntuser.datS-1-5-21-839522115-115176313-682003330-1012-0-ntuser.dat.LOGS-1-5-21-839522115-115176313-682003330-1012-1-ntuser.dat File Size: 524288 BYTES FileVersion: N/A MD5: [c97c7f93e84b9d3698ab6750e39a45c7] S-1-5-21-839522115-115176313-682003330-1012-1-ntuser.dat.LOG File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e] S-1-5-21-839522115-115176313-682003330-1012-1-UsrClass.dat File Size: 262144 BYTES FileVersion: N/A MD5: [14cf5420f9f20e8037cb62d7685acad9] S-1-5-21-839522115-115176313-682003330-1013-0-ntuser.datS-1-5-21-839522115-115176313-682003330-1013-0-ntuser.dat.LOGS-1-5-21-839522115-115176313-682003330-1013-1-ntuser.dat File Size: 524288 BYTES FileVersion: N/A MD5: [c97c7f93e84b9d3698ab6750e39a45c7] S-1-5-21-839522115-115176313-682003330-1013-1-ntuser.dat.LOG File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e] S-1-5-21-839522115-115176313-682003330-1013-1-UsrClass.dat File Size: 262144 BYTES FileVersion: N/A MD5: [14cf5420f9f20e8037cb62d7685acad9] S-1-5-21-839522115-115176313-682003330-500-0-ntuser.datS-1-5-21-839522115-115176313-682003330-500-0-ntuser.dat.LOGS-1-5-21-839522115-115176313-682003330-500-1-ntuser.dat File Size: 786432 BYTES FileVersion: N/A MD5: [03fb72d6bc1d558d77c56301ef31cadc] S-1-5-21-839522115-115176313-682003330-500-1-ntuser.dat.LOG File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e] S-1-5-21-839522115-115176313-682003330-500-1-UsrClass.dat File Size: 262144 BYTES FileVersion: N/A MD5: [308c5d0017ac8df3ec5c8b7ae0f1c8d7] swissarmy.ref File Size: 28249 BYTES FileVersion: N/A MD5: [796931ca33465057e4349a3844809397] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Configuration build.conf File Size: 4658 BYTES FileVersion: N/A MD5: [ab2a13181557f9fcecc3fa6b98266983] database.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] gatekeeper.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] license.conf File Size: 3322 BYTES FileVersion: N/A MD5: [7c5041a4b08e62213038f75901e80df7] manifest.conf File Size: 3640 BYTES FileVersion: N/A MD5: [8fd2bca782e64afb5e35e55136bec5f9] marketing.conf File Size: 6974 BYTES FileVersion: N/A MD5: [53bbca93e7bbeb7f5dca1ef9419ccb28] net.conf File Size: 7436 BYTES FileVersion: N/A MD5: [994ed596e099f2558f375b39568762b8] notifications.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] scheduler.conf File Size: 2085 BYTES FileVersion: N/A MD5: [1ba5464749bc7fc1cafb6a5df98da65b] settings.conf File Size: 2028 BYTES FileVersion: N/A MD5: [78d18edef116e7939977abc15465218c] statistics.conf File Size: 513 BYTES FileVersion: N/A MD5: [8dc3eb69272341c790e0520c79c2318d] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore build.conf File Size: 4179 BYTES FileVersion: N/A MD5: [20d9566b3cf94f1e395de8f40046fc68] database.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] gatekeeper.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] license.conf File Size: 23 BYTES FileVersion: N/A MD5: [0ec01df616b565180556881d8042255b] manifest.conf File Size: 3171 BYTES FileVersion: N/A MD5: [a6e5576f7723acab40490fb9e64dfc1c] marketing.conf File Size: 6974 BYTES FileVersion: N/A MD5: [53bbca93e7bbeb7f5dca1ef9419ccb28] net.conf File Size: 6530 BYTES FileVersion: N/A MD5: [9fb4acfdc11c7af48a760db4c7bfebf0] notifications.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] scheduler.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] settings.conf File Size: 1724 BYTES FileVersion: N/A MD5: [e27b42126b89352fdaae8f1630b9a8d8] statistics.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs protection-log-2016-06-15.xml File Size: 6055 BYTES FileVersion: N/A MD5: [5bc7f11f56c8dfdba08630ac51b0f261] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Quarantine Malware Exclusions: =================== Web Exclusions: ================ Quarantined Items: =================== =============================================================== END OF FILE
  17. Fully Updated only meant all MS updates for XP Home have been installed. Still having the same issue after clean removal and fresh install. Req
  18. Since I posted this I noticed I am also having a similar issue with MBAM. Let me work on that issue first and then if the solution to MBAM does not correct MBAR I'll return to this forum.
  19. System is XP Home fully updated. I've been running the Premium edition of MBAM for years. Today I started a Threat Scan and MBAM stayed on Pre-Scan Operations for over 20 minutes. Tried to cancel the scan but pressing the cancel button had no effect. Restarted computer and repeated threat scan with same result...hung at Pre-Scan Operation. Restarted computer and removed and then reinstalled MBAM but still having same issue. What next?
  20. System is Up-to-date XP Home. I started MBAR, hit the update button and it updated OK. Then when I hit the scan button I saw: Initializing. Done! And that's where it's been for the last few hours. Each press of the cancel button produces another " Scan Interrupted" Trying to X out of the window produces a window message :" Scan is in progress..." Task Manager is unable to end the process. Uninstall and reinstall?
  21. Since Locky seems to be delivered by a MS Office Word macro, does the free trial MBAE protect against it? Or is it time to upgrade to MBAE premium? Or does either prevent it yet?
  22. Since Locky seems to be delivered by a MS Office Word macro, does the free trial MBAE protect against it. Or is it time to upgrade to MBAE premium? Or does either prevent it yet?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.