Malicious Website Protection Disabled, will not enable

tonitunes · October 4, 2014

I have searched over the forums and I seem to have a rather common problem. My Malicious Website Protection is disabled and I cannot emable it. When I try to tick it, it just automatically reverts back to unchosen.

I have already done the complete uninstall and a clean reinstall.

I have already completely disabled bittorrent.

I have already delted anything and everything I could find on this pc associated with the torrents.

Everything should be in order... I stress the should be. Something is up or it would be working right now.

I have the FRST.txt and the Addition.txt, however when I run mbam check the box only flashes up on my screen for a moment before going away, and then there is NO text file on my desk top next to it as it states there should be. Obviously there is a problem there or I am doing something wrong. I hope you can help me.

Here are those files:

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014 01
Ran by Tonya (administrator) on TONYAOFFICE-PC on 04-10-2014 05:25:28
Running from C:\Users\Tonya\Downloads
Loaded Profiles: Tonya & DefaultAppPool (Available profiles: Tonya & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: "https://www.flickr.com/", "hxxp://websearch.allsearches.info/?pid=2145&r=2014/10/01&hid=4125184311013352569&lg=EN&cc=US&unqvl=64"
CHR DefaultSearchKeyword: Default -> 56E6DEDC8E06C89B9B11CB4C72B09EE9E0F1EDE6DF15EAC2AAEFE2DB5840FDDA
CHR DefaultSearchProvider: Default -> 94E34697AE85887A2C21285C2E0A1CC055813A79CD9E73F21CC1C384A55DBE14
CHR DefaultSearchURL: Default -> 94651089D4C4B97AFD956DB7DC8534DA9660A8B04CDDEC061726FE964AA0DF2D
CHR Profile: C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (Facebook Activity Remover) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhdaapekomkhcdfkeogcmhimmmkgkpb [2014-06-10]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-08-26]
CHR Extension: (GooSaVVe) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgimkdhnfccpjpdiokdhcigcelkmbdmd [2014-10-01]
CHR Extension: (AdBlock) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-04]
CHR Extension: (Smart Coupon) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\lomkpheldlbkkfiifcbfifipaofnmnkn [2014-10-01]
CHR Extension: (Ant.com Antmarks Extension) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgcophbdfpadgldcknohpaebpalmelep [2014-01-18]
CHR Extension: (Google Wallet) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (GooSaVVe) - C:\Users\Tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgimkdhnfccpjpdiokdhcigcelkmbdmd\2.0 [2014-10-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-04-13] (Adobe Systems) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-03-27] () [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [706864 2014-08-27] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-09-26] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-09-26] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-05-17] (Nalpeiron Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-05-19] (RealNetworks, Inc.)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 TermService; C:\Windows\System32\termsrv.dll [680960 2010-11-20] (Microsoft Corporation) [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2014-04-03] (Emsisoft GmbH)
R1 BS_I2cIo; C:\Windows\system32\drivers\BS_I2c64.sys [15408 2010-05-17] (BIOSTAR Group)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-04-03] (Emsisoft GmbH)
S3 DxkgFilter; C:\Program Files (x86)\iDisplay\idisplay.sys [55720 2012-08-31] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-09-26] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-04] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-09-26] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 TBPanel; No ImagePath
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-04 05:25 - 2014-10-04 05:25 - 02109440 _____ (Farbar) C:\Users\Tonya\Downloads\FRST64.exe
2014-10-04 05:25 - 2014-10-04 05:25 - 00023367 _____ () C:\Users\Tonya\Downloads\FRST.txt
2014-10-04 05:25 - 2014-10-04 05:25 - 00000000 ____D () C:\FRST
2014-10-04 05:24 - 2014-10-04 05:24 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Tonya\Downloads\mbam-check-2.1.1.1001.exe
2014-10-04 05:20 - 2014-10-04 05:21 - 19831184 _____ (Malwarebytes Corporation ) C:\Users\Tonya\Downloads\mbam-setup-consumer-2.0.3.1024.exe
2014-10-04 05:15 - 2014-10-04 05:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-04 05:15 - 2014-10-04 05:21 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-04 05:15 - 2014-10-04 05:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-04 05:14 - 2014-10-04 05:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-04 05:14 - 2014-10-04 05:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-04 05:14 - 2014-09-26 17:18 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-04 05:14 - 2014-09-26 17:18 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-04 05:14 - 2014-09-26 17:18 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-04 05:08 - 2014-10-04 05:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tonya\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-04 05:08 - 2014-10-04 05:08 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Tonya\Downloads\mbam-clean-2.1.1.1001.exe
2014-10-03 12:38 - 2014-10-03 12:38 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Lavasoft
2014-10-03 12:10 - 2014-10-03 12:10 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\LavasoftStatistics
2014-10-03 12:10 - 2014-10-03 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-10-03 12:06 - 2014-10-03 12:06 - 00000000 ____D () C:\Program Files\Lavasoft
2014-10-03 12:02 - 2014-10-03 12:02 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-10-03 11:59 - 2014-10-03 11:59 - 02806920 _____ () C:\Users\Tonya\Downloads\Adaware_Installer.exe
2014-10-03 11:47 - 2014-10-03 11:47 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-03 11:47 - 2014-10-03 11:47 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-01 11:58 - 2014-10-04 05:11 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-10-01 11:58 - 2014-10-04 05:11 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-10-01 11:58 - 2014-10-02 01:04 - 00000000 ____D () C:\Windows\AutoKMS
2014-10-01 11:54 - 2014-10-01 11:58 - 00000000 ____D () C:\Users\Tonya\Downloads\Office 2010 Toolkit and EZ-Activator v2.2.3
2014-10-01 11:51 - 2014-10-03 11:22 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-10-01 11:50 - 2014-10-03 14:39 - 00000000 ____D () C:\ProgramData\YooUtuabeeAdBlOccKee
2014-10-01 11:50 - 2014-10-03 11:18 - 00000000 ____D () C:\Program Files (x86)\YooUtuabeeAdBlOccKee
2014-10-01 11:49 - 2014-10-01 11:49 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-01 11:49 - 2014-10-01 11:49 - 00000000 ____D () C:\Users\Tonya\AppData\Local\Torch
2014-10-01 11:49 - 2014-10-01 11:49 - 00000000 ____D () C:\Users\Tonya\AppData\Local\Chromatic Browser
2014-10-01 11:49 - 2014-10-01 11:49 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-10-01 11:49 - 2014-10-01 11:49 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-10-01 11:49 - 2014-10-01 11:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-10-01 00:01 - 2014-10-01 17:50 - 00000000 ____D () C:\Program Files\Wondershare
2014-10-01 00:00 - 2014-10-01 00:01 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2014-09-30 21:51 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 21:51 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-27 01:28 - 2014-09-27 01:28 - 00000000 ____D () C:\Users\Tonya\Documents\Outlook Files
2014-09-23 18:18 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 18:18 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-22 23:33 - 2014-10-04 05:10 - 00002642 _____ () C:\Windows\setupact.log
2014-09-22 23:33 - 2014-09-22 23:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-22 23:32 - 2014-10-04 05:10 - 00047750 _____ () C:\Windows\PFRO.log
2014-09-19 06:42 - 2014-09-19 06:45 - 00000000 ____D () C:\Users\Tonya\Documents\Dartagnan
2014-09-18 14:52 - 2014-09-20 01:56 - 00000000 ___RD () C:\Users\Tonya\Desktop\Tonitunes
2014-09-15 19:03 - 2014-09-20 01:58 - 00000000 ____D () C:\Users\Tonya\Documents\Patterns
2014-09-11 03:09 - 2014-08-19 13:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 03:09 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 03:09 - 2014-08-18 18:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 03:09 - 2014-08-18 17:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 03:09 - 2014-08-18 17:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 03:09 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 03:09 - 2014-08-18 17:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 03:09 - 2014-08-18 17:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 03:09 - 2014-08-18 17:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 03:09 - 2014-08-18 17:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 03:09 - 2014-08-18 17:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 03:09 - 2014-08-18 17:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 03:09 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 03:09 - 2014-08-18 17:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 03:09 - 2014-08-18 17:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 03:09 - 2014-08-18 17:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 03:09 - 2014-08-18 17:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 03:09 - 2014-08-18 17:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 03:09 - 2014-08-18 17:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 03:09 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 03:09 - 2014-08-18 16:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 03:09 - 2014-08-18 16:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 03:09 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 03:09 - 2014-08-18 16:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:09 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 03:09 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 03:09 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 03:09 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 03:09 - 2014-08-18 16:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 03:09 - 2014-08-18 16:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 03:09 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 03:09 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 03:09 - 2014-08-18 16:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 03:09 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 03:09 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 03:09 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 03:09 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 03:09 - 2014-08-18 16:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 03:09 - 2014-08-18 16:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 03:09 - 2014-08-18 16:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 03:09 - 2014-08-18 16:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 03:09 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 03:09 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 03:09 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 03:09 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 03:09 - 2014-08-18 16:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 03:09 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 03:09 - 2014-08-18 16:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 03:09 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 03:09 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 03:09 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 03:09 - 2014-08-18 15:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 03:09 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 03:09 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 03:09 - 2014-08-18 15:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 03:09 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 03:01 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 03:01 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 02:59 - 2014-09-04 21:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 02:59 - 2014-09-04 21:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 02:59 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 02:59 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 02:59 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 02:59 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 02:59 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 02:59 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 02:59 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 02:59 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 02:59 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 10:21 - 2014-09-10 10:21 - 00000000 ____D () C:\Users\Tonya\Documents\Wallpaper
2014-09-10 04:37 - 2014-09-10 04:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 04:37 - 2014-09-10 04:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-10 04:37 - 2014-09-10 04:37 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 04:37 - 2014-09-10 04:37 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 04:37 - 2014-09-10 04:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-08 16:10 - 2014-09-08 16:10 - 00000000 __SHD () C:\Users\Tonya\AppData\Local\EmieUserList
2014-09-08 16:10 - 2014-09-08 16:10 - 00000000 __SHD () C:\Users\Tonya\AppData\Local\EmieSiteList
2014-09-04 16:10 - 2014-10-03 16:55 - 00000000 ___RD () C:\Users\Tonya\Desktop\Flea Market

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-04 05:22 - 2012-07-13 22:15 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-04 05:16 - 2009-07-13 23:45 - 00029616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-04 05:16 - 2009-07-13 23:45 - 00029616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-04 05:14 - 2012-10-23 02:25 - 01987167 _____ () C:\Windows\WindowsUpdate.log
2014-10-04 05:11 - 2014-08-31 01:21 - 00003218 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3706992271-1856108655-2962082462-1001
2014-10-04 05:10 - 2014-08-19 18:32 - 00003352 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3706992271-1856108655-2962082462-1001
2014-10-04 05:10 - 2012-07-13 22:15 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-04 05:10 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-04 04:51 - 2011-09-18 04:52 - 00000000 ___RD () C:\Users\Tonya\Desktop\Temp
2014-10-04 04:26 - 2014-06-10 22:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-04 04:22 - 2014-04-04 19:37 - 00000000 ____D () C:\Users\Tonya\Documents\Adobe CS6 AMTLIB 32 and 64-bit Fix
2014-10-04 03:54 - 2013-06-20 19:50 - 00000132 _____ () C:\Users\Tonya\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-10-03 20:48 - 2013-12-10 20:06 - 00000000 ____D () C:\Users\Tonya\Documents\Photoshop Fix
2014-10-03 20:48 - 2011-09-18 16:28 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\BitTorrent
2014-10-03 20:42 - 2011-09-22 14:32 - 00000000 ____D () C:\Users\Tonya\AppData\Local\Corel
2014-10-03 20:42 - 2011-09-22 14:31 - 00002516 ___SH () C:\Windows\SysWOW64\KGyGaAvL.sys
2014-10-03 20:42 - 2011-09-22 14:31 - 00000000 ____D () C:\Users\Tonya\Documents\My PSP Files
2014-10-03 20:31 - 2014-07-25 01:52 - 00000000 ___RD () C:\Users\Tonya\Desktop\Mystery Shopping
2014-10-03 18:48 - 2014-03-24 03:27 - 00000000 ____D () C:\Users\Tonya\AppData\Local\FirestormOS_x64
2014-10-03 16:37 - 2014-08-13 12:45 - 00000000 ___RD () C:\Users\Tonya\Desktop\Credit Bureau Disputes
2014-10-03 15:08 - 2012-02-09 22:40 - 00132608 ___SH () C:\Users\Tonya\Documents\Thumbs.db
2014-10-03 14:39 - 2014-08-19 15:27 - 00000000 ____D () C:\Users\Tonya\Downloads\Filter Forge 4.008 Adobe Photoshop Plug-in
2014-10-03 12:49 - 2011-10-08 09:28 - 00000000 ____D () C:\Users\Tonya\AppData\Local\CutePDF Writer
2014-10-03 12:00 - 2012-02-12 14:43 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-10-02 22:38 - 2014-07-25 21:29 - 00000000 ___RD () C:\Users\Tonya\Desktop\Photos
2014-10-02 22:38 - 2013-12-22 22:59 - 00000000 ____D () C:\Users\Tonya\Documents\Paul & Lisa
2014-10-02 20:32 - 2013-01-03 20:23 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\vlc
2014-10-01 17:50 - 2014-07-31 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2014-10-01 14:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-01 11:50 - 2014-01-18 01:58 - 00000000 ____D () C:\ProgramData\703b461610e17dc5
2014-10-01 11:49 - 2012-07-13 22:15 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-01 11:49 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-01 11:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-10-01 00:01 - 2014-07-31 20:35 - 00000000 ___HD () C:\Program Files (x86)\Dr.Fone_Temp
2014-10-01 00:01 - 2014-07-31 20:35 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2014-09-30 15:34 - 2014-07-27 11:00 - 00000000 ___RD () C:\Users\Tonya\Desktop\Movies
2014-09-30 10:01 - 2009-07-14 00:13 - 00822710 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 13:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-09-22 01:42 - 2010-11-20 22:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-22 01:03 - 2014-04-05 22:13 - 00000000 ____D () C:\Users\Tonya\AppData\Local\CrashDumps
2014-09-21 19:21 - 2013-07-15 17:07 - 00000000 ____D () C:\Users\Tonya\AppData\Local\Darkstorm
2014-09-21 19:12 - 2012-07-17 06:41 - 00000132 _____ () C:\Users\Tonya\AppData\Roaming\Adobe Targa Format CS6 Prefs
2014-09-21 13:55 - 2011-09-25 03:16 - 00000000 ___RD () C:\Users\Tonya\Desktop\Second Life
2014-09-17 19:20 - 2013-07-28 11:04 - 00000000 ___RD () C:\Users\Tonya\Desktop\Crap I'm Selling
2014-09-17 18:59 - 2012-05-02 13:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-17 13:52 - 2011-09-22 18:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-16 20:27 - 2014-07-29 16:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-15 19:03 - 2014-04-21 16:10 - 00000000 ____D () C:\Users\Tonya\Documents\Images
2014-09-14 14:54 - 2014-05-30 07:10 - 00000000 ____D () C:\Users\Tonya\Documents\WTF
2014-09-14 05:17 - 2013-04-27 20:15 - 00003584 ___SH () C:\Users\Tonya\Thumbs.db
2014-09-11 03:08 - 2011-09-22 03:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 03:07 - 2011-09-17 20:54 - 00814832 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 03:06 - 2013-07-15 23:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 03:06 - 2012-05-01 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-11 03:06 - 2011-09-17 20:54 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-11 03:06 - 2011-09-17 20:54 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-11 03:06 - 2011-09-17 20:54 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-11 03:01 - 2011-09-20 15:22 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 03:00 - 2014-05-06 18:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 04:37 - 2012-09-25 16:59 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-09 21:27 - 2014-06-10 22:29 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-09 21:27 - 2014-06-10 22:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 21:27 - 2014-06-10 22:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 02:53 - 2013-02-10 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-09-09 02:53 - 2013-02-10 17:30 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Real
2014-09-09 02:52 - 2011-11-04 14:28 - 00000000 ____D () C:\Users\Tonya\AppData\Local\Google
2014-09-09 02:51 - 2011-10-14 21:38 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-09 02:50 - 2011-10-14 21:40 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Apple Computer
2014-09-09 02:49 - 2013-08-27 06:04 - 00000000 ____D () C:\Users\Tonya\AppData\Roaming\Dropbox
2014-09-09 02:48 - 2011-10-13 15:36 - 00000000 ____D () C:\Program Files (x86)\Blender Foundation
2014-09-09 02:45 - 2011-11-11 16:55 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-09 02:45 - 2011-11-11 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-09 02:45 - 2011-11-11 16:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-08 18:20 - 2011-10-14 21:40 - 00000000 ____D () C:\Users\Tonya\AppData\Local\Apple Computer

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-26 00:46

==================== End Of Log ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2014 01
Ran by Tonya at 2014-10-04 05:25:55
Running from C:\Users\Tonya\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{E39A80AE-0CC0-43EE-AB6B-BE11DC4F969F}_AdAwareUpdater) (Version: 11.3.6321.0 - Lavasoft)
AdAwareInstaller (Version: 11.3.6321.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.3.6321.0 - Lavasoft) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Alien Skin Eye Candy 6 (HKLM\...\Alien Skin Eye Candy 6) (Version: - Alien Skin Software)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.34026 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Codec Pack Packages (HKCU\...\Codec Pack Packages) (Version: - ) <==== ATTENTION
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{42CBCE27-DE9B-4094-B9EB-D4C4C135FFA8}) (Version: - Microsoft)
Filter Forge 4.008 (HKLM-x32\...\Filter Forge 4_is1) (Version: - Filter Forge, Inc.)
Firestorm SecondLife and OpenSim viewer (Version: 4.6.42398 - Phoenix Viewer Project) Hidden
Firestorm-Releasex64 x64 (HKLM-x32\...\{5b0b9787-398d-46f9-ab2c-4f0ad6671f84}) (Version: 4.6.42398 - Phoenix Firestorm Project Inc)
FocalBlade 1.07 64-bit (HKLM\...\FocalBlade 1.07 64-bit_is1) (Version: - The Plugin Site)
FormatFactory 3.3.3.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.3.0 - Format Factory)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iDisplay 2.4.2 (HKLM-x32\...\iDisplay_is1) (Version: 2.4.2.16 - SHAPE)
Imagenomic Noiseware 4.2 Professional Plug-in (build 4205) (HKLM\...\ImagenomicNoisewareProPlugin) (Version: - )
Imagenomic Noiseware 5.0 Plug-in (build 5006) (HKLM\...\ImagenomicNoisewarePlugin) (Version: - )
Imagenomic Portraiture 2.3 Plug-in (build 2308) (HKLM\...\ImagenomicPortraiturePlugin) (Version: - )
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.3.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1024 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Neat Image v7.0 Pro plug-in for Photoshop (64-bit) (HKLM\...\Neat Image plug-in for Photoshop_is1) (Version: - Neat Image team, ABSoft)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
SeaMonkey 2.26.1 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.26.1 (x86 en-US)) (Version: 2.26.1 - Mozilla)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Topaz InFocus (64-bit) (Version: 1.0.0 - Topaz Labs) Hidden
Topaz ReMask 3 (64-bit) (Version: 3.2.0 - Topaz Labs) Hidden
Ultimate Codec Packages (HKCU\...\Ultimate Codec Packages) (Version: - ) <==== ATTENTION
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{AC36E3B7-5095-43B9-9A74-928420F88714}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{860EE8B1-0B9F-4A8A-91FE-649CD3C6754C}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version: - Microsoft)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3706992271-1856108655-2962082462-1001_Classes\CLSID\{ABECE8A0-FF84-4efb-82AE-9B3181CE097D}\InprocServer32 -> C:\Program Files (x86)\TextPad 5\System\shellext64.dll (Helios Software Solutions)

==================== Restore Points =========================

30-09-2014 17:54:49 Windows Update
01-10-2014 04:51:35 Windows Update
03-10-2014 17:00:03 AA11

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06B01FB0-B783-437D-9807-D247D012D538} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {100357E2-28F9-419C-AF32-4B759496AD1C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3706992271-1856108655-2962082462-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {1E1025F8-6AE0-4124-A691-6528A23151A2} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3706992271-1856108655-2962082462-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {1F45A412-441D-460A-AD8A-2585A91FC8B6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {288E5AAE-96A4-4015-BD52-ABA15B3D928B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-10-01] ()
Task: {29015432-28CE-4C92-BCB4-B30006A9651A} - \DSite No Task File <==== ATTENTION
Task: {2C652933-AAB1-478C-B689-70E589A677AB} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3706992271-1856108655-2962082462-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {2F3AFED8-1812-4735-99C0-E70EB18DA702} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {3EB577D9-76B4-4994-A4E9-1A17DFEC0650} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {4EF19C1A-C55A-4B8F-8766-15A603BF76D6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {4FB3CEE1-88FC-47D4-A183-CC143867442C} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3706992271-1856108655-2962082462-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {645C013B-8F0B-40AF-9588-6911B1FAD817} - \Express FilesUpdate No Task File <==== ATTENTION
Task: {73F97963-5FDB-4E8A-AC24-F06259576563} - \DigitalSite No Task File <==== ATTENTION
Task: {8F660233-D1CF-4E1A-987B-6D37589197CC} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {A1C4BCA0-12F0-4988-9E5F-91E5518CA5F4} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3706992271-1856108655-2962082462-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {DDFC8727-FA56-49D1-8EFD-7E0171CFA228} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {EC6444DD-72BC-4FC7-9527-6FED1CCA39D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-11 01:54 - 2014-03-04 08:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-10-08 09:24 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 02745168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareShellExtension.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\RCF.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_filesystem-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_system-vc100-mt-1_55.dll
2014-08-27 12:32 - 2014-08-27 12:32 - 00706864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
2014-08-27 12:53 - 2014-08-27 12:53 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_thread-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_chrono-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_date_time-vc100-mt-1_55.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 11947856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareServiceKernel.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00788824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_regex-vc100-mt-1_55.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00734536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareActivation.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 02167640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareApplicationUpdater.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00813896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareGamingMode.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00098624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareReset.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00120128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTime.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00943960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdater.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00869224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01105224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIgnoreList.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00247624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareQuarantine.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00988504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiMalwareEngine.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiRootkitEngine.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01172816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerHistory.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01277248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScanner.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_timer-vc100-mt-1_55.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00975192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerScheduler.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01109336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareRealTimeProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIncompatibles.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00891720 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiSpam.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00843088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiPhishing.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 03090768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareParentalControl.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 02624848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareWebProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01067344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareEmailProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01290584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNetworkProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01004352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePromo.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00343880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareFeedback.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 02787160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareThreatWorkAlliance.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01238848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePinCode.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01004864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNotice.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00928072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAvcEngine.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00154944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\SecurityCenter.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-13 22:36 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2013-04-13 22:36 - 2012-05-25 04:25 - 00078336 _____ () C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
2014-05-19 14:40 - 2014-05-19 14:40 - 00859224 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-07-29 16:12 - 2014-09-16 20:26 - 03716720 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\91729958.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\91729958.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Tonya\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3706992271-1856108655-2962082462-500 - Administrator - Disabled)
Guest (S-1-5-21-3706992271-1856108655-2962082462-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3706992271-1856108655-2962082462-1004 - Limited - Enabled)
Tonya (S-1-5-21-3706992271-1856108655-2962082462-1001 - Administrator - Enabled) => C:\Users\Tonya

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/04/2014 04:56:35 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (10/04/2014 00:19:51 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (10/03/2014 02:35:13 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (10/02/2014 04:59:18 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (10/02/2014 01:03:41 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (10/01/2014 11:26:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(8c:29:37:14:bf:39@fe80::8e29:37ff:fe14:bf39._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (10/01/2014 11:26:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(8c:29:37:14:bf:39@fe80::8e29:37ff:fe14:bf39._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (10/01/2014 11:26:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(60:69:44:0e:cc:5c@fe80::6269:44ff:fe0e:cc5c._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (10/01/2014 11:26:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(b0:9f:ba:70:53:49@fe80::b29f:baff:fe70:5349._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (10/01/2014 11:24:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

System errors:
=============
Error: (10/04/2014 05:23:10 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.

Error: (10/04/2014 05:23:10 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.

Error: (10/04/2014 05:23:10 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.

Error: (10/04/2014 05:23:10 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.

Error: (10/04/2014 05:22:47 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.

Error: (10/04/2014 05:22:47 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.

Error: (10/04/2014 05:22:47 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.

Error: (10/04/2014 05:22:47 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.

Error: (10/04/2014 05:22:47 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.

Error: (10/04/2014 05:22:47 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.

Microsoft Office Sessions:
=========================
Error: (10/04/2014 04:56:35 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (10/04/2014 00:19:51 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (10/03/2014 02:35:13 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (10/02/2014 04:59:18 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (10/02/2014 01:03:41 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (10/01/2014 11:26:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(8c:29:37:14:bf:39@fe80::8e29:37ff:fe14:bf39._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (10/01/2014 11:26:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(8c:29:37:14:bf:39@fe80::8e29:37ff:fe14:bf39._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (10/01/2014 11:26:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(60:69:44:0e:cc:5c@fe80::6269:44ff:fe0e:cc5c._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (10/01/2014 11:26:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(b0:9f:ba:70:53:49@fe80::b29f:baff:fe70:5349._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (10/01/2014 11:24:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

CodeIntegrity Errors:
===================================
Date: 2013-02-24 18:42:33.997
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-24 18:42:33.955
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-24 18:42:24.421
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-24 18:42:24.399
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-24 18:42:21.970
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-24 18:42:21.948
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 29%
Total physical RAM: 8174.66 MB
Available physical RAM: 5736.41 MB
Total Pagefile: 16347.49 MB
Available Pagefile: 13560.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:819.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B1D98CFA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

tonitunes · October 4, 2014

My appologies for not doing this on my first post.

I uninstalled Ad-Aware, a free program I was running, and then attempted to run the mbam check as administrator again, this time it worked. Below you will find the log:

CheckResults.txt

mbam-check result log version:     2.1.1.1001
========================================

User Account type:                 Administrator
OS:                                Windows 7 Service Pack 1 Service Pack 1 64 bit Operating System
Current Version and Build:         6.1.7601.0
Malwarebytes Anti-Malware:         2.0.3.1024
Installed On:                      2014/10/04
Malware Database:                  2014.10.04.07
Rootkit Database:                  2014.09.19.01
Remediation Database:              2013.10.16.01
IP Database:                       0000.00.00.00
Domain Database:                   0000.00.00.00
License:                           Premium
Malware Protection:                4 (The service is running.)
Malicious Website Protection:      1 (The service is not running.)
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2014/10/04 05:36:56
Compatibility Flag Settings:
=================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
   C:\Users\Tonya\AppData\Roaming\BitTorrent\eyecandy\eyecandy4000\Eye Candy 4000.exeREG_SZ       WINXPSP2
   C:\Windows\unvise32.exe       REG_SZ       WINXPSP2
   C:\Program Files (x86)\Safari\Safari.exeREG_SZ       DISABLEUSERCALLBACKEXCEPTION
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
   C:\Program Files (x86)\Wondershare\Dr.Fone for iOS\iphoneRecovery_DrFoneForiOS.exeREG_SZ       RUNASADMIN
   C:\Program Files\Wondershare\Wondershare Dr.Fone for iOS\iphoneRecovery_DrFoneForiOS.exeREG_SZ       RUNASADMIN
   C:\Program Files\Wondershare\Wondershare Dr.Fone for iOS\UnInstall.exeREG_SZ       RUNASADMIN

Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:

MBAM Startup Entries:
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Malwarebytes Anti-Malware Service and Driver Status:
=======================================================

--------------Driver File Info:--------------
C:\Windows\system32\drivers\mbam.sys
File Size: 25816     BYTES   FileVersion: 0.1.15.0   MD5: [e41b300b8d1a82a85794af741f5b58a5]
C:\Windows\system32\drivers\mwac.sys
File Size: 63704     BYTES   FileVersion: 1.0.6.0   MD5: [ce95c123b5d61ebbb17cb606cc8451d4]
C:\Windows\system32\drivers\mbamswissarmy.sys
File Size: 129752    BYTES   FileVersion: 0.2.13.0   MD5: [26c43960c99ee861a5d0edc4dcf3b1c3]
C:\Windows\system32\drivers\mbamchameleon.sys
File Size: 93400     BYTES   FileVersion: 1.1.4.0   MD5: [b3d3321a0fc00e13c58d178dace4449c]

--------------MBAMProtector:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

--------------MBAMService:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

--------------MBAMScheduler:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A

--------------MBAMWebAccessControl:--------------
Type:                   2
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1075
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

Required Dependencies:
======================

--------------BFE:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: BFE
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
   AttachWhenLoaded              REG_DWORD       1
   DisplayName                   REG_SZ       @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
   Group                         REG_SZ       FSFilter Infrastructure
   ImagePath                     REG_EXPAND_SZ   system32\drivers\fltmgr.sys
   Description                   REG_SZ       @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
   ErrorControl                  REG_DWORD       3
   Start                         REG_DWORD       0
   Tag                           REG_DWORD       1
   Type                          REG_DWORD       2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
   0                             REG_SZ       Root\LEGACY_FLTMGR\0000
   Count                         REG_DWORD       1
   NextInstance                  REG_DWORD       1

C:\Windows\system32\drivers\fltmgr.sys
File Size: 289664    BYTES   FileVersion: 6.1.7601.17514   MD5: [da6b67270fd9db3697b20fce94950741]
C:\Windows\SysWOW64\mscomctl.ocx
File Size: 1081616   BYTES   FileVersion: 6.1.97.82   MD5: [ecc7d7f0d3446de36045d1d9e964fafe]
C:\Windows\SysWOW64\olepro32.dll
File Size: 90112     BYTES   FileVersion: 6.1.7601.17514   MD5: [703ffd301ab900b047337c5d40fd6f96]

MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced:
    AutomaticQuarantine:                                       true
    AutostartProtection:                                       true
    LimitedMode:                                               false
    StartSilentMode:                                           false
    StartupDelay:                                              0
ApplicationState:
    First-Run-After-Installation:                              false
General:
    DaysUntilNotifyExpiration:                                 5
    Language:                                                  en
    RightClickAccess:                                          false
    SilentErrors:                                              false
Logging:
    ExportLog:                                                 true
Notification:
ProtectionTray:
    DisplayMilliseconds:                                       7000
ScanHistory:
    Duration_Driver:                                           0
    Duration_Filesystem:                                       1000
    Duration_Heuristics:                                       8000
    Duration_Loading:                                          0
    Duration_MasterBootRecord:                                 0
    Duration_Memory:                                           40000
    Duration_PreScan:                                          13000
    Duration_Registry:                                         22000
    Duration_Sector:                                           0
    Duration_Startup:                                          11000
    ItemCount_Driver:                                          0
    ItemCount_Filesystem:                                      51014
    ItemCount_Heuristics:                                      108509
    ItemCount_Loading:                                         0
    ItemCount_MasterBootRecord:                                0
    ItemCount_Memory:                                          2797
    ItemCount_PreScan:                                         0
    ItemCount_Registry:                                        577
    ItemCount_Sector:                                          0
    ItemCount_Startup:                                         1065
    LastScanDateEpoch:                                         1412417826992
    LastScanType:                                              1 (Threat Scan)
Update:
    LastUpdate:                                                2014-10-04T10:22:34
    NotifyInstallReady:                                        true
    NotifyOutdatedDatabase:                                    7
    ProxyPassword:
    ProxyPort:                                                 0
    ProxyServer:
    ProxyUsername:
    UseProxy:                                                  false
    UseProxyAuthentication:                                    false
--------------Account:--------------
Account Status:                                              Premium
Expiration Time:                                             2034/10/04 05:16:58
Activation Time:                                             2014/10/04 05:16:58
Trial Used:                                                  false
--------------Access Policies:--------------

Scheduler Queue:
================

tasks:
    61f06d80-480b-43b8-a48d-2e8a5fa86dab:
      parameters:
        CheckForUpdatesBeforeScanStart:                        true
        ScanConfig:
          ExitWhenNoMalwareDetected:                           false
          ExportLog:                                           true
          FileSystemOption:                                    true
          RebootSystemWhenMalwareDetected:                     false
          RemoveMalwareAutomaticallyWhenScanEnds:              false
          ScanArchives:                                        true
          ScanExtra:                                           true
          ScanHeuristic:                                       true
          ScanMemoryObjects:                                   true
          ScanPUM:                                             2
          ScanPUP:                                             2
          ScanRegistry:                                        true
          ScanRootkits:                                        false
          ScanStartup:                                         true
          ScanTargets:
          ScanType:                                            1 (Threat Scan)
          Silent:                                              true
          TerminateExplorerWhenMalwareIsRemoved:               false
        StartTaskFromSystemAccount:                            false
        TaskType:                                              0
      triggers:
        11ecba15-f993-405e-b530-64e3f533e71b:
          dateinterval:                                        1:0:0
          lastscheduled:
          lasttriggered:
          nextscheduled:                                       Sun, 05 Oct 2014 02:28:45 -0500
          recovery:                                            23:00:00
          start:                                               Sun, 05 Oct 2014 02:20:09 -0500
          timeinterval:                                        00:00:00
          type:                                                4
          uuid:                                                11ecba15-f993-405e-b530-64e3f533e71b
      type:                                                    scan
      uuid:                                                    61f06d80-480b-43b8-a48d-2e8a5fa86dab
    9e482074-7d53-4c8c-9803-d8712ed9d0ae:
      parameters:
        NotifyWhenUpdateCompletes:                             true
        TaskType:                                              3
      triggers:
        faacde4b-4bd3-4f22-ae08-8fc9fac6ac0b:
          dateinterval:                                        0:0:0
          lastscheduled:
          lasttriggered:
          nextscheduled:                                       Sat, 04 Oct 2014 05:39:08.983993 -0500
          recovery:                                            00:00:00
          start:                                               Sat, 04 Oct 2014 05:33:14.983993 -0500
          timeinterval:                                        01:00:00
          type:                                                3
          uuid:                                                faacde4b-4bd3-4f22-ae08-8fc9fac6ac0b
      type:                                                    update
      uuid:                                                    9e482074-7d53-4c8c-9803-d8712ed9d0ae

Pending File Rename Operations:
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
Pending File Rename Operations:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
   PendingFileRenameOperations   REG_MULTI_SZ   \??\C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll.old

MBAMProtector Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
   Type                          REG_DWORD       2
   Start                         REG_DWORD       3
   ErrorControl                  REG_DWORD       1
   ImagePath                     REG_EXPAND_SZ   \??\C:\Windows\system32\drivers\mbam.sys
   Group                         REG_SZ       FSFilter Anti-Virus
   DependOnService               REG_MULTI_SZ   FltMgr

   WOW64                         REG_DWORD       1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
   DefaultInstance               REG_SZ       MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
   Altitude                      REG_SZ       328800
   Flags                         REG_DWORD       0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters
   PassThruFile                  REG_SZ       mbampt.exe
   ProductPath                   REG_SZ       C:\Program Files (x86)\Malwarebytes Anti-Malware
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum
   0                             REG_SZ       Root\LEGACY_MBAMPROTECTOR\0000
   Count                         REG_DWORD       1
   NextInstance                  REG_DWORD       1

MBAMService Registry Values:
============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
   Type                          REG_DWORD       16
   Start                         REG_DWORD       2
   ErrorControl                  REG_DWORD       1
   ImagePath                     REG_EXPAND_SZ   "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
   DependOnService               REG_MULTI_SZ   MBAMProtector

   WOW64                         REG_DWORD       1
   ObjectName                    REG_SZ       LocalSystem
   Description                   REG_SZ       Malwarebytes Anti-Malware service
   DelayedAutostart              REG_DWORD       0

MBAMScheduler Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler
   Type                          REG_DWORD       16
   Start                         REG_DWORD       2
   ErrorControl                  REG_DWORD       1
   ImagePath                     REG_EXPAND_SZ   "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
   WOW64                         REG_DWORD       1
   ObjectName                    REG_SZ       LocalSystem
   Description                   REG_SZ       Malwarebytes Anti-Malware scheduler

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

--------------TERMService:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

TermService Start is set to: 3 (Manual Startup)

Proxy Status: No proxy is Set

Auto Config URL:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
   AutoConfigURL   REG_SZ       http://proxy.kodak.com:81/proxy.pac

LAN Settings:
=============

'Automatically detect settings' and 'Use automatic configuration script' are selected

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
   SystemPartition   REG_SZ       \Device\HarddiskVolume1

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
       h:mm:ss tt
       AM
       PM
       :

Currently:
REG_SZ       h:mm:ss tt
REG_SZ       AM
REG_SZ       PM
REG_SZ       :

Language and Regional Settings:
===============================

ACP:    Language is English (United States)
MACCP:    Language is English (United States)
OEMCP:    Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's Startup Folder Exists.

Context Menu Entries:
=====================

List of MBAM Related Directories:
=================================

C:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll                                     File Size: 920888    BYTES   FileVersion: 9.20.0.0       MD5: [1f43819dafb1cc1a7ec801fa9f3e1a82]
changes.txt                                File Size: 3104      BYTES   FileVersion: N/A            MD5: [19d7146fc559ff9bebe82ebe05498ca0]
license.rtf                                File Size: 39478     BYTES   FileVersion: N/A            MD5: [8627b31943a534aad30d154c2b2c1aaf]
master.conf                                File Size: 1258      BYTES   FileVersion: N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                   File Size: 579896    BYTES   FileVersion: 1.0.16.0       MD5: [d01dc119aec3a40ef1a68030bf25e7a1]
mbam.exe                                   File Size: 7227704   BYTES   FileVersion: 1.0.1.706      MD5: [03a7ba383abdd43fc939248cdd4a788d]
mbamcore.dll                               File Size: 1829176   BYTES   FileVersion: 1.1.20.0       MD5: [5847fd5d1c10b33afefc6831a4a8dc8b]
mbamdor.exe                                File Size: 54072     BYTES   FileVersion: 1.0.1.0        MD5: [574fcf102b07844cdfb09876f53325ae]
mbamext.dll                                File Size: 310584    BYTES   FileVersion: 3.0.6.0        MD5: [67c7a1e52a5aecb9a42fa9e14bb11075]
mbamext.dll.old                            File Size: 184632    BYTES   FileVersion: 3.0.4.0        MD5: [945bb364b09f3a8e998dbff02a0a5a58]
mbampt.exe                                 File Size: 39736     BYTES   FileVersion: 1.0.0.0        MD5: [73de86ea61c82893feb77c4487e4250e]
mbamscheduler.exe                          File Size: 1871160   BYTES   FileVersion: 3.1.1.0        MD5: [a98e5ab8ea5e09eb7c40ee5af56b7064]
mbamservice.exe                            File Size: 968504    BYTES   FileVersion: 3.0.8.0        MD5: [1e333a7474a9c4ba9e2e5432ea934414]
mbamsrv.dll                                File Size: 4463928   BYTES   FileVersion: 1.2.0.0        MD5: [879fc9260296583490edb294d647965d]
msvcp100.dll                               File Size: 421688    BYTES   FileVersion: 10.0.40219.325 MD5: [28d1fad8c2193046c1b92704d39185fd]
msvcr100.dll                               File Size: 774456    BYTES   FileVersion: 10.0.40219.325 MD5: [0ac5e820315989e80bb37e619e0b15ad]
QtCore4.dll                                File Size: 2732856   BYTES   FileVersion: 4.8.4.0        MD5: [6f6124b7711dc922d9e674a79ea1203f]
QtGui4.dll                                 File Size: 8575288   BYTES   FileVersion: 4.8.4.0        MD5: [156c2813e497f2d8652f03b0bc7e8458]
QtNetwork4.dll                             File Size: 909112    BYTES   FileVersion: 4.8.4.0        MD5: [5e6baa70f1009ea0255d8b3477b1c9d6]
unins000.dat                               File Size: 48442     BYTES   FileVersion: N/A            MD5: [cacec992fb9f70a8111bab8c5c51e23a]
unins000.exe                               File Size: 718037    BYTES   FileVersion: 51.52.0.0      MD5: [d2796ecf50731e696f0c065d24c0827a]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\accessible
qtaccessiblewidgets4.dll                   File Size: 198968    BYTES   FileVersion: 4.8.4.0        MD5: [7587ebc9e7e694e1037451541e2b8eac]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                              File Size: 235882    BYTES   FileVersion: N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                                File Size: 761656    BYTES   FileVersion: 3.1.7.0        MD5: [dd14c17801fd9d87340df54755baab5e]
firefox.exe                                File Size: 761656    BYTES   FileVersion: 3.1.7.0        MD5: [dd14c17801fd9d87340df54755baab5e]
firefox.pif                                File Size: 761656    BYTES   FileVersion: 3.1.7.0        MD5: [dd14c17801fd9d87340df54755baab5e]
firefox.scr                                File Size: 761656    BYTES   FileVersion: 3.1.7.0        MD5: [dd14c17801fd9d87340df54755baab5e]
iexplore.exe                               File Size: 761656    BYTES   FileVersion: 3.1.7.0        MD5: [dd14c17801fd9d87340df54755baab5e]
mbam-chameleon.com                         File Size: 761656    BYTES   FileVersion: 3.1.7.0        MD5: [dd14c17801fd9d87340df54755baab5e]
mbam-chameleon.exe                         File Size: 761656    BYTES   FileVersion: 3.1.7.0        MD5: [dd14c17801fd9d87340df54755baab5e]
mbam-chameleon.pif                         File Size: 761656    BYTES   FileVersion: 3.1.7.0        MD5: [dd14c17801fd9d87340df54755baab5e]
mbam-chameleon.scr                         File Size: 761656    BYTES   FileVersion: 3.1.7.0        MD5: [dd14c17801fd9d87340df54755baab5e]
mbam-killer.exe                            File Size: 1188664   BYTES   FileVersion: 3.0.2.0        MD5: [ae41d0c283d60969456a28de3aea29f7]
rundll32.exe                               File Size: 761656    BYTES   FileVersion: 3.1.7.0        MD5: [dd14c17801fd9d87340df54755baab5e]
svchost.exe                                File Size: 761656    BYTES   FileVersion: 3.1.7.0        MD5: [dd14c17801fd9d87340df54755baab5e]
windows.exe                                File Size: 761656    BYTES   FileVersion: 3.1.7.0        MD5: [dd14c17801fd9d87340df54755baab5e]
winlogon.exe                               File Size: 761656    BYTES   FileVersion: 3.1.7.0        MD5: [dd14c17801fd9d87340df54755baab5e]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
qgif4.dll                                  File Size: 32568     BYTES   FileVersion: 4.8.4.0        MD5: [12c9169e1d6ff650e614aea6e7d8b114]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_ar.qm                                 File Size: 139423    BYTES   FileVersion: N/A            MD5: [9771d098e918204a99fa0068f431e6ba]
lang_bg.qm                                 File Size: 147865    BYTES   FileVersion: N/A            MD5: [d250b37179f313e58267f7946e0522d4]
lang_bs.qm                                 File Size: 145523    BYTES   FileVersion: N/A            MD5: [6ab7a6274d4f9f7553c944f5c66201ba]
lang_ca.qm                                 File Size: 149256    BYTES   FileVersion: N/A            MD5: [0cc2735ee2f231ea5d964c323ca73e08]
lang_cs.qm                                 File Size: 142601    BYTES   FileVersion: N/A            MD5: [8426f7126d2851a1e6ca1f1f7e45d2ec]
lang_da.qm                                 File Size: 143131    BYTES   FileVersion: N/A            MD5: [6fe13d4a5a44a3390bf9940404eeb6c7]
lang_de.qm                                 File Size: 151959    BYTES   FileVersion: N/A            MD5: [9517c7c9865b5641c5c250c84b51a6d1]
lang_el.qm                                 File Size: 152327    BYTES   FileVersion: N/A            MD5: [4cd483236d99cf40e9d8cf534bac05e7]
lang_en.qm                                 File Size: 137689    BYTES   FileVersion: N/A            MD5: [d34a8afc30bb472c443f7f088513ff04]
lang_es.qm                                 File Size: 149211    BYTES   FileVersion: N/A            MD5: [1ee5f6535d02c94812e54e3ed65de6ac]
lang_et.qm                                 File Size: 141939    BYTES   FileVersion: N/A            MD5: [f6faee4a33654bb27dcf2f9d4cf955ef]
lang_fi.qm                                 File Size: 145730    BYTES   FileVersion: N/A            MD5: [9f4ff431ec70747591ef0e0eaf3ed2cb]
lang_fr.qm                                 File Size: 153965    BYTES   FileVersion: N/A            MD5: [8dd69dd62ee617dc3ca4f25ab2c70af8]
lang_he.qm                                 File Size: 134117    BYTES   FileVersion: N/A            MD5: [3ad149f1778e6e8f8f89ecfe67a1e62e]
lang_hr.qm                                 File Size: 139841    BYTES   FileVersion: N/A            MD5: [3e3737fe86eb595c5f6817eebf731aa7]
lang_hu.qm                                 File Size: 147806    BYTES   FileVersion: N/A            MD5: [7c3ae4dde80fa8759968b218a03a7a73]
lang_id.qm                                 File Size: 145710    BYTES   FileVersion: N/A            MD5: [c2a0325d9dfb5c5fce7a4832837896e7]
lang_it.qm                                 File Size: 148249    BYTES   FileVersion: N/A            MD5: [4766a519a653d8e6f6ad32094a2a059b]
lang_ja.qm                                 File Size: 122782    BYTES   FileVersion: N/A            MD5: [339134f906b770b833653682264bdc23]
lang_ko.qm                                 File Size: 119240    BYTES   FileVersion: N/A            MD5: [5042df441910dfe9f6a55d3c005b00c7]
lang_lt.qm                                 File Size: 146950    BYTES   FileVersion: N/A            MD5: [5c0fca31ff0a6d2b3f6d1722940a2dc6]
lang_lv.qm                                 File Size: 146072    BYTES   FileVersion: N/A            MD5: [8623ed6977cd81c0d520f5fd84788d93]
lang_nl.qm                                 File Size: 147725    BYTES   FileVersion: N/A            MD5: [1b391d5599be4724018624a27014eb75]
lang_no.qm                                 File Size: 144153    BYTES   FileVersion: N/A            MD5: [2d53348f8e74f26f065e0c83e8fff7fe]
lang_pl.qm                                 File Size: 147483    BYTES   FileVersion: N/A            MD5: [ce39bae20f8a2b42f93f2f5a5c6dd63e]
lang_pt_BR.qm                              File Size: 146906    BYTES   FileVersion: N/A            MD5: [b337c75fa23ba36176719d54c0269560]
lang_pt_PT.qm                              File Size: 144956    BYTES   FileVersion: N/A            MD5: [b41016907930a96a11aadb348fd9a1b6]
lang_ro.qm                                 File Size: 146821    BYTES   FileVersion: N/A            MD5: [69c447559268a873808d5ae48b425ad9]
lang_ru.qm                                 File Size: 148179    BYTES   FileVersion: N/A            MD5: [51d4d0c155de54f24b09be7040a7ff15]
lang_sk.qm                                 File Size: 144330    BYTES   FileVersion: N/A            MD5: [3a00a97315c24e6820f8939920ef14b4]
lang_sl.qm                                 File Size: 144582    BYTES   FileVersion: N/A            MD5: [47db99ccdd98936e6a38957321c71317]
lang_sr.qm                                 File Size: 143261    BYTES   FileVersion: N/A            MD5: [377d15c0da0249f4a7a58978b6307d81]
lang_sv.qm                                 File Size: 145435    BYTES   FileVersion: N/A            MD5: [a2b33c0364aad3e9d7daafdd4f286ee1]
lang_th.qm                                 File Size: 137957    BYTES   FileVersion: N/A            MD5: [6a24ece552172d805cd428853255d294]
lang_tr.qm                                 File Size: 144262    BYTES   FileVersion: N/A            MD5: [18b7fec7611c038780ee77044e523f70]
lang_vi.qm                                 File Size: 144480    BYTES   FileVersion: N/A            MD5: [708062759498e791186bbe64b7246d0c]
lang_zh_tr.qm                              File Size: 110870    BYTES   FileVersion: N/A            MD5: [f223d83580b1ee35edea13293cb2c80d]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                              File Size: 821560    BYTES   FileVersion: 1.1.0.1010     MD5: [7a7578932a0ad60c82082c90acf519c7]

C:\Users\Tonya\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                                File Size: 314       BYTES   FileVersion: N/A            MD5: [b26a36c0696e299fdfebe180c09c2737]
domains.ref                                File Size: 38        BYTES   FileVersion: N/A            MD5: [8c30b536b67543eb68e68b9640d4d498]
exclusions.dat                             File Size: 0         BYTES   FileVersion: N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref                                    File Size: 33        BYTES   FileVersion: N/A            MD5: [8a1c580788ea8de3f32862c2c1cf373c]
rules.ref                                  File Size: 9734650   BYTES   FileVersion: N/A            MD5: [112e76c6675fe7a4effd62ff805dd2cb]
swissarmy.ref                              File Size: 22346     BYTES   FileVersion: N/A            MD5: [4c8434c6e21d4279920e4fefc807eaab]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                                 File Size: 4571      BYTES   FileVersion: N/A            MD5: [ce81c78cd5ec024657c4298a51691155]
database.conf                              File Size: 4         BYTES   FileVersion: N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                            File Size: 4         BYTES   FileVersion: N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                               File Size: 577       BYTES   FileVersion: N/A            MD5: [30b46ec3a1cc275fc3826c6e3340b903]
manifest.conf                              File Size: 1707      BYTES   FileVersion: N/A            MD5: [73dff2fdd66c64733bac5c21604b9a7e]
marketing.conf                             File Size: 1434      BYTES   FileVersion: N/A            MD5: [19533c40d9c9778b2ab423dbcf063d80]
net.conf                                   File Size: 6068      BYTES   FileVersion: N/A            MD5: [ceb0e8ac6427bc24c252cd0f785dbc14]
notifications.conf                         File Size: 4         BYTES   FileVersion: N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                             File Size: 2049      BYTES   FileVersion: N/A            MD5: [41d13732f8cf3c4ee6e61313a717c787]
settings.conf                              File Size: 1913      BYTES   FileVersion: N/A            MD5: [a926825d743232f73910716f610e34a2]
statistics.conf                            File Size: 597       BYTES   FileVersion: N/A            MD5: [a2f6de4d2221b19df462a34a45b86c14]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore
build.conf                                 File Size: 4155      BYTES   FileVersion: N/A            MD5: [7fc1d134da36d1fcfa2ca6c9ab2e7c9c]
database.conf                              File Size: 4         BYTES   FileVersion: N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                            File Size: 4         BYTES   FileVersion: N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                               File Size: 23        BYTES   FileVersion: N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                              File Size: 1566      BYTES   FileVersion: N/A            MD5: [c14211fdad7b13211384b3b8b22f39be]
marketing.conf                             File Size: 1434      BYTES   FileVersion: N/A            MD5: [19533c40d9c9778b2ab423dbcf063d80]
net.conf                                   File Size: 5344      BYTES   FileVersion: N/A            MD5: [973e9c5714cc0c56a7b9c83d876754dd]
notifications.conf                         File Size: 4         BYTES   FileVersion: N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                             File Size: 4         BYTES   FileVersion: N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                              File Size: 1725      BYTES   FileVersion: N/A            MD5: [06c52d7137dac16e1661f7cf004f2e4d]
statistics.conf                            File Size: 4         BYTES   FileVersion: N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
protection-log-2014-10-04.xml              File Size: 18011     BYTES   FileVersion: N/A            MD5: [4de8e835d666ef8e6ae73fae959d5603]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine

Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
===============================================================
END OF FILE

Maurice Naggar · October 4, 2014

oops, sorry, disregard the very last post. Please stay tuned.

Edited October 4, 2014 by Maurice Naggar

Maurice Naggar · October 4, 2014

Hello,

A very important Windows service, Base Filtering Engine, is not running. That condition will put a kibosh on the security of the system.

Using Windows Explorer, go to this folder on your system C:\Program Files (x86)\Malwarebytes Anti-Malware\Plugins
You will see a Fixdamage.exe
Double click on it to start it to run.

It should run fairly quickly.

By the way, as we proceed forward, always just attach the report(s) I ask you to send.

Now make a new run of mbam-check and attach the new Checkresults.txt

Download >> Farbar's Service Scanner utility << and Save to your Desktop.
If using Windows 7 or 8 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other services

Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Attach FSS.txt into your reply.

tonitunes · October 4, 2014

Thank you for your quick reply!!!

I have done what you requested, and attached you will find the files you requested.

CheckResults.txt

FSS.txt

Maurice Naggar · October 4, 2014

That's much better. I see the Windows BFE service is on now. The FSS services report is good.

How is the program now?

By the way, congratulations on getting version 2.0.3

I would like for you to start the program.
Click on the Settings icon at the top bar up at top.
Then click the **Advanced Settings** button at the left.
Be sure all top 3 lines on that window are check-marked ( selected ).

Click the Settings icon >> then Detection and Protection
are the 2 protections on for Malware protection + Malicious website protection ?

Click whichever one is not "ON" **slowly and wait just a bit**. They typically will get going but require some patience.

Then too, sometimes after doing the above, you also need to do a Start >> Logoff >> Shutdown >> Restart.

Please let me know if you have any questions or need further assistance.

tonitunes · October 4, 2014

You are a saint!!! I love you.

After another reboot I was able to activate it and it is all working perfectly now. I have both protections running.

Thank you VERY much!!

Maurice Naggar · October 4, 2014

Awesome. I am happy to see that version 2.0.3 is doing fine.

The program will notify you when the released version is available.

For now, start the program. Click **Settings** icon on the very top bar.
Click the button marked **Update settings** on the left.
Look at the white area marked **Update Options**
Be sure that the line is selected with a check-mark for
Check for program updates when checking for database updates.

You may delete FRST64.exe and mbam-check-2.1.1.1001.exe

Thanks for choosing Malwarebytes.
I wish you all the best.

Regards,
Maurice
Product Support

Malwarebytes Corporation
Crushes malware. Restores confidence.

Malicious Website Protection Disabled, will not enable

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Important Information