Win 7 Laptop - Can't Format D, Can't Install Updates

Deanie · May 16, 2016

Hi, I have a Windows 7 Home Premium laptop (purchased in 2010, my first and only computer, so I'm not too literate), 64-bit. It came with Webroot Security installed, which I don't use. I regularly scan with Malwarebytes (Free Version). I just completed a scan and there are no objects detected. Within the past month, there have been a couple of PUP files quarantined and I have deleted them.

I've had two issues in the past week or so -- 1) Scheduled weekly back-up to DVD-RW in D: drive has failed. I tried several new disks and all formatting failed. I checked my Devices and computer indicates that drivers are working properly. 2) I successfully installed Windows updates last week, however, 18 updates from 2 days ago failed. While the computer said "Downloading Updates", the percentage remained at 0%. It didn't move. Thanks.

AdvancedSetup · May 18, 2016

Hello and :welcome:

Please read the following and post back the 3 requested logs.

Diagnostic Logs

Thank you

Ron

Deanie · May 18, 2016

Hi Ron, I didn't understand your 4th bullet under "Log Set 2", but here is my mbam-check log:

mbam-check result log version: 2.3.2.0
========================================

User Account type: Administrator
DomainComputer: No
OS: Windows 7 Service Pack 1 Service Pack 1 64 bit Operating System
Current Version and Build: 6.1.7601
Malwarebytes Anti-Malware: 2.2.1.1043
Installed On: 2016/04/24
Malware Database: 2016.05.15.06
Rootkit Database: 2016.05.06.01
Remediation Database: 2016.05.11.01
IP Database: 2016.05.13.03
Domain Database: 2016.05.14.02
License: Free
Malware Protection: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
Malicious Website Protection: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMWebAccessControl
Chameleon: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created: 2016/05/18 11:18:24

User Information for Local System:
===========================================
User Account: Administrator
   Account Level: Admin
User Account: Guest
   Account Level: Guest
User Account: Owner
   Account Level: Admin
Total # of user entries: 3

UAC Settings:
===================
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
DWORD 1 Status: ON
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
DWORD 5 Status: ON

AntiVirus Information:
===================
AntiVirus Software Installed: "Webroot SecureAnywhere"

FireWall Information:
===================
NO 3rd Party Firewall Software Installed

AntiSpyware Information:
===================
AntiSpyware Software Installed: "Webroot SecureAnywhere"
AntiSpyware Software Installed: "Windows Defender"

Machine Information
===============================================
Machine ID:   f2885a2f171ad4bf80ba8fa531b2df5aa368f489
Installation Token:   uRt5Dome2EEFxvUyhZVB
System has been up for:    14.4375 Hours
Current Date:   2016-May-18 15:19:25.166701
Date Booted:   2016-May-18 01:19:25.166701

Detection and Protection Settings
===============================================
Use Advanced Heuristics Engine (Shuriken): true
Scan for rootkits: true
Scan within archives: true
PUP (Potentially Unwanted Program) detections: Treat Detections as Malware
PUM (Potentially Unwanted Modification) detections: Treat Detections as Malware

Compatibility Flag Settings:
=================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exeREG_SZ DISABLEUSERCALLBACKEXCEPTION
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
SIGN.MEDIA=1E0051F8 Epson.exe REG_SZ ELEVATECREATEPROCESS

Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:

MBAM Startup Entries:
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Malwarebytes Anti-Malware Service and Driver Status:
=======================================================

--------------Driver File Info:--------------
C:\windows\system32\drivers\mbam.sys
File Size: 27008 BYTES   FileVersion: 0.1.16.0   MD5: [78bff5425e044086e74e78650a359fbb]
C:\windows\system32\drivers\mwac.sys
File Size: 64896 BYTES   FileVersion: 1.0.6.0   MD5: [452acb7a9914398d9e18cccffcf92208]
C:\windows\system32\drivers\mbamswissarmy.sys
File Size: 192216 BYTES   FileVersion: 0.3.0.4   MD5: [78488af2ab2111d67b3c4044707a519b]
C:\windows\system32\drivers\mbamchameleon.sys
File Size: 140672 BYTES   FileVersion: 1.1.22.0   MD5: [1239597bab7eed2bb16d035af87e65d9]

--------------MBAMProtector:--------------
Type: N/A
State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
WIN32_EXIT_CODE: N/A
SERVICE_EXIT_CODE: N/A
CHECKPOINT: N/A
WAIT_HINT: N/A

--------------MBAMService:--------------
Type: N/A
State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService
WIN32_EXIT_CODE: N/A
SERVICE_EXIT_CODE: N/A
CHECKPOINT: N/A
WAIT_HINT: N/A

--------------MBAMScheduler:--------------
Type: N/A
State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler
WIN32_EXIT_CODE: N/A
SERVICE_EXIT_CODE: N/A
CHECKPOINT: N/A
WAIT_HINT: N/A

--------------MBAMChameleon:--------------
Type: N/A
State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE: N/A
SERVICE_EXIT_CODE: N/A
CHECKPOINT: N/A
WAIT_HINT: N/A

--------------MBAMWebAccessControl:--------------
Type: N/A
State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControl
WIN32_EXIT_CODE: N/A
SERVICE_EXIT_CODE: N/A
CHECKPOINT: N/A
WAIT_HINT: N/A

Required Dependencies:
======================

--------------BFE:--------------
Type: 32
State: 4 (The service is running.)
WIN32_EXIT_CODE: 0
SERVICE_EXIT_CODE: 0
CHECKPOINT: 0
WAIT_HINT: 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
   DisplayName REG_SZ       @%SystemRoot%\system32\bfe.dll,-1001
   Group REG_SZ       NetworkProvider
   ImagePath REG_EXPAND_SZ   %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
   Description REG_SZ       @%SystemRoot%\system32\bfe.dll,-1002
   ObjectName REG_SZ       NT AUTHORITY\LocalService
   ErrorControl REG_DWORD       1
   Start REG_DWORD       2
   Type REG_DWORD       32
   DependOnService REG_MULTI_SZ   RpcSs

ServiceSidType REG_DWORD 3
RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege

FailureActions REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
   ServiceDll REG_EXPAND_SZ   %SystemRoot%\System32\bfe.dll
   ServiceDllUnloadOnStop REG_DWORD       1
   ServiceMain REG_SZ       BfeServiceMain

--------------fltmgr:--------------
Type: 2
State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE: 0
SERVICE_EXIT_CODE: 0
CHECKPOINT: 0
WAIT_HINT: 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
   AttachWhenLoaded REG_DWORD       1
   DisplayName REG_SZ       @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
   Group REG_SZ       FSFilter Infrastructure
   ImagePath REG_EXPAND_SZ   system32\drivers\fltmgr.sys
   Description REG_SZ       @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
   ErrorControl REG_DWORD       3
   Start REG_DWORD       0
   Tag REG_DWORD       1
   Type REG_DWORD       2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
   0 REG_SZ       Root\LEGACY_FLTMGR\0000
   Count REG_DWORD       1
   NextInstance REG_DWORD       1

C:\windows\system32\drivers\fltmgr.sys
File Size: 289664 BYTES   FileVersion: 6.1.7601.17514   MD5: [da6b67270fd9db3697b20fce94950741]
C:\windows\SysWOW64\comctl32.ocx
File Size: 1351392 BYTES   FileVersion: 6.0.81.6   MD5: [2640ad05ab39321e6c9d3c71236ca0df]
C:\windows\SysWOW64\mscomctl.ocx
File Size: 1070232 BYTES   FileVersion: 6.1.98.46   MD5: [273676426739b02a45a0fc9349500b65]
C:\windows\SysWOW64\olepro32.dll
File Size: 90112 BYTES   FileVersion: 6.1.7601.17514   MD5: [703ffd301ab900b047337c5d40fd6f96]

MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced:
AutomaticQuarantine: true
AutostartProtection: true
LimitedMode: false
SelfProtection: false
StartSilentMode: false
StartupDelay: -15
ApplicationState:
First-Run-After-Installation: false
BusinessMessaging:
Count: 0
General:
DaysUntilNotifyExpiration: 5
Language: en
RightClickAccess: true
SilentErrors: false
Logging:
ExportLog: true
Marketing:
LastPostScanMarketingIndex: 0
Notification:
ProtectionTray:
DisplayMilliseconds: 3000
ScanHistory:
Duration_Complete: 276495
Duration_Driver: 51225
Duration_Filesystem: 7010
Duration_Heuristics: 3201942
Duration_Loading: 0
Duration_MasterBootRecord: 218
Duration_Memory: 40000
Duration_PreScan: 47348
Duration_Registry: 115104
Duration_Sector: 0
Duration_Startup: 60500
ItemCount_Complete: 237048
ItemCount_Driver: 295
ItemCount_Filesystem: 44895
ItemCount_Heuristics: 12944
ItemCount_Loading: 0
ItemCount_MasterBootRecord: 3
ItemCount_Memory: 2797
ItemCount_PreScan: 47250
ItemCount_Registry: 567
ItemCount_Sector: 0
ItemCount_Startup: 1114
LastRemovalRequiredDOR: false
LastScanDateEpoch: 1463359435938
LastScanType: 1 (Threat Scan)
QuarantineCompletedCount: 6
Update:
LastUpdate: 2016-05-16T00:43:28
NotifyInstallReady: true
NotifyOutdatedDatabase: 7
ProxyPassword:
ProxyPort: 0
ProxyServer:
ProxyUsername:
UseProxy: false
UseProxyAuthentication: false
CheckProgramUpdates: true
--------------Account:--------------
Account Status: Free
Expiration Time: 2016/05/09 02:17:11
Activation Time:
Trial Used: true
--------------Access Policies:--------------

Scheduler Queue:
================

tasks:
65814a1f-554d-4660-9f24-99abf38fe641:
parameters:
TaskType: 3
triggers:
35f32e5a-7dc1-40a8-9167-93f6825c8f84:
dateinterval: 0:0:0 (Days:Months:Years)
lastscheduled: Wed, 18 May 2016 10:33:44.628550 -0400
lasttriggered: Mon, 09 May 2016 07:39:20.629222 -0400
nextscheduled: Wed, 18 May 2016 11:33:44.628550 -0400
recovery: 00:00:00 (Hours:Minutes:Seconds)
start: Mon, 02 Jun 2014 22:33:44.628550 -0400
timeinterval: 01:00:00 (Hours:Minutes:Seconds)
type: Hourly
uuid: 35f32e5a-7dc1-40a8-9167-93f6825c8f84
type: update
uuid: 65814a1f-554d-4660-9f24-99abf38fe641
a3e0f25f-4e1a-47e4-bb46-d6e930cd67f4:
parameters:
CheckForUpdatesBeforeScanStart: true
ProcessLaunchedFromScheduler: true
ScanConfig:
ExitWhenNoMalwareDetected: false
ExportLog: true
FileSystemOption: true
RebootSystemWhenMalwareDetected: false
RemoveMalwareAutomaticallyWhenScanEnds: false
ScanArchives: true
ScanExtra: true
ScanHeuristic: true
ScanMemoryObjects: true
ScanPUM: Treat Detections as Malware
ScanPUP: Treat Detections as Malware
ScanRegistry: true
ScanRootkits: false
ScanStartup: true
ScanTargets:
ScanType: 1 (Threat Scan)
Silent: true
TerminateExplorerWhenMalwareIsRemoved: false
StartTaskFromSystemAccount: false
TaskType: 0
triggers:
c560526a-8986-4d4c-a460-36bd2f5afb9e:
dateinterval: 1:0:0 (Days:Months:Years)
lastscheduled: Wed, 18 May 2016 02:10:42 -0400
lasttriggered: Mon, 09 May 2016 06:32:50.668009 -0400
nextscheduled: Thu, 19 May 2016 02:10:42 -0400
recovery: 23:00:00 (Hours:Minutes:Seconds)
start: Tue, 03 Jun 2014 02:10:42 -0400
timeinterval: 00:00:00 (Hours:Minutes:Seconds)
type: Daily
uuid: c560526a-8986-4d4c-a460-36bd2f5afb9e
type: scan
uuid: a3e0f25f-4e1a-47e4-bb46-d6e930cd67f4

Pending File Rename Operations:
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

MBAMProtector Registry Values:
==============================

MBAMService Registry Values:
============================

MBAMScheduler Registry Values:
==============================

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

--------------TERMService:--------------
Type: 32
State: 1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE: 1077
SERVICE_EXIT_CODE: 0
CHECKPOINT: 0
WAIT_HINT: 0

TermService Start is set to: 3 (Manual Startup)

Proxy Status: No proxy is Set

Proxy Override:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
ProxyOverride REG_SZ <local>

LAN Settings:
=============

only 'Automatically detect settings' is selected

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SystemPartition REG_SZ \Device\HarddiskVolume1

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
       h:mm:ss tt
       AM
       PM
       :

Currently:
REG_SZ       h:mm:ss tt
REG_SZ       AM
REG_SZ       PM
REG_SZ       :

Language and Regional Settings:
===============================

ACP:    Language is English (United States)
MACCP:    Language is English (United States)
OEMCP:    Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's Startup Folder Exists.

Context Menu Entries:
=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
   (Default): REG_SZ       MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
   (Default): REG_SZ       {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
   (Default): REG_SZ       MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
   (Default): REG_SZ       MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
   (Default): REG_SZ       {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
   (Default): REG_SZ       IMBAMShlExt
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
   (Default): REG_SZ       {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
   (Default): REG_SZ       {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
   Version REG_SZ       1.0
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
   (Default): REG_SZ       MBAMShlExt Class
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
   (Default): REG_SZ       C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
   ThreadingModel REG_SZ       Apartment
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
   (Default): REG_SZ       MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
   (Default): REG_SZ       {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
   (Default): REG_SZ       MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
   (Default): REG_SZ       MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
   (Default): REG_SZ       C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
   (Default): REG_SZ       0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
   (Default): REG_SZ       C:\Program Files (x86)\Malwarebytes Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
   (Default): REG_SZ       MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
   (Default): REG_SZ       C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
   (Default): REG_SZ       0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
   (Default): REG_SZ       C:\Program Files (x86)\Malwarebytes Anti-Malware

List of MBAM Related Directories:
=================================

C:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll     File Size: 922080 BYTES   FileVersion: 9.20.0.0 MD5: [14079a2411fa2bb7f78bc100c92bbcc2]
changes.txt    File Size: 1596 BYTES   FileVersion: N/A MD5: [09371a0c8bd9e9554571da257d554d3e]
cloud-enumeration.dll    File Size: 287200 BYTES   FileVersion: 1.0.1.0 MD5: [84ac20b9327dbd4d94039be93384dad5]
cloud.dll    File Size: 352736 BYTES   FileVersion: 1.0.1.0 MD5: [5659790448fb136a80be407c4a0dbb50]
license.rtf    File Size: 38870 BYTES   FileVersion: N/A MD5: [ed36ea764c3a452334416713c8cf1eed]
master.conf    File Size: 1258 BYTES   FileVersion: N/A MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll     File Size: 609760 BYTES   FileVersion: 1.0.40.0 MD5: [c4a51c1cb174066fdaf383c09f0d574b]
mbam.exe     File Size: 9926112 BYTES   FileVersion: 2.3.173.0 MD5: [8e98e3ec16d2641005b4748cd330fb45]
mbamcore.dll     File Size: 2127840 BYTES   FileVersion: 1.3.24.0 MD5: [63ce66ef2b30a09308eafe29baec6a75]
mbamdor.exe    File Size: 55264 BYTES   FileVersion: 1.0.2.0 MD5: [297c1bdcc26adb339d4c0f0550e434d6]
mbamext.dll    File Size: 431072 BYTES   FileVersion: 3.1.1.0 MD5: [67a6ec1735c77c2623b49cc1f284c8a0]
mbampt.exe     File Size: 40928 BYTES   FileVersion: 1.0.57.0 MD5: [04d0b942b0ad4a5d2eee45d9b7d6545b]
mbamresearch.exe     File Size: 1949152 BYTES   FileVersion: 1.1.1.0 MD5: [e601f9ca6a72493bc8185bedda17eee8]
mbamscheduler.exe    File Size: 1514464 BYTES   FileVersion: 3.1.7.0 MD5: [9611577752e293259c7dce19e9026362]
mbamservice.exe    File Size: 1136608 BYTES   FileVersion: 3.2.21.0 MD5: [f1a89a34388b5626f1548d393b23ecb1]
mbamsrv.dll    File Size: 3863008 BYTES   FileVersion: 2.1.10.0 MD5: [a33629c51295570fe9f252a39ddcea93]
msvcp100.dll     File Size: 422880 BYTES   FileVersion: 10.0.40219.325 MD5: [53a5f1b984f585997968cd0dfb27400c]
msvcr100.dll     File Size: 775648 BYTES   FileVersion: 10.0.40219.325 MD5: [dc0213118e61e5ca865092109860792c]
Qt5Core.dll    File Size: 4646880 BYTES   FileVersion: 5.4.1.0 MD5: [91c7c50b2a290b82604163b5a679ea24]
Qt5Gui.dll     File Size: 4640224 BYTES   FileVersion: 5.4.1.0 MD5: [1d59b3e632aef8e24cc1707fd411113b]
Qt5Network.dll     File Size: 673248 BYTES   FileVersion: 5.4.1.0 MD5: [e089635a8cbed229ec30cdbe29748c08]
Qt5Widgets.dll     File Size: 4474848 BYTES   FileVersion: 5.4.1.0 MD5: [33881dda0ccc3898facadf1e4d1df237]
unins000.dat     File Size: 107288 BYTES   FileVersion: N/A MD5: [86720c0ea6f2e50bc63b1c9ea7942d57]
unins000.exe     File Size: 720085 BYTES   FileVersion: 51.52.0.0 MD5: [f1505d347325c77e3eeef418495e1f57]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm    File Size: 235882 BYTES   FileVersion: N/A MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com    File Size: 960480 BYTES   FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.exe    File Size: 960480 BYTES   FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.pif    File Size: 960480 BYTES   FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.scr    File Size: 960480 BYTES   FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5]
iexplore.exe     File Size: 960480 BYTES   FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.com     File Size: 960480 BYTES   FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.exe     File Size: 960480 BYTES   FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.pif     File Size: 960480 BYTES   FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.scr     File Size: 960480 BYTES   FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-killer.exe    File Size: 1504736 BYTES   FileVersion: 3.0.15.0 MD5: [b79d3c2fca170c4dd15d7316067a1fd3]
rundll32.exe     File Size: 960480 BYTES   FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5]
svchost.exe    File Size: 960480 BYTES   FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5]
windows.exe    File Size: 960480 BYTES   FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5]
winlogon.exe     File Size: 960480 BYTES   FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
qgif.dll File Size: 29664 BYTES FileVersion: 5.4.1.0 MD5: [0b528e4c9bbd9efdea9bc8ac6a967d6d]
qico.dll File Size: 29664 BYTES FileVersion: 5.4.1.0 MD5: [7b36d94db81b8b0dfd9323228dd96b51]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_ar.qm     File Size: 87404 BYTES   FileVersion: N/A MD5: [269d3107ca72a75fe154ce4ff718af50]
lang_bg.qm     File Size: 133911 BYTES   FileVersion: N/A MD5: [376ad1e4ad206bc32da09b12b564ecc4]
lang_ca.qm     File Size: 92634 BYTES   FileVersion: N/A MD5: [2d35f58b0c2db44ad2717f4a4526a085]
lang_cs.qm     File Size: 105193 BYTES   FileVersion: N/A MD5: [2c191de828d5e05fd7afa27ee1245023]
lang_da.qm     File Size: 88039 BYTES   FileVersion: N/A MD5: [f8a4941d5d388160d252832a77ab584f]
lang_de.qm     File Size: 139276 BYTES   FileVersion: N/A MD5: [b55f37281f0fcadfae67aecf0bf4cca5]
lang_el.qm     File Size: 126897 BYTES   FileVersion: N/A MD5: [bd671253e071bac626beea63393abcda]
lang_en.qm     File Size: 3081 BYTES   FileVersion: N/A MD5: [e2790b3cd9fdd9d3e266e9623fe477af]
lang_es.qm     File Size: 138468 BYTES   FileVersion: N/A MD5: [cc4f3aab63d933d5964e2bba62df4277]
lang_et.qm     File Size: 107794 BYTES   FileVersion: N/A MD5: [aa4845cd64b20377cea0ebc66eed4a42]
lang_fi.qm     File Size: 130793 BYTES   FileVersion: N/A MD5: [00653d1fb2f790817aef991025c176aa]
lang_fr.qm     File Size: 141996 BYTES   FileVersion: N/A MD5: [e06db8ef6b826b75ec5859913651ed44]
lang_he.qm     File Size: 98928 BYTES   FileVersion: N/A MD5: [2954e902664f2e129f8a8d8238e90552]
lang_hu.qm     File Size: 132359 BYTES   FileVersion: N/A MD5: [6bf3b8c78fd393ef2811a19742518b9a]
lang_id.qm     File Size: 129135 BYTES   FileVersion: N/A MD5: [6be058072a90897595c6f097a3caa797]
lang_it.qm     File Size: 134154 BYTES   FileVersion: N/A MD5: [183990148beec433023688db65a7bf2e]
lang_ja.qm     File Size: 73762 BYTES   FileVersion: N/A MD5: [f6bfd643cb92fa760ae6ec64344ee7e1]
lang_ko.qm     File Size: 85731 BYTES   FileVersion: N/A MD5: [53b5a94eb309d69993a5bc3cd43a85e4]
lang_lt.qm     File Size: 90799 BYTES   FileVersion: N/A MD5: [eecd8edca1fb068ad3bd88aa711bdae2]
lang_lv.qm     File Size: 90659 BYTES   FileVersion: N/A MD5: [683950904e725821740217824df440ff]
lang_nl.qm     File Size: 133514 BYTES   FileVersion: N/A MD5: [442a6cf7e07e6f676d8b5ae41637549c]
lang_no.qm     File Size: 129833 BYTES   FileVersion: N/A MD5: [8949e21e367e5a32ca9f36d8d22c9771]
lang_pl.qm     File Size: 133827 BYTES   FileVersion: N/A MD5: [48379f4ac164adfc8d448bf53c8e2df8]
lang_pt_BR.qm    File Size: 136918 BYTES   FileVersion: N/A MD5: [b1ea2002cf5362b24ca0a026f448e3f1]
lang_pt_PT.qm    File Size: 136982 BYTES   FileVersion: N/A MD5: [5e23b66cb6d8d9894b991cc8f33658af]
lang_ro.qm     File Size: 90458 BYTES   FileVersion: N/A MD5: [bcf524020255c4f7a6fdbae8df2bfe81]
lang_ru.qm     File Size: 137874 BYTES   FileVersion: N/A MD5: [5e28394fbd12f21301e2b7e1a9dbac94]
lang_sk.qm     File Size: 131080 BYTES   FileVersion: N/A MD5: [68e0e95e7131d101188a57e3a413dee5]
lang_sl.qm     File Size: 107631 BYTES   FileVersion: N/A MD5: [83755001a3f1bd527d0b4b7a77d0b37d]
lang_sv.qm     File Size: 129135 BYTES   FileVersion: N/A MD5: [b3c38242beb63f895fabcc14bbc6807a]
lang_tr.qm     File Size: 88838 BYTES   FileVersion: N/A MD5: [1e4a3c0dcd7074ad4a3971ce67762cda]
lang_vi.qm     File Size: 133386 BYTES   FileVersion: N/A MD5: [586de19c023986bf884ad56fc29c8f5e]
lang_zh_TW.qm    File Size: 87797 BYTES   FileVersion: N/A MD5: [e120a014cf077bdcbcdcbf98c3438188]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\platforms
qwindows.dll File Size: 929760 BYTES FileVersion: 5.4.1.0 MD5: [6c54d2ebeaacbe9b56816536041c8281]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe File Size: 823776 BYTES FileVersion: 1.4.0.1001 MD5: [bbfc25590af3e45d8cca1fab95648b40]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref    File Size: 7218 BYTES   FileVersion: N/A MD5: [7a4c5861ce619527e9eb4adb1666567d]
akadomains.ref     File Size: 92 BYTES   FileVersion: N/A MD5: [73d5774cbd8df165274a0691ae264808]
akaips.ref     File Size: 92 BYTES   FileVersion: N/A MD5: [2a6869d1f91f0a0b87b1d27bd30ccc5c]
domains.ref    File Size: 574925 BYTES   FileVersion: N/A MD5: [0e54269b36a7f566d21209321b3070b6]
exclusions.dat     File Size: 0 BYTES   FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref    File Size: 226273 BYTES   FileVersion: N/A MD5: [8d2cb9e8b0260b59ced0a16a5240daed]
mbam-setup.exe     File Size: 22851472 BYTES   FileVersion: 2.2.1.1043 MD5: [52f4695c53b02ada7d648f95f2e2f8b4]
rules.ref    File Size: 9134734 BYTES   FileVersion: N/A MD5: [d99c430361365f3a42871f4eecf3d9e7]
swissarmy.ref    File Size: 28224 BYTES   FileVersion: N/A MD5: [6e86f15c88c682377df80472cd22f48c]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf     File Size: 4596 BYTES   FileVersion: N/A MD5: [e4cc88f931e07d36311bff1ce1cd7f5f]
database.conf    File Size: 4 BYTES   FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf    File Size: 4 BYTES   FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf     File Size: 1609 BYTES   FileVersion: N/A MD5: [d32719d30bfcb89fb050d9a510629300]
manifest.conf    File Size: 3395 BYTES   FileVersion: N/A MD5: [4c841aa99eaf755e46b1c881efb7a0af]
marketing.conf     File Size: 7402 BYTES   FileVersion: N/A MD5: [9e9978e806ac4d4cf39ceef9f5f23be4]
net.conf     File Size: 7336 BYTES   FileVersion: N/A MD5: [eb978a47320033a76cd1d831ebfea77f]
notifications.conf     File Size: 4 BYTES   FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf     File Size: 2189 BYTES   FileVersion: N/A MD5: [e9554197f9e3df362e1a3180d292a96e]
settings.conf    File Size: 2189 BYTES   FileVersion: N/A MD5: [0eb639f2d4f9340b13bf6bec91a5ada1]
statistics.conf    File Size: 597 BYTES   FileVersion: N/A MD5: [613c5255134b4b54891bc763d3f540bb]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore
build.conf     File Size: 4179 BYTES   FileVersion: N/A MD5: [20d9566b3cf94f1e395de8f40046fc68]
database.conf    File Size: 4 BYTES   FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf    File Size: 4 BYTES   FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf     File Size: 23 BYTES   FileVersion: N/A MD5: [0ec01df616b565180556881d8042255b]
manifest.conf    File Size: 3171 BYTES   FileVersion: N/A MD5: [a6e5576f7723acab40490fb9e64dfc1c]
marketing.conf     File Size: 6974 BYTES   FileVersion: N/A MD5: [53bbca93e7bbeb7f5dca1ef9419ccb28]
net.conf     File Size: 6530 BYTES   FileVersion: N/A MD5: [9fb4acfdc11c7af48a760db4c7bfebf0]
notifications.conf     File Size: 4 BYTES   FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf     File Size: 4 BYTES   FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf    File Size: 1724 BYTES   FileVersion: N/A MD5: [e27b42126b89352fdaae8f1630b9a8d8]
statistics.conf    File Size: 4 BYTES   FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
mbam-log-2014-05-18 (18-17-23).xml     File Size: 2852 BYTES   FileVersion: N/A MD5: [392a1745f3787ab5460e19a43e61835c]
mbam-log-2014-06-01 (21-30-38).xml     File Size: 2474 BYTES   FileVersion: N/A MD5: [544c49a1dcaf70cd51c143da4fd6941a]
mbam-log-2014-06-02 (22-02-39).xml     File Size: 2496 BYTES   FileVersion: N/A MD5: [96e0172cc07634c1c85dc574e88b8119]
mbam-log-2014-06-03 (07-02-33).xml     File Size: 2496 BYTES   FileVersion: N/A MD5: [362351d01a27cad8138067df1f05e493]
mbam-log-2014-06-03 (08-32-49).xml     File Size: 2496 BYTES   FileVersion: N/A MD5: [5d273ca888eebb7f9ffa29d8dbc83942]
mbam-log-2014-06-04 (07-03-37).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [204d134588e4e3b8dfea2a1987280775]
mbam-log-2014-06-05 (09-10-58).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [2892612373af76096d7f045b606b5e18]
mbam-log-2014-06-06 (09-03-51).xml     File Size: 2496 BYTES   FileVersion: N/A MD5: [22064bc002bf1a0cfcd82dbcf11ede10]
mbam-log-2014-06-07 (08-57-02).xml     File Size: 2496 BYTES   FileVersion: N/A MD5: [0c71335aa2df633d2cc500551e9caf3f]
mbam-log-2014-06-08 (08-50-10).xml     File Size: 2496 BYTES   FileVersion: N/A MD5: [77b18f0262c4c89935643a3c9a4a7608]
mbam-log-2014-06-09 (08-56-44).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [476f5a43ee4d2cb1d5a03f335f4881b4]
mbam-log-2014-06-10 (09-08-21).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [493ccd7f76ddf8bbdef3ff50854fe4e1]
mbam-log-2014-06-11 (08-58-41).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [b3e31522963d05fe9b0e1baa8e639e1b]
mbam-log-2014-06-12 (08-50-03).xml     File Size: 2496 BYTES   FileVersion: N/A MD5: [b13a32c873412701f0f668b89be731c1]
mbam-log-2014-06-13 (08-44-32).xml     File Size: 2496 BYTES   FileVersion: N/A MD5: [047932e0929fced248ccba416dd1d1ce]
mbam-log-2014-06-14 (08-43-04).xml     File Size: 2496 BYTES   FileVersion: N/A MD5: [cc5b5f07496bbeb5054b5b80af340c22]
mbam-log-2014-06-15 (08-40-02).xml     File Size: 2496 BYTES   FileVersion: N/A MD5: [51a8e5301607a23eb1cb026bd8c870b9]
mbam-log-2014-06-16 (08-35-46).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [c7fa12a74afceee50e0a6649eb59e497]
mbam-log-2014-06-16 (13-36-11).xml     File Size: 2496 BYTES   FileVersion: N/A MD5: [e01778b2e03f065a79cae1b6097edad7]
mbam-log-2014-06-17 (19-08-41).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [ae84e4ff0461cfd30400547e6aa698b5]
mbam-log-2014-07-10 (13-18-59).xml     File Size: 2500 BYTES   FileVersion: N/A MD5: [9d4abbaf69a5d21b84c95b5c330b2365]
mbam-log-2014-08-08 (17-11-45).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [7c9f1664424b201482be22726738db33]
mbam-log-2014-08-08 (17-28-08).xml     File Size: 2500 BYTES   FileVersion: N/A MD5: [aa17a95210e8193718e81a4b42c2acaa]
mbam-log-2014-08-29 (06-54-22).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [6e7a07017e1c57ab89a062c65f14588e]
mbam-log-2014-09-14 (15-32-43).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [0f7c4e67e022963bc71c8014ee5582cf]
mbam-log-2014-09-20 (16-08-34).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [440f69254320f0b2828c43ca0ea61111]
mbam-log-2014-10-17 (18-16-44).xml     File Size: 2500 BYTES   FileVersion: N/A MD5: [5ff45cd2fcc4bb73f8e74e25da639b32]
mbam-log-2014-10-30 (07-48-04).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [ccca151971e9d1375f9c35838e44d377]
mbam-log-2014-11-06 (07-57-12).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [cfa8d0bfe1f2af6869e23475aced5cc8]
mbam-log-2014-11-18 (19-11-22).xml     File Size: 2868 BYTES   FileVersion: N/A MD5: [901689c882f01628f12900fe69f389c5]
mbam-log-2014-11-18 (19-39-45).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [4be4f96aebf303093a049e67aeb1f72c]
mbam-log-2014-11-19 (09-07-58).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [4c5e78a0d5f14557adc6591f0ac0bbc2]
mbam-log-2014-12-07 (12-44-45).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [1df1cee8c95d26fa7cc11d5446acd700]
mbam-log-2014-12-15 (12-04-35).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [d3d5bcce523191a9a8ea371a49becbaf]
mbam-log-2014-12-17 (12-20-00).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [d75d164b341d67254e2a050fad261bd4]
mbam-log-2014-12-27 (10-07-59).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [af2849f3344a892b808bb14a257138df]
mbam-log-2014-12-28 (14-48-59).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [061e0ae9792c176411f255a42270a066]
mbam-log-2015-01-15 (16-47-15).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [d399260fb03d08d47dadb1dd63a308c8]
mbam-log-2015-01-29 (12-16-36).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [a6ba3320eae86f5bdd1aaf1aa8aecbbd]
mbam-log-2015-02-21 (15-58-42).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [d8070c12f9e4a0557fc5715594f051e7]
mbam-log-2015-03-07 (17-59-48).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [3d2a5dd9932102713d0be977f8c68dfa]
mbam-log-2015-03-29 (12-56-30).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [a08f32d8303c8ae62b6f75201361cb21]
mbam-log-2015-04-24 (15-22-05).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [5995e48853b5f8ff08215cd52e7b13b8]
mbam-log-2015-04-26 (19-59-05).xml     File Size: 2478 BYTES   FileVersion: N/A MD5: [66a5feca8ae5c03e067078e5fd9f776d]
mbam-log-2015-04-26 (20-03-37).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [67f435df11e081a0ca0017907e2a8681]
mbam-log-2015-05-18 (08-55-58).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [22b30b0bcf4f6f99c86bde26a870819e]
mbam-log-2015-06-19 (17-38-39).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [481392e4ee8f9844345171ebc74ddcc6]
mbam-log-2015-07-06 (17-15-28).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [dbf62125adf8f3a0625f07e4ce640c24]
mbam-log-2015-07-16 (12-17-34).xml     File Size: 2496 BYTES   FileVersion: N/A MD5: [b59d28529c892d5b1629b0cc4044f835]
mbam-log-2015-08-01 (16-51-55).xml     File Size: 2496 BYTES   FileVersion: N/A MD5: [9eb0264e52cfdf15b1eed56977fb13bd]
mbam-log-2015-08-22 (22-06-05).xml     File Size: 2496 BYTES   FileVersion: N/A MD5: [6fbefab71425f8c4ad121fa0288b9d13]
mbam-log-2015-09-06 (21-46-59).xml     File Size: 2496 BYTES   FileVersion: N/A MD5: [05644bd27c2fbd5b1c1f3a56d0754fe7]
mbam-log-2015-09-24 (07-40-43).xml     File Size: 2496 BYTES   FileVersion: N/A MD5: [6d780a87af887441bcd2296bd3741d11]
mbam-log-2015-10-11 (12-11-28).xml     File Size: 2496 BYTES   FileVersion: N/A MD5: [7c3726bc71f6340c9eca24ae04a6c24b]
mbam-log-2015-10-21 (22-06-46).xml     File Size: 2498 BYTES   FileVersion: N/A MD5: [f5a9b092d230011091bf01e04ac12351]
mbam-log-2015-11-04 (19-36-41).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [f5d2648fc99e76daaff47af0dcc81b4a]
mbam-log-2015-11-12 (08-13-49).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [2bd1e16915d959c863db071684fbbf9a]
mbam-log-2015-11-13 (06-36-25).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [34c6be5298b016338bbb5a805c022cbc]
mbam-log-2015-11-14 (07-40-58).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [e19efb63a94027fedc31588328c561f9]
mbam-log-2015-11-14 (08-19-18).xml     File Size: 2600 BYTES   FileVersion: N/A MD5: [d4d6a2d9701cc04479afa3673059f975]
mbam-log-2015-11-14 (08-45-47).xml     File Size: 2586 BYTES   FileVersion: N/A MD5: [7b91e570793883740bddd9c65eb3cef7]
mbam-log-2015-11-15 (07-35-13).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [e066bf3cdb86d2a96ab80f1cca1322a1]
mbam-log-2015-11-22 (09-52-51).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [b8ba735a269e3e257580bd4ae46c02a7]
mbam-log-2015-12-18 (21-09-24).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [a01d97c56816453a0b5368946af5c547]
mbam-log-2016-01-05 (07-42-57).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [88a88cdc08dd0329cc63aab473b15c9e]
mbam-log-2016-02-10 (21-28-48).xml     File Size: 3562 BYTES   FileVersion: N/A MD5: [d8ab44339813cf4b9045814d899b3978]
mbam-log-2016-02-26 (17-27-31).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [89df881ee84956e93eefc650f6d8f59c]
mbam-log-2016-03-11 (21-14-54).xml     File Size: 3798 BYTES   FileVersion: N/A MD5: [5d007aa9edb3659d4e09f91d7139c147]
mbam-log-2016-03-15 (08-31-58).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [c3557a0343be2ce68334574fa8c0b523]
mbam-log-2016-04-08 (19-53-46).xml     File Size: 3776 BYTES   FileVersion: N/A MD5: [56215cbf12993ad2af7f4b3dce01b5ea]
mbam-log-2016-04-24 (22-22-33).xml     File Size: 2600 BYTES   FileVersion: N/A MD5: [a875f8f7caef6f0864afc4c74f04dcb0]
mbam-log-2016-04-26 (07-37-33).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [67d3d47a488281342c89e3805ca8c0ee]
mbam-log-2016-04-27 (06-44-51).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [0bdab1a8c98134af537e904872ea3711]
mbam-log-2016-04-28 (06-50-15).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [e450ca788e4bd589de050fb054c3902b]
mbam-log-2016-04-29 (06-22-07).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [dd9a122120ceeb36f13ea6ebce14a7b4]
mbam-log-2016-04-30 (06-28-53).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [9d712623d7c8d001b5263df333b3d6fd]
mbam-log-2016-05-01 (06-59-34).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [d1ab0ec916fad0323cf90166f37f655f]
mbam-log-2016-05-01 (08-06-03).xml     File Size: 2600 BYTES   FileVersion: N/A MD5: [0135538a3fc02e7fdca783c4c8b4fab5]
mbam-log-2016-05-02 (02-18-59).xml     File Size: 2600 BYTES   FileVersion: N/A MD5: [c9a48524b908c12d1e74e1ae5f915d41]
mbam-log-2016-05-03 (06-50-04).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [a89022561e38c296d5066e39a2a03eb0]
mbam-log-2016-05-04 (02-03-07).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [78c26d31387f2dc8e94408adf7a32c82]
mbam-log-2016-05-05 (02-18-02).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [4be042dcad45adf38e5b6f5c91fbd436]
mbam-log-2016-05-06 (01-59-02).xml     File Size: 2600 BYTES   FileVersion: N/A MD5: [ffe3b6f3e80d00f449c59613879479e1]
mbam-log-2016-05-07 (06-44-19).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [a181d54065318dd01287a7b6b691fb74]
mbam-log-2016-05-07 (21-32-58).xml     File Size: 2600 BYTES   FileVersion: N/A MD5: [e6cb42c1d8635284c47697cec7c98e3c]
mbam-log-2016-05-08 (01-57-10).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [37ff6ecb6152de1117737ea8be32bc3b]
mbam-log-2016-05-09 (06-33-20).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [a7a41bd89bf725dfaad77ba81950a627]
mbam-log-2016-05-11 (16-40-58).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [39921ad370f73477f8cb0bac6f989814]
mbam-log-2016-05-15 (20-43-46).xml     File Size: 2602 BYTES   FileVersion: N/A MD5: [bc073b18622f36fbf4abf34156293e18]
protection-log-2014-05-18.xml    File Size: 667 BYTES   FileVersion: N/A MD5: [89c0b2808d5b7dfb1e9d245d8868f45f]
protection-log-2014-06-01.xml    File Size: 667 BYTES   FileVersion: N/A MD5: [f3635b29748347a763fdfeeda84d2e94]
protection-log-2014-06-02.xml    File Size: 4450 BYTES   FileVersion: N/A MD5: [ab7bc5d5dc92db1e8c16b708f719f5c5]
protection-log-2014-06-03.xml    File Size: 10550 BYTES   FileVersion: N/A MD5: [ccc009a763f35cda1c14154e8ffacf3c]
protection-log-2014-06-04.xml    File Size: 12283 BYTES   FileVersion: N/A MD5: [cec69c383ac245b9b60672b20cfefa28]
protection-log-2014-06-05.xml    File Size: 8497 BYTES   FileVersion: N/A MD5: [093e9630a3dcab445d04ad3fb1951089]
protection-log-2014-06-06.xml    File Size: 16358 BYTES   FileVersion: N/A MD5: [24ef521d73f594a088be9cfcb775c20b]
protection-log-2014-06-07.xml    File Size: 12281 BYTES   FileVersion: N/A MD5: [9bb6816d5ecf7e384099be3099228d20]
protection-log-2014-06-08.xml    File Size: 12280 BYTES   FileVersion: N/A MD5: [48ad1377b6836158756c112d8436e168]
protection-log-2014-06-09.xml    File Size: 20865 BYTES   FileVersion: N/A MD5: [d67c811160efc8aaa15aecc89eefbffd]
protection-log-2014-06-10.xml    File Size: 15493 BYTES   FileVersion: N/A MD5: [84b1b726bf621a464ef7e29d6b7d0384]
protection-log-2014-06-11.xml    File Size: 19571 BYTES   FileVersion: N/A MD5: [19bae47bfddc39956f476a4fc7ad8801]
protection-log-2014-06-12.xml    File Size: 23657 BYTES   FileVersion: N/A MD5: [ce2b81146ca2bcf09e6a810af543d328]
protection-log-2014-06-13.xml    File Size: 16370 BYTES   FileVersion: N/A MD5: [388cb7606b197b40c21e0e0adcee0a9b]
protection-log-2014-06-14.xml    File Size: 12292 BYTES   FileVersion: N/A MD5: [5eb60ae2b2799e8298c59d6b8b0e5411]
protection-log-2014-06-15.xml    File Size: 13454 BYTES   FileVersion: N/A MD5: [3effbcc1d0677eb36cebd991e1e9000c]
protection-log-2014-06-16.xml    File Size: 13454 BYTES   FileVersion: N/A MD5: [07b23d3c0137471acfa717dd0422deb4]
protection-log-2014-06-17.xml    File Size: 364 BYTES   FileVersion: N/A MD5: [2709ebc0f7d811ba004d47d475fa357f]
protection-log-2014-07-10.xml    File Size: 667 BYTES   FileVersion: N/A MD5: [f241520a239e8e47925548766ab78c49]
protection-log-2014-08-08.xml    File Size: 968 BYTES   FileVersion: N/A MD5: [411204c06f65822c7c2513d9a0bae88a]
protection-log-2014-08-29.xml    File Size: 666 BYTES   FileVersion: N/A MD5: [94861cc008ed808bb8a1b5041a360d52]
protection-log-2014-09-14.xml    File Size: 668 BYTES   FileVersion: N/A MD5: [2b872a1bcc0d2088fdccf91c6c240b13]
protection-log-2014-09-20.xml    File Size: 668 BYTES   FileVersion: N/A MD5: [796f100fd64bfe7e0b5d0bf8eb7a9d50]
protection-log-2014-10-17.xml    File Size: 670 BYTES   FileVersion: N/A MD5: [3d43cec9aae5d288327c97dedb482fc6]
protection-log-2014-10-30.xml    File Size: 2256 BYTES   FileVersion: N/A MD5: [cec503e3ab3b3204309f9fe0a3976229]
protection-log-2014-11-06.xml    File Size: 1041 BYTES   FileVersion: N/A MD5: [82a6f744beb92b29bd1ab8a6e56e4d21]
protection-log-2014-11-18.xml    File Size: 1412 BYTES   FileVersion: N/A MD5: [4c9a7cb3b85e0116bda151463f7498cf]
protection-log-2014-11-19.xml    File Size: 736 BYTES   FileVersion: N/A MD5: [033c7fedfc4a84420642c4982fa20e3b]
protection-log-2014-12-07.xml    File Size: 2567 BYTES   FileVersion: N/A MD5: [9161bae81f05fc08a2dc62e35b6600b3]
protection-log-2014-12-15.xml    File Size: 1041 BYTES   FileVersion: N/A MD5: [6797abc7fdda1c773bc26d57256ef6bb]
protection-log-2014-12-17.xml    File Size: 736 BYTES   FileVersion: N/A MD5: [146e60ef84b46f943db94c76bebcc4da]
protection-log-2014-12-27.xml    File Size: 1043 BYTES   FileVersion: N/A MD5: [e5043cb7278b4630d8bea417d8eadea0]
protection-log-2014-12-28.xml    File Size: 736 BYTES   FileVersion: N/A MD5: [58910a2b8fc270d8f9dbdc9d2a36510d]
protection-log-2015-01-15.xml    File Size: 1042 BYTES   FileVersion: N/A MD5: [acf629094e615943f24a68cc504ce6be]
protection-log-2015-01-29.xml    File Size: 735 BYTES   FileVersion: N/A MD5: [5221afbbe4cc01fc15685995fca0cd4f]
protection-log-2015-02-21.xml    File Size: 1039 BYTES   FileVersion: N/A MD5: [60fa8e89db6dcbbbf4dbd87213ab56d1]
protection-log-2015-03-07.xml    File Size: 1038 BYTES   FileVersion: N/A MD5: [ec624c829e9a5a5a9232b666e962caa5]
protection-log-2015-03-29.xml    File Size: 1346 BYTES   FileVersion: N/A MD5: [3b238f3318b4b0dddf0009257887f9da]
protection-log-2015-04-24.xml    File Size: 1347 BYTES   FileVersion: N/A MD5: [6743221a19134cfc8c902371dcc159c4]
protection-log-2015-04-26.xml    File Size: 1981 BYTES   FileVersion: N/A MD5: [d5172c598c28abd7a9414ceb9cb6cbc4]
protection-log-2015-05-18.xml    File Size: 2853 BYTES   FileVersion: N/A MD5: [4802fea6588b2014c012594ee8829239]
protection-log-2015-05-28.xml    File Size: 1730 BYTES   FileVersion: N/A MD5: [862ee438973d9946dfbbb081930da922]
protection-log-2015-06-19.xml    File Size: 1944 BYTES   FileVersion: N/A MD5: [82fdc219fd357087d0721928ab0b81b4]
protection-log-2015-07-06.xml    File Size: 1345 BYTES   FileVersion: N/A MD5: [11f7ba0ba43b82ae982f18e71b1ee725]
protection-log-2015-07-16.xml    File Size: 4602 BYTES   FileVersion: N/A MD5: [4d77317593d151c8fe1c95401468b4e6]
protection-log-2015-07-22.xml    File Size: 894 BYTES   FileVersion: N/A MD5: [08dac91ee2d9358914d5cedc8e0e5e1b]
protection-log-2015-08-01.xml    File Size: 2563 BYTES   FileVersion: N/A MD5: [a66998c0cceb1f8a8d318450f9d7f159]
protection-log-2015-08-13.xml    File Size: 894 BYTES   FileVersion: N/A MD5: [9dc526e5dde0eb4619837ef459feb39c]
protection-log-2015-08-20.xml    File Size: 894 BYTES   FileVersion: N/A MD5: [61c7e2a95d4864dd830c9a8c235a2fa7]
protection-log-2015-08-22.xml    File Size: 1959 BYTES   FileVersion: N/A MD5: [cda033260435ba8f116c1d7eceed0826]
protection-log-2015-09-06.xml    File Size: 1652 BYTES   FileVersion: N/A MD5: [31466a44efab41b4fe9f126e2ebe34d2]
protection-log-2015-09-09.xml    File Size: 894 BYTES   FileVersion: N/A MD5: [45aa90f5bce504b1cc8e117e4ce539e7]
protection-log-2015-09-24.xml    File Size: 2836 BYTES   FileVersion: N/A MD5: [14f558524ccea1f8553dceedfea5a900]
protection-log-2015-10-11.xml    File Size: 2792 BYTES   FileVersion: N/A MD5: [afcc36723fd807a8270c5a1bdd911887]
protection-log-2015-10-14.xml    File Size: 894 BYTES   FileVersion: N/A MD5: [eb7024ce7c9599e5539207d84cd2c578]
protection-log-2015-10-21.xml    File Size: 2171 BYTES   FileVersion: N/A MD5: [e12f3dae80b47d69ec530c368893b125]
protection-log-2015-10-22.xml    File Size: 430 BYTES   FileVersion: N/A MD5: [730600a4f626144c19d1266bce05cd31]
protection-log-2015-10-27.xml    File Size: 894 BYTES   FileVersion: N/A MD5: [6ff0232526ac2f62ddeb524020f8b909]
protection-log-2015-11-04.xml    File Size: 8021 BYTES   FileVersion: N/A MD5: [a0cac0664dc039badd907bb586ead017]
protection-log-2015-11-12.xml    File Size: 16216 BYTES   FileVersion: N/A MD5: [f0c6ca339cefcba2836585569ecda54b]
protection-log-2015-11-13.xml    File Size: 16224 BYTES   FileVersion: N/A MD5: [004c6e784f1e6782a962d3c9eb6e61d4]
protection-log-2015-11-14.xml    File Size: 22909 BYTES   FileVersion: N/A MD5: [814de2b65aa1e8637f1894745693f3cc]
protection-log-2015-11-15.xml    File Size: 7715 BYTES   FileVersion: N/A MD5: [f96094a308ddd9d0a16d0dd208ada75b]
protection-log-2015-11-22.xml    File Size: 2543 BYTES   FileVersion: N/A MD5: [3e77258d7c59469cf0bb03c30e46096c]
protection-log-2015-12-18.xml    File Size: 1962 BYTES   FileVersion: N/A MD5: [598a476f7a6431ab870fa735d28226e3]
protection-log-2016-01-05.xml    File Size: 1956 BYTES   FileVersion: N/A MD5: [4fa1eb0cb5f7f27d9530730feef1632e]
protection-log-2016-02-10.xml    File Size: 1949 BYTES   FileVersion: N/A MD5: [3649acf948ce6b2c84db6f9a223b5e45]
protection-log-2016-02-26.xml    File Size: 1951 BYTES   FileVersion: N/A MD5: [595034532a22d587e9b32946423ab5aa]
protection-log-2016-03-11.xml    File Size: 1952 BYTES   FileVersion: N/A MD5: [fad1c891823c48204f1359bd8ac333fa]
protection-log-2016-03-15.xml    File Size: 1642 BYTES   FileVersion: N/A MD5: [5276e240109460227e4df8aa375d031f]
protection-log-2016-04-08.xml    File Size: 2238 BYTES   FileVersion: N/A MD5: [29ddbbd807c4856a6c4d2adb1ab04872]
protection-log-2016-04-24.xml    File Size: 12123 BYTES   FileVersion: N/A MD5: [e0ffee43bd0e2622f67c641901d1996c]
protection-log-2016-04-25.xml    File Size: 29470 BYTES   FileVersion: N/A MD5: [9f9575f6b45962021e11924e598a6e45]
protection-log-2016-04-26.xml    File Size: 23434 BYTES   FileVersion: N/A MD5: [0d048ad563389282811bb2c9722bdcdc]
protection-log-2016-04-27.xml    File Size: 15298 BYTES   FileVersion: N/A MD5: [b2dba05f41d142e1fe3717a2f7d23279]
protection-log-2016-04-28.xml    File Size: 24955 BYTES   FileVersion: N/A MD5: [933a5a53c72418c9cd716ef065414302]
protection-log-2016-04-29.xml    File Size: 19452 BYTES   FileVersion: N/A MD5: [70e12f0e22b5902df6ff62d353c26bce]
protection-log-2016-04-30.xml    File Size: 12634 BYTES   FileVersion: N/A MD5: [3a50f570e4b11e34c82332fbbf781f97]
protection-log-2016-05-01.xml    File Size: 14718 BYTES   FileVersion: N/A MD5: [e60393b9ae30434c3bc0e5e28c55357a]
protection-log-2016-05-02.xml    File Size: 19060 BYTES   FileVersion: N/A MD5: [2b333ff75209b8b9deea66f767ed629f]
protection-log-2016-05-03.xml    File Size: 19656 BYTES   FileVersion: N/A MD5: [d1faa0e198daa747925a53ba08371f4e]
protection-log-2016-05-04.xml    File Size: 16745 BYTES   FileVersion: N/A MD5: [51ef26c9783eada1dfadea6e4b3370f4]
protection-log-2016-05-05.xml    File Size: 26007 BYTES   FileVersion: N/A MD5: [3b4305fdd5dd67a7611418805c1b6f5c]
protection-log-2016-05-06.xml    File Size: 28730 BYTES   FileVersion: N/A MD5: [61575e703b22475e8cdad65036756604]
protection-log-2016-05-07.xml    File Size: 17308 BYTES   FileVersion: N/A MD5: [ca5782c5d09c9708c8ff3334bfae3421]
protection-log-2016-05-08.xml    File Size: 12044 BYTES   FileVersion: N/A MD5: [e53dc1c797b20de5f0c32b873b0e7308]
protection-log-2016-05-09.xml    File Size: 4200 BYTES   FileVersion: N/A MD5: [4333247b3be0ca6578f0be0f43608823]
protection-log-2016-05-11.xml    File Size: 1643 BYTES   FileVersion: N/A MD5: [6422baea4467c889f8ea445068b31323]
protection-log-2016-05-15.xml    File Size: 1338 BYTES   FileVersion: N/A MD5: [1f5c87598fcb6744fc8c67cb617cd249]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
5477996274.data    File Size: 850 BYTES   FileVersion: N/A MD5: [cc87ca6a2017f7812d8e4240c2fd54dd]
8439795826.data    File Size: 768 BYTES   FileVersion: N/A MD5: [dfed1b87b9f8951f0bedd2c3702f7eba]
8439795826.quar    File Size: 2952 BYTES   FileVersion: N/A MD5: [20504442219b9ade0856a992b40d16e7]

Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
Vendor: PUP.Optional.ASK, Date: 2016/04/08 23:54:59, Type: Registry Value, Location: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{88D6D26B-7582-46B9-9BE2-4147BBC8C640}|Path
Vendor: PUP.Optional.ASK, Date: 2016/04/08 23:54:59, Type: Registry Key, Location: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{88D6D26B-7582-46B9-9BE2-4147BBC8C640}
===============================================================
END OF FILE

AdvancedSetup · May 18, 2016

The other one is getting FRST logs.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Deanie · May 18, 2016

Oops. I had downloaded and saved Farbar to my desktop this morning, but left it there to wait for instructions. It's scanning right now, but appears to have stalled. "Not Responding" is the message.

Deanie · May 18, 2016

It just started up again. After "Scanning", do I go through the rest of the buttons (Search Files, Search Registry, and Fix)?

AdvancedSetup · May 18, 2016

No buttons. It should have produced a log. Please attach that log. If not then try running it again. If it still has issues then try running it from Safe Mode please.

Deanie · May 18, 2016

Will do,

Deanie · May 18, 2016

I have never had occasion to use Safe Mode. I pressed F8 just before the Windows starting logo appeared, but nothing happened. My computer rebooted as usual.

I tried to post a screen shot of what I get when I try to run FRST64 (the Farbar download), but it won't work. Basically, I get a box with the heading "Farber Recovery Scan Tool". Underneath, it says, "The tool is ready to use." Below that is a blank "Search" box, and below that are four buttons -- "Scan", "Search Files", "Search Registry", and "Fix". Then some check boxes below that. .......... but I'm confused as to your last instructions. You wrote I should press the "Scan" button and would get a FRST.txt log. That's what I was doing when you said not to press buttons. Instead, you instructed me to just re-run Farbar and it would produce an immediate log to attach.

I apologize. I'm a bit upset and frustrated as I really don't understand what I'm doing. Just trying to follow your instructions. :-(

AdvancedSetup · May 18, 2016

I'm sorry I thought you were asking if you should press any other buttons. Just press the SCAN button. Wait a few moments and it should automatically create and open the log for you.

Deanie · May 18, 2016

Ok. Will try again.

Deanie · May 18, 2016

Here is the Farbar Recovery Scan result:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-05-2016
Ran by Owner (administrator) on OWNER-PC (18-05-2016 16:40:55)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [GwxControlPanelMonitor] => "C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe" /traymode
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [VERIZONDM] => C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe [206120 2011-05-16] (SupportSoft, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [876712 2016-05-12] (Webroot)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-220767598-3805166269-1260382394-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-220767598-3805166269-1260382394-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-25]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-25]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2016-05-18]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP DeskJet 3630 series.lnk [2016-05-18]
ShortcutTarget: Monitor Ink Alerts - HP DeskJet 3630 series.lnk -> C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{22DB2F9D-437F-4B1B-9D42-0DBD67E386DA}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{3DFFF366-1296-4DF0-B26B-429D10505D4A}: [DhcpNameServer] 168.94.0.14 168.94.0.15

Internet Explorer:
==================
HKU\S-1-5-21-220767598-3805166269-1260382394-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=OIE9HP
HKU\S-1-5-21-220767598-3805166269-1260382394-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE9HP
HKU\S-1-5-21-220767598-3805166269-1260382394-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-220767598-3805166269-1260382394-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {7C452286-21F8-439C-90DB-F07CAC3CDD4C} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {7C452286-21F8-439C-90DB-F07CAC3CDD4C} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {A3067FAB-23F1-4583-9FAF-920EAAE5A873} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-220767598-3805166269-1260382394-1000 -> {187178B6-6746-4F14-948A-AD03AFB1D478} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-220767598-3805166269-1260382394-1000 -> {7C452286-21F8-439C-90DB-F07CAC3CDD4C} URL =
SearchScopes: HKU\S-1-5-21-220767598-3805166269-1260382394-1000 -> {A3067FAB-23F1-4583-9FAF-920EAAE5A873} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-10-15] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll [2010-10-15] (Google Inc.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-10-15] (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2f85i127.default-1395077546856
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-15] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Users\Owner\New folder (2)\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: ((3) AlphaBetty Saga on Facebook) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhagcdmbdopakknimbcgcomemopdlenk [2016-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM-x32\...\Chrome\Extension: [aaaanpaddaaoffccehffldolecpkgpej] - C:\Users\Owner\AppData\Local\APN\GoogleCRXs\aaaanpaddaaoffccehffldolecpkgpej_7.14.1.0.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [206120 2011-05-16] (SupportSoft, Inc.)
R2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [185640 2011-05-16] (SupportSoft, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [876712 2016-05-12] (Webroot)
S3 disconnect-openvpn; C:\Users\Owner\AppData\Roaming\Disconnect\Disconnect Desktop\nssm.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-10-14] (Webroot)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-18 15:55 - 2016-05-18 16:03 - 00013034 _____ C:\Users\Owner\Downloads\Addition.txt
2016-05-18 15:27 - 2016-05-18 16:40 - 00016840 _____ C:\Users\Owner\Downloads\FRST.txt
2016-05-18 15:26 - 2016-05-18 16:40 - 00000000 ____D C:\FRST
2016-05-18 11:18 - 2016-05-18 11:20 - 00064052 _____ C:\Users\Owner\Desktop\CheckResults.txt
2016-05-18 11:17 - 2016-05-18 11:17 - 00001258 _____ C:\Users\Owner\Desktop\mbam-check-2.3.2.0 - Shortcut.lnk
2016-05-18 11:15 - 2016-05-18 11:20 - 01706112 _____ (Malwarebytes) C:\Users\Owner\Downloads\mbam-check-2.3.2.0.exe
2016-05-18 11:09 - 2016-05-18 11:09 - 00001186 _____ C:\Users\Owner\Desktop\FRST64 (1) - Shortcut.lnk
2016-05-18 11:06 - 2016-05-18 11:09 - 02382336 _____ (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe
2016-05-18 11:03 - 2016-05-18 11:03 - 02382336 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2016-05-15 19:16 - 2016-05-15 19:16 - 00347816 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MicrosoftFixit.dvd.MATSKB.Run (1).exe
2016-05-11 18:11 - 2016-04-09 03:02 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-05-11 18:11 - 2016-04-09 03:01 - 05546216 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-05-11 18:11 - 2016-04-09 03:01 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-05-11 18:11 - 2016-04-09 03:01 - 00154344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-05-11 18:11 - 2016-04-09 03:01 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-05-11 18:11 - 2016-04-09 02:59 - 03998952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-05-11 18:11 - 2016-04-09 02:59 - 03943144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-05-11 18:11 - 2016-04-09 02:59 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 01:52 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-05-11 18:11 - 2016-04-09 01:52 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-05-11 18:11 - 2016-04-09 01:52 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-05-11 18:11 - 2016-04-09 01:51 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-05-11 18:11 - 2016-04-09 01:48 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-05-11 18:11 - 2016-04-09 01:47 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-05-11 18:11 - 2016-04-09 01:44 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-05-11 18:11 - 2016-04-09 01:44 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-05-11 18:11 - 2016-04-09 01:44 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-05-11 18:11 - 2016-04-09 01:43 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-05-11 18:11 - 2016-04-09 01:43 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-05-11 18:11 - 2016-04-09 01:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-05-11 18:11 - 2016-04-09 01:38 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-05-11 18:11 - 2016-04-09 01:38 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-05-11 18:11 - 2016-04-09 01:38 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-05-11 18:11 - 2016-04-09 01:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-05-11 18:11 - 2016-04-09 01:37 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-05-11 18:11 - 2016-04-09 01:37 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 01:37 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 01:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 01:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 17:56 - 2016-05-11 17:57 - 04596296 _____ (UltimateOutsider) C:\Users\Owner\Downloads\GWX_control_panel.exe
2016-05-11 11:59 - 2016-04-06 11:27 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2016-05-07 21:33 - 2016-05-07 21:33 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\4061214F.sys
2016-05-05 20:09 - 2016-05-11 16:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-04 16:01 - 2016-05-04 16:01 - 00000000 ____D C:\windows\SysWOW64\GWX
2016-05-04 16:01 - 2016-05-04 16:01 - 00000000 ____D C:\windows\system32\GWX
2016-04-25 15:11 - 2016-04-25 15:11 - 00002790 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2016-04-25 15:11 - 2016-04-25 15:11 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-25 15:11 - 2016-04-25 15:11 - 00000000 ____D C:\Program Files\CCleaner
2016-04-25 15:10 - 2016-04-25 15:10 - 06868672 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup516 (1).exe
2016-04-25 15:06 - 2016-04-25 15:06 - 06868672 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup516.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-18 16:34 - 2015-05-28 19:48 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-18 16:22 - 2009-07-14 01:13 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2016-05-18 16:22 - 2009-07-14 00:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-18 16:22 - 2009-07-14 00:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-18 16:22 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-05-18 16:14 - 2015-05-28 19:48 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-18 16:14 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-05-18 16:11 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-18 13:41 - 2012-02-04 11:10 - 00000000 ____D C:\ProgramData\WRData
2016-05-15 20:43 - 2015-11-12 09:13 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-15 19:01 - 2013-04-28 12:04 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2016-05-12 19:41 - 2015-05-28 19:56 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-12 08:49 - 2013-09-25 12:22 - 00117304 _____ (Webroot) C:\windows\system32\WRusr.dll
2016-05-12 08:49 - 2013-09-25 12:17 - 00182200 _____ (Webroot) C:\windows\SysWOW64\WRusr.dll
2016-05-11 16:35 - 2014-12-27 11:32 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-11 16:29 - 2014-03-16 14:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-10 21:29 - 2015-05-28 19:48 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 21:29 - 2015-05-28 19:48 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-05 06:58 - 2014-12-11 09:06 - 00000000 ____D C:\windows\system32\appraiser
2016-04-25 15:12 - 2012-09-30 19:08 - 00000000 ____D C:\windows\Minidump
2016-04-25 15:12 - 2011-12-01 17:52 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2016-04-25 15:12 - 2010-10-14 21:37 - 00000000 ____D C:\windows\Panther
2016-04-25 08:25 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration
2016-04-24 22:20 - 2015-11-04 21:13 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-24 22:20 - 2015-11-04 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-24 22:20 - 2015-11-04 21:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-21 15:05 - 2011-06-03 07:23 - 00453288 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-04-18 11:54 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache

==================== Files in the root of some directories =======

2014-02-14 00:58 - 2014-02-14 00:58 - 49940480 _____ () C:\Program Files (x86)\GUTF467.tmp
2012-12-12 20:15 - 2012-12-12 20:15 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-01 21:05

==================== End of FRST.txt ========

AdvancedSetup · May 18, 2016

Okay, let me have you run the following please. Once done post back the log.

Please visit this webpage and read the ComboFix User's Guide:

Once you've read the article and are ready to use the program you can download it directly from the link below.
Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Direct download link for: ComboFix.exe
Please make sure you disable your security applications before running ComboFix.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
Please attach that log file to your next reply.
If needed the file can be located here: C:\combofix.txt
NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

Deanie · May 19, 2016

When you say "disable your security applications".....do you mean to disable Firewall? In addition, I have Malwarebytes (Free version), Windows Defender, and Webroot Security. Do I need to "uninstall" those....or can those simply be "disabled"? Thanks.

AdvancedSetup · May 19, 2016

No, do not uninstall anything. Please disable " Webroot Security" - the other stuff you can leave alone.

Cheers

Ron

Deanie · May 19, 2016

Thanks. I just have to take care of a couple of things first this morning, then will sit down to monitor ComboFix.

Deanie · May 19, 2016

I'm confused again. I ran Combofix from my Desktop. I got the black screen with green lettering, running through files. This lasted about one minute, then the dialog box disappeared. No clock, nothing happening. No evidence of a log created. I'll reboot my computer now and try again.

Deanie · May 19, 2016

I rebooted and ran ComboFix again. It deleted, extracted, saved files and stopped again after one minute. This time, I got a dialog box with Warning! ComboFix has detected WebrootSecureAnywhere still actively running. Please close before proceeding or machine damage can result.

I thought I had disabled Webroot by unchecking all boxes so that there is no scheduled scan. Obviously, I don't know how to disable Webroot. I searched on-line for information about this, and from the little I can understand, Webroot cannot, in fact, be disabled, but has to be temporarily uninstalled. I have no problem uninstalling it for good, but don't know how to do that. Webroot SecurityAnywhere is not listed in my programs. ??

Deanie · May 19, 2016

I just spent the past 2 hours on the phone with Webroot Support. It took that long for an agent to uninstall Webroot SecureAnywhere from my computer. I certainly could not have done it myself. As part of the process, he had to re-install Webroot. When he did a malware scan, the following threat was identified and removed:

Infection: W32.Malware.Heur

Removed: c:\programfiles(x86)\tweaking.com\registrybackup\tweakingregistrybackup.exe...

However, he told me to proceed with you as this threat may be just one part of a bigger issue. I am ready to try running ComboFix again, but will wait for your go-ahead in light of what transpired above. Thanks.

AdvancedSetup · May 19, 2016

Yes, please run Combofix again. Then wait for it to finish. It can take much longer than the 10 minutes it says on some systems. Let it run for a couple hours before you decide to try to stop it or reboot.

The file: c:\programfiles(x86)\tweaking.com\registrybackup\tweakingregistrybackup.exe...

Is just a generic detection and is not a threat issue at all to the computer.

Once the log is done please upload it as an attachment if possible.

Thank you

Deanie · May 19, 2016

Ok, thanks. Going to run ComboFix now.

Deanie · May 19, 2016

Below is my ComboFix log. I hope I did this correctly.

ComboFix.txt

AdvancedSetup · May 20, 2016

That looks good. Combofix was able to remove some items and fix a couple things.

Please go ahead and run through the following steps and post back the logs when ready.

STEP 04
Please download Junkware Removal Tool to your desktop.

Shutdown your antivirus to avoid any conflicts.
Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply message
When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Please uncheck elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you may want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

STEP 06

Please go here to run the online antivirus scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Click Scan
Wait for the scan to finish
If any threats were found, click the 'List of found threats' , then click Export to text file....
Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Deanie · May 20, 2016

Step 4. Here is JRT.exe (Sorry, couldn't Attach this one for some reason). Will be back in a couple of hours to complete the rest.

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by Owner (Administrator) on Fri 05/20/2016 at 9:01:45.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 14

Successfully deleted: C:\ProgramData\best buy pc app (Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\best buy pc app (Folder)
Successfully deleted: C:\Program Files (x86)\GUTF467.tmp (File)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQRJWZWL (Temporary Internet Files Folder)
Successfully deleted: C:\windows\prefetch\FREECELL.EXE-B8D57695.pf (File)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQRJWZWL (Temporary Internet Files Folder)

Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7C452286-21F8-439C-90DB-F07CAC3CDD4C} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A3067FAB-23F1-4583-9FAF-920EAAE5A873} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/20/2016 at 9:04:43.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deanie · May 20, 2016

Step 05. I'm confused about the AdwCleaner instructions. I did not see a "Report" button, so I just clicked on LogFile and below is what was on my Notepad. Also, I do not understand about reviewing files/folders and unclicking the elements I want to save. I wouldn't know what to save. Please advise.

# AdwCleaner v5.117 - Logfile created 20/05/2016 at 11:39:11
# Updated 15/05/2016 by Xplode
# Database : 2016-05-15.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Files ] *****

File Found : C:\Users\Owner\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaanpaddaaoffccehffldolecpkgpej
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : [x64] HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Web browsers ] *****

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [4931 bytes] - [20/05/2016 11:39:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5004 bytes] ##########

Win 7 Laptop - Can't Format D, Can't Install Updates

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information