Jump to content

Win 7 Laptop - Can't Format D, Can't Install Updates


Recommended Posts

Hi, I have a Windows 7 Home Premium laptop (purchased in 2010, my first and only computer, so I'm not too literate), 64-bit.  It came with Webroot Security installed, which I don't use.  I regularly scan with Malwarebytes (Free Version).   I just completed a scan and there are no objects detected.  Within the past month, there have been a couple of PUP files quarantined and I have deleted them.

I've had two issues in the past week or so -- 1) Scheduled weekly back-up to DVD-RW in D: drive has failed. I tried several new disks and all formatting failed.  I checked my Devices and computer indicates that drivers are working properly.  2) I successfully installed Windows updates last week, however, 18 updates from 2 days ago failed.  While the computer said "Downloading Updates", the percentage remained at 0%.  It didn't move.  Thanks.

Link to post
Share on other sites

Hi Ron,  I didn't understand your 4th bullet under "Log Set 2", but here is my mbam-check log:

mbam-check result log version:     2.3.2.0
========================================

User Account type:                 Administrator
DomainComputer:                    No
OS:                                Windows 7 Service Pack 1 Service Pack 1 64 bit Operating System
Current Version and Build:         6.1.7601 
Malwarebytes Anti-Malware:         2.2.1.1043
Installed On:                      2016/04/24
Malware Database:                  2016.05.15.06
Rootkit Database:                  2016.05.06.01
Remediation Database:              2016.05.11.01
IP Database:                       2016.05.13.03
Domain Database:                   2016.05.14.02
License:                           Free
Malware Protection:                0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
Malicious Website Protection:      0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMWebAccessControl
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2016/05/18 11:18:24

User Information for Local System:
===========================================
User Account: Administrator
    Account Level: Admin
User Account: Guest
    Account Level: Guest
User Account: Owner
    Account Level: Admin
Total # of user entries: 3

UAC Settings:
===================
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    DWORD    1    Status: ON
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    DWORD    5    Status: ON

AntiVirus Information:
===================
AntiVirus Software Installed:    "Webroot SecureAnywhere"

FireWall Information:
===================
NO 3rd Party Firewall Software Installed

AntiSpyware Information:
===================
AntiSpyware Software Installed:    "Webroot SecureAnywhere"
AntiSpyware Software Installed:    "Windows Defender"

Machine Information
===============================================
Machine ID:    f2885a2f171ad4bf80ba8fa531b2df5aa368f489
Installation Token:    uRt5Dome2EEFxvUyhZVB
System has been up for:     14.4375 Hours
Current Date:    2016-May-18 15:19:25.166701
Date Booted:    2016-May-18 01:19:25.166701

Detection and Protection Settings
===============================================
Use Advanced Heuristics Engine (Shuriken):            true
Scan for rootkits:                                    true
Scan within archives:                                 true
PUP (Potentially Unwanted Program) detections:        Treat Detections as Malware
PUM (Potentially Unwanted Modification) detections:   Treat Detections as Malware

Compatibility Flag Settings:
=================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exeREG_SZ        DISABLEUSERCALLBACKEXCEPTION
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
    SIGN.MEDIA=1E0051F8 Epson.exe REG_SZ        ELEVATECREATEPROCESS


Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:

MBAM Startup Entries: 
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Malwarebytes Anti-Malware Service and Driver Status:
=======================================================

--------------Driver File Info:--------------
C:\windows\system32\drivers\mbam.sys
File Size: 27008     BYTES    FileVersion: 0.1.16.0    MD5: [78bff5425e044086e74e78650a359fbb]
C:\windows\system32\drivers\mwac.sys
File Size: 64896     BYTES    FileVersion: 1.0.6.0    MD5: [452acb7a9914398d9e18cccffcf92208]
C:\windows\system32\drivers\mbamswissarmy.sys
File Size: 192216    BYTES    FileVersion: 0.3.0.4    MD5: [78488af2ab2111d67b3c4044707a519b]
C:\windows\system32\drivers\mbamchameleon.sys
File Size: 140672    BYTES    FileVersion: 1.1.22.0    MD5: [1239597bab7eed2bb16d035af87e65d9]

--------------MBAMProtector:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMService:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMScheduler:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMWebAccessControl:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControl
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


Required Dependencies:
======================

--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
    DisplayName                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1001
    Group                         REG_SZ        NetworkProvider
    ImagePath                     REG_EXPAND_SZ    %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
    Description                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1002
    ObjectName                    REG_SZ        NT AUTHORITY\LocalService
    ErrorControl                  REG_DWORD        1
    Start                         REG_DWORD        2
    Type                          REG_DWORD        32
    DependOnService               REG_MULTI_SZ    RpcSs

    ServiceSidType                REG_DWORD        3
    RequiredPrivileges            REG_MULTI_SZ    SeAuditPrivilege

    FailureActions                REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
    ServiceDll                    REG_EXPAND_SZ    %SystemRoot%\System32\bfe.dll
    ServiceDllUnloadOnStop        REG_DWORD        1
    ServiceMain                   REG_SZ        BfeServiceMain

--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
    AttachWhenLoaded              REG_DWORD        1
    DisplayName                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
    Group                         REG_SZ        FSFilter Infrastructure
    ImagePath                     REG_EXPAND_SZ    system32\drivers\fltmgr.sys
    Description                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
    ErrorControl                  REG_DWORD        3
    Start                         REG_DWORD        0
    Tag                           REG_DWORD        1
    Type                          REG_DWORD        2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
    0                             REG_SZ        Root\LEGACY_FLTMGR\0000
    Count                         REG_DWORD        1
    NextInstance                  REG_DWORD        1


C:\windows\system32\drivers\fltmgr.sys
File Size: 289664    BYTES    FileVersion: 6.1.7601.17514    MD5: [da6b67270fd9db3697b20fce94950741]
C:\windows\SysWOW64\comctl32.ocx
File Size: 1351392   BYTES    FileVersion: 6.0.81.6    MD5: [2640ad05ab39321e6c9d3c71236ca0df]
C:\windows\SysWOW64\mscomctl.ocx
File Size: 1070232   BYTES    FileVersion: 6.1.98.46    MD5: [273676426739b02a45a0fc9349500b65]
C:\windows\SysWOW64\olepro32.dll
File Size: 90112     BYTES    FileVersion: 6.1.7601.17514    MD5: [703ffd301ab900b047337c5d40fd6f96]


MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced: 
    AutomaticQuarantine:                                       true 
    AutostartProtection:                                       true 
    LimitedMode:                                               false 
    SelfProtection:                                            false 
    StartSilentMode:                                           false 
    StartupDelay:                                              -15 
ApplicationState: 
    First-Run-After-Installation:                              false 
BusinessMessaging: 
    Count:                                                     0 
General: 
    DaysUntilNotifyExpiration:                                 5 
    Language:                                                  en 
    RightClickAccess:                                          true 
    SilentErrors:                                              false 
Logging: 
    ExportLog:                                                 true 
Marketing: 
    LastPostScanMarketingIndex:                                0 
Notification: 
ProtectionTray: 
    DisplayMilliseconds:                                       3000 
ScanHistory: 
    Duration_Complete:                                         276495 
    Duration_Driver:                                           51225 
    Duration_Filesystem:                                       7010 
    Duration_Heuristics:                                       3201942 
    Duration_Loading:                                          0 
    Duration_MasterBootRecord:                                 218 
    Duration_Memory:                                           40000 
    Duration_PreScan:                                          47348 
    Duration_Registry:                                         115104 
    Duration_Sector:                                           0 
    Duration_Startup:                                          60500 
    ItemCount_Complete:                                        237048 
    ItemCount_Driver:                                          295 
    ItemCount_Filesystem:                                      44895 
    ItemCount_Heuristics:                                      12944 
    ItemCount_Loading:                                         0 
    ItemCount_MasterBootRecord:                                3 
    ItemCount_Memory:                                          2797 
    ItemCount_PreScan:                                         47250 
    ItemCount_Registry:                                        567 
    ItemCount_Sector:                                          0 
    ItemCount_Startup:                                         1114 
    LastRemovalRequiredDOR:                                    false 
    LastScanDateEpoch:                                         1463359435938 
    LastScanType:                                              1 (Threat Scan)
    QuarantineCompletedCount:                                  6 
Update: 
    LastUpdate:                                                2016-05-16T00:43:28 
    NotifyInstallReady:                                        true 
    NotifyOutdatedDatabase:                                    7 
    ProxyPassword:                                              
    ProxyPort:                                                 0 
    ProxyServer:                                                
    ProxyUsername:                                              
    UseProxy:                                                  false 
    UseProxyAuthentication:                                    false 
    CheckProgramUpdates:                          true
--------------Account:--------------
  Account Status:                                              Free 
  Expiration Time:                                             2016/05/09 02:17:11 
  Activation Time:                                              
  Trial Used:                                                  true 
--------------Access Policies:--------------

Scheduler Queue:
================

tasks: 
    65814a1f-554d-4660-9f24-99abf38fe641:                       
      parameters:                                               
        TaskType:                                              3 
      triggers:                                                 
        35f32e5a-7dc1-40a8-9167-93f6825c8f84:                   
          dateinterval:                                        0:0:0 (Days:Months:Years) 
          lastscheduled:                                       Wed, 18 May 2016 10:33:44.628550 -0400 
          lasttriggered:                                       Mon, 09 May 2016 07:39:20.629222 -0400 
          nextscheduled:                                       Wed, 18 May 2016 11:33:44.628550 -0400 
          recovery:                                            00:00:00 (Hours:Minutes:Seconds) 
          start:                                               Mon, 02 Jun 2014 22:33:44.628550 -0400 
          timeinterval:                                        01:00:00 (Hours:Minutes:Seconds) 
          type:                                                Hourly 
          uuid:                                                35f32e5a-7dc1-40a8-9167-93f6825c8f84 
      type:                                                    update 
      uuid:                                                    65814a1f-554d-4660-9f24-99abf38fe641 
    a3e0f25f-4e1a-47e4-bb46-d6e930cd67f4:                       
      parameters:                                               
        CheckForUpdatesBeforeScanStart:                        true 
        ProcessLaunchedFromScheduler:                          true 
        ScanConfig:                                             
          ExitWhenNoMalwareDetected:                           false 
          ExportLog:                                           true 
          FileSystemOption:                                    true 
          RebootSystemWhenMalwareDetected:                     false 
          RemoveMalwareAutomaticallyWhenScanEnds:              false 
          ScanArchives:                                        true 
          ScanExtra:                                           true 
          ScanHeuristic:                                       true 
          ScanMemoryObjects:                                   true 
          ScanPUM:                                             Treat Detections as Malware 
          ScanPUP:                                             Treat Detections as Malware 
          ScanRegistry:                                        true 
          ScanRootkits:                                        false 
          ScanStartup:                                         true 
          ScanTargets:                                          
          ScanType:                                            1 (Threat Scan)
          Silent:                                              true 
          TerminateExplorerWhenMalwareIsRemoved:               false 
        StartTaskFromSystemAccount:                            false 
        TaskType:                                              0 
      triggers:                                                 
        c560526a-8986-4d4c-a460-36bd2f5afb9e:                   
          dateinterval:                                        1:0:0 (Days:Months:Years) 
          lastscheduled:                                       Wed, 18 May 2016 02:10:42 -0400 
          lasttriggered:                                       Mon, 09 May 2016 06:32:50.668009 -0400 
          nextscheduled:                                       Thu, 19 May 2016 02:10:42 -0400 
          recovery:                                            23:00:00 (Hours:Minutes:Seconds) 
          start:                                               Tue, 03 Jun 2014 02:10:42 -0400 
          timeinterval:                                        00:00:00 (Hours:Minutes:Seconds) 
          type:                                                Daily 
          uuid:                                                c560526a-8986-4d4c-a460-36bd2f5afb9e 
      type:                                                    scan 
      uuid:                                                    a3e0f25f-4e1a-47e4-bb46-d6e930cd67f4 

Pending File Rename Operations: 
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

MBAMProtector Registry Values:
==============================

MBAMService Registry Values:
============================

MBAMScheduler Registry Values:
==============================

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


TermService Start is set to: 3 (Manual Startup)

Proxy Status: No proxy is Set

Proxy Override: 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
    ProxyOverride    REG_SZ        <local>

LAN Settings:
=============

only 'Automatically detect settings' is selected

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
    SystemPartition    REG_SZ        \Device\HarddiskVolume1

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
        h:mm:ss tt
        AM 
        PM 
        :

Currently:
REG_SZ        h:mm:ss tt
REG_SZ        AM
REG_SZ        PM
REG_SZ        :

Language and Regional Settings:
===============================

ACP:     Language is English (United States)
MACCP:     Language is English (United States)
OEMCP:     Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's Startup Folder Exists.


Context Menu Entries:
=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}


HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
    (Default):                    REG_SZ        IMBAMShlExt
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
    (Default):                    REG_SZ        {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
    (Default):                    REG_SZ        {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
    Version                       REG_SZ        1.0
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
    ThreadingModel                REG_SZ        Apartment
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
    (Default):                    REG_SZ        {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
    (Default):                    REG_SZ        MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
    (Default):                    REG_SZ        0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
    (Default):                    REG_SZ        MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
    (Default):                    REG_SZ        0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware


List of MBAM Related Directories:
=================================

C:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll                                      File Size: 922080    BYTES    FileVersion:  9.20.0.0       MD5: [14079a2411fa2bb7f78bc100c92bbcc2]
changes.txt                                 File Size: 1596      BYTES    FileVersion:  N/A            MD5: [09371a0c8bd9e9554571da257d554d3e]
cloud-enumeration.dll                       File Size: 287200    BYTES    FileVersion:  1.0.1.0        MD5: [84ac20b9327dbd4d94039be93384dad5]
cloud.dll                                   File Size: 352736    BYTES    FileVersion:  1.0.1.0        MD5: [5659790448fb136a80be407c4a0dbb50]
license.rtf                                 File Size: 38870     BYTES    FileVersion:  N/A            MD5: [ed36ea764c3a452334416713c8cf1eed]
master.conf                                 File Size: 1258      BYTES    FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                    File Size: 609760    BYTES    FileVersion:  1.0.40.0       MD5: [c4a51c1cb174066fdaf383c09f0d574b]
mbam.exe                                    File Size: 9926112   BYTES    FileVersion:  2.3.173.0      MD5: [8e98e3ec16d2641005b4748cd330fb45]
mbamcore.dll                                File Size: 2127840   BYTES    FileVersion:  1.3.24.0       MD5: [63ce66ef2b30a09308eafe29baec6a75]
mbamdor.exe                                 File Size: 55264     BYTES    FileVersion:  1.0.2.0        MD5: [297c1bdcc26adb339d4c0f0550e434d6]
mbamext.dll                                 File Size: 431072    BYTES    FileVersion:  3.1.1.0        MD5: [67a6ec1735c77c2623b49cc1f284c8a0]
mbampt.exe                                  File Size: 40928     BYTES    FileVersion:  1.0.57.0       MD5: [04d0b942b0ad4a5d2eee45d9b7d6545b]
mbamresearch.exe                            File Size: 1949152   BYTES    FileVersion:  1.1.1.0        MD5: [e601f9ca6a72493bc8185bedda17eee8]
mbamscheduler.exe                           File Size: 1514464   BYTES    FileVersion:  3.1.7.0        MD5: [9611577752e293259c7dce19e9026362]
mbamservice.exe                             File Size: 1136608   BYTES    FileVersion:  3.2.21.0       MD5: [f1a89a34388b5626f1548d393b23ecb1]
mbamsrv.dll                                 File Size: 3863008   BYTES    FileVersion:  2.1.10.0       MD5: [a33629c51295570fe9f252a39ddcea93]
msvcp100.dll                                File Size: 422880    BYTES    FileVersion:  10.0.40219.325 MD5: [53a5f1b984f585997968cd0dfb27400c]
msvcr100.dll                                File Size: 775648    BYTES    FileVersion:  10.0.40219.325 MD5: [dc0213118e61e5ca865092109860792c]
Qt5Core.dll                                 File Size: 4646880   BYTES    FileVersion:  5.4.1.0        MD5: [91c7c50b2a290b82604163b5a679ea24]
Qt5Gui.dll                                  File Size: 4640224   BYTES    FileVersion:  5.4.1.0        MD5: [1d59b3e632aef8e24cc1707fd411113b]
Qt5Network.dll                              File Size: 673248    BYTES    FileVersion:  5.4.1.0        MD5: [e089635a8cbed229ec30cdbe29748c08]
Qt5Widgets.dll                              File Size: 4474848   BYTES    FileVersion:  5.4.1.0        MD5: [33881dda0ccc3898facadf1e4d1df237]
unins000.dat                                File Size: 107288    BYTES    FileVersion:  N/A            MD5: [86720c0ea6f2e50bc63b1c9ea7942d57]
unins000.exe                                File Size: 720085    BYTES    FileVersion:  51.52.0.0      MD5: [f1505d347325c77e3eeef418495e1f57]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                               File Size: 235882    BYTES    FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.exe                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.pif                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.scr                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
iexplore.exe                                File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.com                          File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.exe                          File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.pif                          File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.scr                          File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-killer.exe                             File Size: 1504736   BYTES    FileVersion:  3.0.15.0       MD5: [b79d3c2fca170c4dd15d7316067a1fd3]
rundll32.exe                                File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
svchost.exe                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
windows.exe                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
winlogon.exe                                File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
qgif.dll                                    File Size: 29664     BYTES    FileVersion:  5.4.1.0        MD5: [0b528e4c9bbd9efdea9bc8ac6a967d6d]
qico.dll                                    File Size: 29664     BYTES    FileVersion:  5.4.1.0        MD5: [7b36d94db81b8b0dfd9323228dd96b51]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_ar.qm                                  File Size: 87404     BYTES    FileVersion:  N/A            MD5: [269d3107ca72a75fe154ce4ff718af50]
lang_bg.qm                                  File Size: 133911    BYTES    FileVersion:  N/A            MD5: [376ad1e4ad206bc32da09b12b564ecc4]
lang_ca.qm                                  File Size: 92634     BYTES    FileVersion:  N/A            MD5: [2d35f58b0c2db44ad2717f4a4526a085]
lang_cs.qm                                  File Size: 105193    BYTES    FileVersion:  N/A            MD5: [2c191de828d5e05fd7afa27ee1245023]
lang_da.qm                                  File Size: 88039     BYTES    FileVersion:  N/A            MD5: [f8a4941d5d388160d252832a77ab584f]
lang_de.qm                                  File Size: 139276    BYTES    FileVersion:  N/A            MD5: [b55f37281f0fcadfae67aecf0bf4cca5]
lang_el.qm                                  File Size: 126897    BYTES    FileVersion:  N/A            MD5: [bd671253e071bac626beea63393abcda]
lang_en.qm                                  File Size: 3081      BYTES    FileVersion:  N/A            MD5: [e2790b3cd9fdd9d3e266e9623fe477af]
lang_es.qm                                  File Size: 138468    BYTES    FileVersion:  N/A            MD5: [cc4f3aab63d933d5964e2bba62df4277]
lang_et.qm                                  File Size: 107794    BYTES    FileVersion:  N/A            MD5: [aa4845cd64b20377cea0ebc66eed4a42]
lang_fi.qm                                  File Size: 130793    BYTES    FileVersion:  N/A            MD5: [00653d1fb2f790817aef991025c176aa]
lang_fr.qm                                  File Size: 141996    BYTES    FileVersion:  N/A            MD5: [e06db8ef6b826b75ec5859913651ed44]
lang_he.qm                                  File Size: 98928     BYTES    FileVersion:  N/A            MD5: [2954e902664f2e129f8a8d8238e90552]
lang_hu.qm                                  File Size: 132359    BYTES    FileVersion:  N/A            MD5: [6bf3b8c78fd393ef2811a19742518b9a]
lang_id.qm                                  File Size: 129135    BYTES    FileVersion:  N/A            MD5: [6be058072a90897595c6f097a3caa797]
lang_it.qm                                  File Size: 134154    BYTES    FileVersion:  N/A            MD5: [183990148beec433023688db65a7bf2e]
lang_ja.qm                                  File Size: 73762     BYTES    FileVersion:  N/A            MD5: [f6bfd643cb92fa760ae6ec64344ee7e1]
lang_ko.qm                                  File Size: 85731     BYTES    FileVersion:  N/A            MD5: [53b5a94eb309d69993a5bc3cd43a85e4]
lang_lt.qm                                  File Size: 90799     BYTES    FileVersion:  N/A            MD5: [eecd8edca1fb068ad3bd88aa711bdae2]
lang_lv.qm                                  File Size: 90659     BYTES    FileVersion:  N/A            MD5: [683950904e725821740217824df440ff]
lang_nl.qm                                  File Size: 133514    BYTES    FileVersion:  N/A            MD5: [442a6cf7e07e6f676d8b5ae41637549c]
lang_no.qm                                  File Size: 129833    BYTES    FileVersion:  N/A            MD5: [8949e21e367e5a32ca9f36d8d22c9771]
lang_pl.qm                                  File Size: 133827    BYTES    FileVersion:  N/A            MD5: [48379f4ac164adfc8d448bf53c8e2df8]
lang_pt_BR.qm                               File Size: 136918    BYTES    FileVersion:  N/A            MD5: [b1ea2002cf5362b24ca0a026f448e3f1]
lang_pt_PT.qm                               File Size: 136982    BYTES    FileVersion:  N/A            MD5: [5e23b66cb6d8d9894b991cc8f33658af]
lang_ro.qm                                  File Size: 90458     BYTES    FileVersion:  N/A            MD5: [bcf524020255c4f7a6fdbae8df2bfe81]
lang_ru.qm                                  File Size: 137874    BYTES    FileVersion:  N/A            MD5: [5e28394fbd12f21301e2b7e1a9dbac94]
lang_sk.qm                                  File Size: 131080    BYTES    FileVersion:  N/A            MD5: [68e0e95e7131d101188a57e3a413dee5]
lang_sl.qm                                  File Size: 107631    BYTES    FileVersion:  N/A            MD5: [83755001a3f1bd527d0b4b7a77d0b37d]
lang_sv.qm                                  File Size: 129135    BYTES    FileVersion:  N/A            MD5: [b3c38242beb63f895fabcc14bbc6807a]
lang_tr.qm                                  File Size: 88838     BYTES    FileVersion:  N/A            MD5: [1e4a3c0dcd7074ad4a3971ce67762cda]
lang_vi.qm                                  File Size: 133386    BYTES    FileVersion:  N/A            MD5: [586de19c023986bf884ad56fc29c8f5e]
lang_zh_TW.qm                               File Size: 87797     BYTES    FileVersion:  N/A            MD5: [e120a014cf077bdcbcdcbf98c3438188]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\platforms
qwindows.dll                                File Size: 929760    BYTES    FileVersion:  5.4.1.0        MD5: [6c54d2ebeaacbe9b56816536041c8281]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                               File Size: 823776    BYTES    FileVersion:  1.4.0.1001     MD5: [bbfc25590af3e45d8cca1fab95648b40]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                                 File Size: 7218      BYTES    FileVersion:  N/A            MD5: [7a4c5861ce619527e9eb4adb1666567d]
akadomains.ref                              File Size: 92        BYTES    FileVersion:  N/A            MD5: [73d5774cbd8df165274a0691ae264808]
akaips.ref                                  File Size: 92        BYTES    FileVersion:  N/A            MD5: [2a6869d1f91f0a0b87b1d27bd30ccc5c]
domains.ref                                 File Size: 574925    BYTES    FileVersion:  N/A            MD5: [0e54269b36a7f566d21209321b3070b6]
exclusions.dat                              File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref                                     File Size: 226273    BYTES    FileVersion:  N/A            MD5: [8d2cb9e8b0260b59ced0a16a5240daed]
mbam-setup.exe                              File Size: 22851472  BYTES    FileVersion:  2.2.1.1043     MD5: [52f4695c53b02ada7d648f95f2e2f8b4]
rules.ref                                   File Size: 9134734   BYTES    FileVersion:  N/A            MD5: [d99c430361365f3a42871f4eecf3d9e7]
swissarmy.ref                               File Size: 28224     BYTES    FileVersion:  N/A            MD5: [6e86f15c88c682377df80472cd22f48c]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                                  File Size: 4596      BYTES    FileVersion:  N/A            MD5: [e4cc88f931e07d36311bff1ce1cd7f5f]
database.conf                               File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                                File Size: 1609      BYTES    FileVersion:  N/A            MD5: [d32719d30bfcb89fb050d9a510629300]
manifest.conf                               File Size: 3395      BYTES    FileVersion:  N/A            MD5: [4c841aa99eaf755e46b1c881efb7a0af]
marketing.conf                              File Size: 7402      BYTES    FileVersion:  N/A            MD5: [9e9978e806ac4d4cf39ceef9f5f23be4]
net.conf                                    File Size: 7336      BYTES    FileVersion:  N/A            MD5: [eb978a47320033a76cd1d831ebfea77f]
notifications.conf                          File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                              File Size: 2189      BYTES    FileVersion:  N/A            MD5: [e9554197f9e3df362e1a3180d292a96e]
settings.conf                               File Size: 2189      BYTES    FileVersion:  N/A            MD5: [0eb639f2d4f9340b13bf6bec91a5ada1]
statistics.conf                             File Size: 597       BYTES    FileVersion:  N/A            MD5: [613c5255134b4b54891bc763d3f540bb]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore
build.conf                                  File Size: 4179      BYTES    FileVersion:  N/A            MD5: [20d9566b3cf94f1e395de8f40046fc68]
database.conf                               File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                                File Size: 23        BYTES    FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                               File Size: 3171      BYTES    FileVersion:  N/A            MD5: [a6e5576f7723acab40490fb9e64dfc1c]
marketing.conf                              File Size: 6974      BYTES    FileVersion:  N/A            MD5: [53bbca93e7bbeb7f5dca1ef9419ccb28]
net.conf                                    File Size: 6530      BYTES    FileVersion:  N/A            MD5: [9fb4acfdc11c7af48a760db4c7bfebf0]
notifications.conf                          File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                              File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                               File Size: 1724      BYTES    FileVersion:  N/A            MD5: [e27b42126b89352fdaae8f1630b9a8d8]
statistics.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
mbam-log-2014-05-18 (18-17-23).xml          File Size: 2852      BYTES    FileVersion:  N/A            MD5: [392a1745f3787ab5460e19a43e61835c]
mbam-log-2014-06-01 (21-30-38).xml          File Size: 2474      BYTES    FileVersion:  N/A            MD5: [544c49a1dcaf70cd51c143da4fd6941a]
mbam-log-2014-06-02 (22-02-39).xml          File Size: 2496      BYTES    FileVersion:  N/A            MD5: [96e0172cc07634c1c85dc574e88b8119]
mbam-log-2014-06-03 (07-02-33).xml          File Size: 2496      BYTES    FileVersion:  N/A            MD5: [362351d01a27cad8138067df1f05e493]
mbam-log-2014-06-03 (08-32-49).xml          File Size: 2496      BYTES    FileVersion:  N/A            MD5: [5d273ca888eebb7f9ffa29d8dbc83942]
mbam-log-2014-06-04 (07-03-37).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [204d134588e4e3b8dfea2a1987280775]
mbam-log-2014-06-05 (09-10-58).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [2892612373af76096d7f045b606b5e18]
mbam-log-2014-06-06 (09-03-51).xml          File Size: 2496      BYTES    FileVersion:  N/A            MD5: [22064bc002bf1a0cfcd82dbcf11ede10]
mbam-log-2014-06-07 (08-57-02).xml          File Size: 2496      BYTES    FileVersion:  N/A            MD5: [0c71335aa2df633d2cc500551e9caf3f]
mbam-log-2014-06-08 (08-50-10).xml          File Size: 2496      BYTES    FileVersion:  N/A            MD5: [77b18f0262c4c89935643a3c9a4a7608]
mbam-log-2014-06-09 (08-56-44).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [476f5a43ee4d2cb1d5a03f335f4881b4]
mbam-log-2014-06-10 (09-08-21).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [493ccd7f76ddf8bbdef3ff50854fe4e1]
mbam-log-2014-06-11 (08-58-41).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [b3e31522963d05fe9b0e1baa8e639e1b]
mbam-log-2014-06-12 (08-50-03).xml          File Size: 2496      BYTES    FileVersion:  N/A            MD5: [b13a32c873412701f0f668b89be731c1]
mbam-log-2014-06-13 (08-44-32).xml          File Size: 2496      BYTES    FileVersion:  N/A            MD5: [047932e0929fced248ccba416dd1d1ce]
mbam-log-2014-06-14 (08-43-04).xml          File Size: 2496      BYTES    FileVersion:  N/A            MD5: [cc5b5f07496bbeb5054b5b80af340c22]
mbam-log-2014-06-15 (08-40-02).xml          File Size: 2496      BYTES    FileVersion:  N/A            MD5: [51a8e5301607a23eb1cb026bd8c870b9]
mbam-log-2014-06-16 (08-35-46).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [c7fa12a74afceee50e0a6649eb59e497]
mbam-log-2014-06-16 (13-36-11).xml          File Size: 2496      BYTES    FileVersion:  N/A            MD5: [e01778b2e03f065a79cae1b6097edad7]
mbam-log-2014-06-17 (19-08-41).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [ae84e4ff0461cfd30400547e6aa698b5]
mbam-log-2014-07-10 (13-18-59).xml          File Size: 2500      BYTES    FileVersion:  N/A            MD5: [9d4abbaf69a5d21b84c95b5c330b2365]
mbam-log-2014-08-08 (17-11-45).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [7c9f1664424b201482be22726738db33]
mbam-log-2014-08-08 (17-28-08).xml          File Size: 2500      BYTES    FileVersion:  N/A            MD5: [aa17a95210e8193718e81a4b42c2acaa]
mbam-log-2014-08-29 (06-54-22).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [6e7a07017e1c57ab89a062c65f14588e]
mbam-log-2014-09-14 (15-32-43).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [0f7c4e67e022963bc71c8014ee5582cf]
mbam-log-2014-09-20 (16-08-34).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [440f69254320f0b2828c43ca0ea61111]
mbam-log-2014-10-17 (18-16-44).xml          File Size: 2500      BYTES    FileVersion:  N/A            MD5: [5ff45cd2fcc4bb73f8e74e25da639b32]
mbam-log-2014-10-30 (07-48-04).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [ccca151971e9d1375f9c35838e44d377]
mbam-log-2014-11-06 (07-57-12).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [cfa8d0bfe1f2af6869e23475aced5cc8]
mbam-log-2014-11-18 (19-11-22).xml          File Size: 2868      BYTES    FileVersion:  N/A            MD5: [901689c882f01628f12900fe69f389c5]
mbam-log-2014-11-18 (19-39-45).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [4be4f96aebf303093a049e67aeb1f72c]
mbam-log-2014-11-19 (09-07-58).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [4c5e78a0d5f14557adc6591f0ac0bbc2]
mbam-log-2014-12-07 (12-44-45).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [1df1cee8c95d26fa7cc11d5446acd700]
mbam-log-2014-12-15 (12-04-35).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [d3d5bcce523191a9a8ea371a49becbaf]
mbam-log-2014-12-17 (12-20-00).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [d75d164b341d67254e2a050fad261bd4]
mbam-log-2014-12-27 (10-07-59).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [af2849f3344a892b808bb14a257138df]
mbam-log-2014-12-28 (14-48-59).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [061e0ae9792c176411f255a42270a066]
mbam-log-2015-01-15 (16-47-15).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [d399260fb03d08d47dadb1dd63a308c8]
mbam-log-2015-01-29 (12-16-36).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [a6ba3320eae86f5bdd1aaf1aa8aecbbd]
mbam-log-2015-02-21 (15-58-42).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [d8070c12f9e4a0557fc5715594f051e7]
mbam-log-2015-03-07 (17-59-48).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [3d2a5dd9932102713d0be977f8c68dfa]
mbam-log-2015-03-29 (12-56-30).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [a08f32d8303c8ae62b6f75201361cb21]
mbam-log-2015-04-24 (15-22-05).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [5995e48853b5f8ff08215cd52e7b13b8]
mbam-log-2015-04-26 (19-59-05).xml          File Size: 2478      BYTES    FileVersion:  N/A            MD5: [66a5feca8ae5c03e067078e5fd9f776d]
mbam-log-2015-04-26 (20-03-37).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [67f435df11e081a0ca0017907e2a8681]
mbam-log-2015-05-18 (08-55-58).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [22b30b0bcf4f6f99c86bde26a870819e]
mbam-log-2015-06-19 (17-38-39).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [481392e4ee8f9844345171ebc74ddcc6]
mbam-log-2015-07-06 (17-15-28).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [dbf62125adf8f3a0625f07e4ce640c24]
mbam-log-2015-07-16 (12-17-34).xml          File Size: 2496      BYTES    FileVersion:  N/A            MD5: [b59d28529c892d5b1629b0cc4044f835]
mbam-log-2015-08-01 (16-51-55).xml          File Size: 2496      BYTES    FileVersion:  N/A            MD5: [9eb0264e52cfdf15b1eed56977fb13bd]
mbam-log-2015-08-22 (22-06-05).xml          File Size: 2496      BYTES    FileVersion:  N/A            MD5: [6fbefab71425f8c4ad121fa0288b9d13]
mbam-log-2015-09-06 (21-46-59).xml          File Size: 2496      BYTES    FileVersion:  N/A            MD5: [05644bd27c2fbd5b1c1f3a56d0754fe7]
mbam-log-2015-09-24 (07-40-43).xml          File Size: 2496      BYTES    FileVersion:  N/A            MD5: [6d780a87af887441bcd2296bd3741d11]
mbam-log-2015-10-11 (12-11-28).xml          File Size: 2496      BYTES    FileVersion:  N/A            MD5: [7c3726bc71f6340c9eca24ae04a6c24b]
mbam-log-2015-10-21 (22-06-46).xml          File Size: 2498      BYTES    FileVersion:  N/A            MD5: [f5a9b092d230011091bf01e04ac12351]
mbam-log-2015-11-04 (19-36-41).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [f5d2648fc99e76daaff47af0dcc81b4a]
mbam-log-2015-11-12 (08-13-49).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [2bd1e16915d959c863db071684fbbf9a]
mbam-log-2015-11-13 (06-36-25).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [34c6be5298b016338bbb5a805c022cbc]
mbam-log-2015-11-14 (07-40-58).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [e19efb63a94027fedc31588328c561f9]
mbam-log-2015-11-14 (08-19-18).xml          File Size: 2600      BYTES    FileVersion:  N/A            MD5: [d4d6a2d9701cc04479afa3673059f975]
mbam-log-2015-11-14 (08-45-47).xml          File Size: 2586      BYTES    FileVersion:  N/A            MD5: [7b91e570793883740bddd9c65eb3cef7]
mbam-log-2015-11-15 (07-35-13).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [e066bf3cdb86d2a96ab80f1cca1322a1]
mbam-log-2015-11-22 (09-52-51).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [b8ba735a269e3e257580bd4ae46c02a7]
mbam-log-2015-12-18 (21-09-24).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [a01d97c56816453a0b5368946af5c547]
mbam-log-2016-01-05 (07-42-57).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [88a88cdc08dd0329cc63aab473b15c9e]
mbam-log-2016-02-10 (21-28-48).xml          File Size: 3562      BYTES    FileVersion:  N/A            MD5: [d8ab44339813cf4b9045814d899b3978]
mbam-log-2016-02-26 (17-27-31).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [89df881ee84956e93eefc650f6d8f59c]
mbam-log-2016-03-11 (21-14-54).xml          File Size: 3798      BYTES    FileVersion:  N/A            MD5: [5d007aa9edb3659d4e09f91d7139c147]
mbam-log-2016-03-15 (08-31-58).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [c3557a0343be2ce68334574fa8c0b523]
mbam-log-2016-04-08 (19-53-46).xml          File Size: 3776      BYTES    FileVersion:  N/A            MD5: [56215cbf12993ad2af7f4b3dce01b5ea]
mbam-log-2016-04-24 (22-22-33).xml          File Size: 2600      BYTES    FileVersion:  N/A            MD5: [a875f8f7caef6f0864afc4c74f04dcb0]
mbam-log-2016-04-26 (07-37-33).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [67d3d47a488281342c89e3805ca8c0ee]
mbam-log-2016-04-27 (06-44-51).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [0bdab1a8c98134af537e904872ea3711]
mbam-log-2016-04-28 (06-50-15).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [e450ca788e4bd589de050fb054c3902b]
mbam-log-2016-04-29 (06-22-07).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [dd9a122120ceeb36f13ea6ebce14a7b4]
mbam-log-2016-04-30 (06-28-53).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [9d712623d7c8d001b5263df333b3d6fd]
mbam-log-2016-05-01 (06-59-34).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [d1ab0ec916fad0323cf90166f37f655f]
mbam-log-2016-05-01 (08-06-03).xml          File Size: 2600      BYTES    FileVersion:  N/A            MD5: [0135538a3fc02e7fdca783c4c8b4fab5]
mbam-log-2016-05-02 (02-18-59).xml          File Size: 2600      BYTES    FileVersion:  N/A            MD5: [c9a48524b908c12d1e74e1ae5f915d41]
mbam-log-2016-05-03 (06-50-04).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [a89022561e38c296d5066e39a2a03eb0]
mbam-log-2016-05-04 (02-03-07).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [78c26d31387f2dc8e94408adf7a32c82]
mbam-log-2016-05-05 (02-18-02).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [4be042dcad45adf38e5b6f5c91fbd436]
mbam-log-2016-05-06 (01-59-02).xml          File Size: 2600      BYTES    FileVersion:  N/A            MD5: [ffe3b6f3e80d00f449c59613879479e1]
mbam-log-2016-05-07 (06-44-19).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [a181d54065318dd01287a7b6b691fb74]
mbam-log-2016-05-07 (21-32-58).xml          File Size: 2600      BYTES    FileVersion:  N/A            MD5: [e6cb42c1d8635284c47697cec7c98e3c]
mbam-log-2016-05-08 (01-57-10).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [37ff6ecb6152de1117737ea8be32bc3b]
mbam-log-2016-05-09 (06-33-20).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [a7a41bd89bf725dfaad77ba81950a627]
mbam-log-2016-05-11 (16-40-58).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [39921ad370f73477f8cb0bac6f989814]
mbam-log-2016-05-15 (20-43-46).xml          File Size: 2602      BYTES    FileVersion:  N/A            MD5: [bc073b18622f36fbf4abf34156293e18]
protection-log-2014-05-18.xml               File Size: 667       BYTES    FileVersion:  N/A            MD5: [89c0b2808d5b7dfb1e9d245d8868f45f]
protection-log-2014-06-01.xml               File Size: 667       BYTES    FileVersion:  N/A            MD5: [f3635b29748347a763fdfeeda84d2e94]
protection-log-2014-06-02.xml               File Size: 4450      BYTES    FileVersion:  N/A            MD5: [ab7bc5d5dc92db1e8c16b708f719f5c5]
protection-log-2014-06-03.xml               File Size: 10550     BYTES    FileVersion:  N/A            MD5: [ccc009a763f35cda1c14154e8ffacf3c]
protection-log-2014-06-04.xml               File Size: 12283     BYTES    FileVersion:  N/A            MD5: [cec69c383ac245b9b60672b20cfefa28]
protection-log-2014-06-05.xml               File Size: 8497      BYTES    FileVersion:  N/A            MD5: [093e9630a3dcab445d04ad3fb1951089]
protection-log-2014-06-06.xml               File Size: 16358     BYTES    FileVersion:  N/A            MD5: [24ef521d73f594a088be9cfcb775c20b]
protection-log-2014-06-07.xml               File Size: 12281     BYTES    FileVersion:  N/A            MD5: [9bb6816d5ecf7e384099be3099228d20]
protection-log-2014-06-08.xml               File Size: 12280     BYTES    FileVersion:  N/A            MD5: [48ad1377b6836158756c112d8436e168]
protection-log-2014-06-09.xml               File Size: 20865     BYTES    FileVersion:  N/A            MD5: [d67c811160efc8aaa15aecc89eefbffd]
protection-log-2014-06-10.xml               File Size: 15493     BYTES    FileVersion:  N/A            MD5: [84b1b726bf621a464ef7e29d6b7d0384]
protection-log-2014-06-11.xml               File Size: 19571     BYTES    FileVersion:  N/A            MD5: [19bae47bfddc39956f476a4fc7ad8801]
protection-log-2014-06-12.xml               File Size: 23657     BYTES    FileVersion:  N/A            MD5: [ce2b81146ca2bcf09e6a810af543d328]
protection-log-2014-06-13.xml               File Size: 16370     BYTES    FileVersion:  N/A            MD5: [388cb7606b197b40c21e0e0adcee0a9b]
protection-log-2014-06-14.xml               File Size: 12292     BYTES    FileVersion:  N/A            MD5: [5eb60ae2b2799e8298c59d6b8b0e5411]
protection-log-2014-06-15.xml               File Size: 13454     BYTES    FileVersion:  N/A            MD5: [3effbcc1d0677eb36cebd991e1e9000c]
protection-log-2014-06-16.xml               File Size: 13454     BYTES    FileVersion:  N/A            MD5: [07b23d3c0137471acfa717dd0422deb4]
protection-log-2014-06-17.xml               File Size: 364       BYTES    FileVersion:  N/A            MD5: [2709ebc0f7d811ba004d47d475fa357f]
protection-log-2014-07-10.xml               File Size: 667       BYTES    FileVersion:  N/A            MD5: [f241520a239e8e47925548766ab78c49]
protection-log-2014-08-08.xml               File Size: 968       BYTES    FileVersion:  N/A            MD5: [411204c06f65822c7c2513d9a0bae88a]
protection-log-2014-08-29.xml               File Size: 666       BYTES    FileVersion:  N/A            MD5: [94861cc008ed808bb8a1b5041a360d52]
protection-log-2014-09-14.xml               File Size: 668       BYTES    FileVersion:  N/A            MD5: [2b872a1bcc0d2088fdccf91c6c240b13]
protection-log-2014-09-20.xml               File Size: 668       BYTES    FileVersion:  N/A            MD5: [796f100fd64bfe7e0b5d0bf8eb7a9d50]
protection-log-2014-10-17.xml               File Size: 670       BYTES    FileVersion:  N/A            MD5: [3d43cec9aae5d288327c97dedb482fc6]
protection-log-2014-10-30.xml               File Size: 2256      BYTES    FileVersion:  N/A            MD5: [cec503e3ab3b3204309f9fe0a3976229]
protection-log-2014-11-06.xml               File Size: 1041      BYTES    FileVersion:  N/A            MD5: [82a6f744beb92b29bd1ab8a6e56e4d21]
protection-log-2014-11-18.xml               File Size: 1412      BYTES    FileVersion:  N/A            MD5: [4c9a7cb3b85e0116bda151463f7498cf]
protection-log-2014-11-19.xml               File Size: 736       BYTES    FileVersion:  N/A            MD5: [033c7fedfc4a84420642c4982fa20e3b]
protection-log-2014-12-07.xml               File Size: 2567      BYTES    FileVersion:  N/A            MD5: [9161bae81f05fc08a2dc62e35b6600b3]
protection-log-2014-12-15.xml               File Size: 1041      BYTES    FileVersion:  N/A            MD5: [6797abc7fdda1c773bc26d57256ef6bb]
protection-log-2014-12-17.xml               File Size: 736       BYTES    FileVersion:  N/A            MD5: [146e60ef84b46f943db94c76bebcc4da]
protection-log-2014-12-27.xml               File Size: 1043      BYTES    FileVersion:  N/A            MD5: [e5043cb7278b4630d8bea417d8eadea0]
protection-log-2014-12-28.xml               File Size: 736       BYTES    FileVersion:  N/A            MD5: [58910a2b8fc270d8f9dbdc9d2a36510d]
protection-log-2015-01-15.xml               File Size: 1042      BYTES    FileVersion:  N/A            MD5: [acf629094e615943f24a68cc504ce6be]
protection-log-2015-01-29.xml               File Size: 735       BYTES    FileVersion:  N/A            MD5: [5221afbbe4cc01fc15685995fca0cd4f]
protection-log-2015-02-21.xml               File Size: 1039      BYTES    FileVersion:  N/A            MD5: [60fa8e89db6dcbbbf4dbd87213ab56d1]
protection-log-2015-03-07.xml               File Size: 1038      BYTES    FileVersion:  N/A            MD5: [ec624c829e9a5a5a9232b666e962caa5]
protection-log-2015-03-29.xml               File Size: 1346      BYTES    FileVersion:  N/A            MD5: [3b238f3318b4b0dddf0009257887f9da]
protection-log-2015-04-24.xml               File Size: 1347      BYTES    FileVersion:  N/A            MD5: [6743221a19134cfc8c902371dcc159c4]
protection-log-2015-04-26.xml               File Size: 1981      BYTES    FileVersion:  N/A            MD5: [d5172c598c28abd7a9414ceb9cb6cbc4]
protection-log-2015-05-18.xml               File Size: 2853      BYTES    FileVersion:  N/A            MD5: [4802fea6588b2014c012594ee8829239]
protection-log-2015-05-28.xml               File Size: 1730      BYTES    FileVersion:  N/A            MD5: [862ee438973d9946dfbbb081930da922]
protection-log-2015-06-19.xml               File Size: 1944      BYTES    FileVersion:  N/A            MD5: [82fdc219fd357087d0721928ab0b81b4]
protection-log-2015-07-06.xml               File Size: 1345      BYTES    FileVersion:  N/A            MD5: [11f7ba0ba43b82ae982f18e71b1ee725]
protection-log-2015-07-16.xml               File Size: 4602      BYTES    FileVersion:  N/A            MD5: [4d77317593d151c8fe1c95401468b4e6]
protection-log-2015-07-22.xml               File Size: 894       BYTES    FileVersion:  N/A            MD5: [08dac91ee2d9358914d5cedc8e0e5e1b]
protection-log-2015-08-01.xml               File Size: 2563      BYTES    FileVersion:  N/A            MD5: [a66998c0cceb1f8a8d318450f9d7f159]
protection-log-2015-08-13.xml               File Size: 894       BYTES    FileVersion:  N/A            MD5: [9dc526e5dde0eb4619837ef459feb39c]
protection-log-2015-08-20.xml               File Size: 894       BYTES    FileVersion:  N/A            MD5: [61c7e2a95d4864dd830c9a8c235a2fa7]
protection-log-2015-08-22.xml               File Size: 1959      BYTES    FileVersion:  N/A            MD5: [cda033260435ba8f116c1d7eceed0826]
protection-log-2015-09-06.xml               File Size: 1652      BYTES    FileVersion:  N/A            MD5: [31466a44efab41b4fe9f126e2ebe34d2]
protection-log-2015-09-09.xml               File Size: 894       BYTES    FileVersion:  N/A            MD5: [45aa90f5bce504b1cc8e117e4ce539e7]
protection-log-2015-09-24.xml               File Size: 2836      BYTES    FileVersion:  N/A            MD5: [14f558524ccea1f8553dceedfea5a900]
protection-log-2015-10-11.xml               File Size: 2792      BYTES    FileVersion:  N/A            MD5: [afcc36723fd807a8270c5a1bdd911887]
protection-log-2015-10-14.xml               File Size: 894       BYTES    FileVersion:  N/A            MD5: [eb7024ce7c9599e5539207d84cd2c578]
protection-log-2015-10-21.xml               File Size: 2171      BYTES    FileVersion:  N/A            MD5: [e12f3dae80b47d69ec530c368893b125]
protection-log-2015-10-22.xml               File Size: 430       BYTES    FileVersion:  N/A            MD5: [730600a4f626144c19d1266bce05cd31]
protection-log-2015-10-27.xml               File Size: 894       BYTES    FileVersion:  N/A            MD5: [6ff0232526ac2f62ddeb524020f8b909]
protection-log-2015-11-04.xml               File Size: 8021      BYTES    FileVersion:  N/A            MD5: [a0cac0664dc039badd907bb586ead017]
protection-log-2015-11-12.xml               File Size: 16216     BYTES    FileVersion:  N/A            MD5: [f0c6ca339cefcba2836585569ecda54b]
protection-log-2015-11-13.xml               File Size: 16224     BYTES    FileVersion:  N/A            MD5: [004c6e784f1e6782a962d3c9eb6e61d4]
protection-log-2015-11-14.xml               File Size: 22909     BYTES    FileVersion:  N/A            MD5: [814de2b65aa1e8637f1894745693f3cc]
protection-log-2015-11-15.xml               File Size: 7715      BYTES    FileVersion:  N/A            MD5: [f96094a308ddd9d0a16d0dd208ada75b]
protection-log-2015-11-22.xml               File Size: 2543      BYTES    FileVersion:  N/A            MD5: [3e77258d7c59469cf0bb03c30e46096c]
protection-log-2015-12-18.xml               File Size: 1962      BYTES    FileVersion:  N/A            MD5: [598a476f7a6431ab870fa735d28226e3]
protection-log-2016-01-05.xml               File Size: 1956      BYTES    FileVersion:  N/A            MD5: [4fa1eb0cb5f7f27d9530730feef1632e]
protection-log-2016-02-10.xml               File Size: 1949      BYTES    FileVersion:  N/A            MD5: [3649acf948ce6b2c84db6f9a223b5e45]
protection-log-2016-02-26.xml               File Size: 1951      BYTES    FileVersion:  N/A            MD5: [595034532a22d587e9b32946423ab5aa]
protection-log-2016-03-11.xml               File Size: 1952      BYTES    FileVersion:  N/A            MD5: [fad1c891823c48204f1359bd8ac333fa]
protection-log-2016-03-15.xml               File Size: 1642      BYTES    FileVersion:  N/A            MD5: [5276e240109460227e4df8aa375d031f]
protection-log-2016-04-08.xml               File Size: 2238      BYTES    FileVersion:  N/A            MD5: [29ddbbd807c4856a6c4d2adb1ab04872]
protection-log-2016-04-24.xml               File Size: 12123     BYTES    FileVersion:  N/A            MD5: [e0ffee43bd0e2622f67c641901d1996c]
protection-log-2016-04-25.xml               File Size: 29470     BYTES    FileVersion:  N/A            MD5: [9f9575f6b45962021e11924e598a6e45]
protection-log-2016-04-26.xml               File Size: 23434     BYTES    FileVersion:  N/A            MD5: [0d048ad563389282811bb2c9722bdcdc]
protection-log-2016-04-27.xml               File Size: 15298     BYTES    FileVersion:  N/A            MD5: [b2dba05f41d142e1fe3717a2f7d23279]
protection-log-2016-04-28.xml               File Size: 24955     BYTES    FileVersion:  N/A            MD5: [933a5a53c72418c9cd716ef065414302]
protection-log-2016-04-29.xml               File Size: 19452     BYTES    FileVersion:  N/A            MD5: [70e12f0e22b5902df6ff62d353c26bce]
protection-log-2016-04-30.xml               File Size: 12634     BYTES    FileVersion:  N/A            MD5: [3a50f570e4b11e34c82332fbbf781f97]
protection-log-2016-05-01.xml               File Size: 14718     BYTES    FileVersion:  N/A            MD5: [e60393b9ae30434c3bc0e5e28c55357a]
protection-log-2016-05-02.xml               File Size: 19060     BYTES    FileVersion:  N/A            MD5: [2b333ff75209b8b9deea66f767ed629f]
protection-log-2016-05-03.xml               File Size: 19656     BYTES    FileVersion:  N/A            MD5: [d1faa0e198daa747925a53ba08371f4e]
protection-log-2016-05-04.xml               File Size: 16745     BYTES    FileVersion:  N/A            MD5: [51ef26c9783eada1dfadea6e4b3370f4]
protection-log-2016-05-05.xml               File Size: 26007     BYTES    FileVersion:  N/A            MD5: [3b4305fdd5dd67a7611418805c1b6f5c]
protection-log-2016-05-06.xml               File Size: 28730     BYTES    FileVersion:  N/A            MD5: [61575e703b22475e8cdad65036756604]
protection-log-2016-05-07.xml               File Size: 17308     BYTES    FileVersion:  N/A            MD5: [ca5782c5d09c9708c8ff3334bfae3421]
protection-log-2016-05-08.xml               File Size: 12044     BYTES    FileVersion:  N/A            MD5: [e53dc1c797b20de5f0c32b873b0e7308]
protection-log-2016-05-09.xml               File Size: 4200      BYTES    FileVersion:  N/A            MD5: [4333247b3be0ca6578f0be0f43608823]
protection-log-2016-05-11.xml               File Size: 1643      BYTES    FileVersion:  N/A            MD5: [6422baea4467c889f8ea445068b31323]
protection-log-2016-05-15.xml               File Size: 1338      BYTES    FileVersion:  N/A            MD5: [1f5c87598fcb6744fc8c67cb617cd249]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
5477996274.data                             File Size: 850       BYTES    FileVersion:  N/A            MD5: [cc87ca6a2017f7812d8e4240c2fd54dd]
8439795826.data                             File Size: 768       BYTES    FileVersion:  N/A            MD5: [dfed1b87b9f8951f0bedd2c3702f7eba]
8439795826.quar                             File Size: 2952      BYTES    FileVersion:  N/A            MD5: [20504442219b9ade0856a992b40d16e7]

Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
Vendor: PUP.Optional.ASK, Date: 2016/04/08 23:54:59, Type: Registry Value, Location: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{88D6D26B-7582-46B9-9BE2-4147BBC8C640}|Path
Vendor: PUP.Optional.ASK, Date: 2016/04/08 23:54:59, Type: Registry Key, Location: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{88D6D26B-7582-46B9-9BE2-4147BBC8C640}
===============================================================
END OF FILE


 

 

Link to post
Share on other sites

  • Root Admin

The other one is getting FRST logs.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

Link to post
Share on other sites

I have never had occasion to use Safe Mode.  I pressed F8 just before the Windows starting logo appeared, but nothing happened.  My computer rebooted as usual.

I tried to post a screen shot of what I get when I try to run FRST64 (the Farbar download), but it won't work.  Basically, I get a box with the heading  "Farber Recovery Scan Tool".  Underneath, it says, "The tool is ready to use."  Below that is a blank "Search" box, and below that are four buttons -- "Scan", "Search Files", "Search Registry", and "Fix".  Then some check boxes below that.  .......... but I'm confused as to your last instructions.  You wrote I should press the "Scan" button and would get a FRST.txt log.  That's what I was doing when you said not to press buttons.  Instead, you instructed me to just re-run Farbar and it would produce an immediate log to attach.

I apologize.  I'm a bit upset and frustrated as I really don't understand what I'm doing.  Just trying to follow your instructions.  :-(

 

 

Link to post
Share on other sites

Here is the Farbar Recovery Scan result:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-05-2016
Ran by Owner (administrator) on OWNER-PC (18-05-2016 16:40:55)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [GwxControlPanelMonitor] => "C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe" /traymode
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [VERIZONDM] => C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe [206120 2011-05-16] (SupportSoft, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [876712 2016-05-12] (Webroot)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-220767598-3805166269-1260382394-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-220767598-3805166269-1260382394-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-25]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-25]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2016-05-18]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP DeskJet 3630 series.lnk [2016-05-18]
ShortcutTarget: Monitor Ink Alerts - HP DeskJet 3630 series.lnk -> C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{22DB2F9D-437F-4B1B-9D42-0DBD67E386DA}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{3DFFF366-1296-4DF0-B26B-429D10505D4A}: [DhcpNameServer] 168.94.0.14 168.94.0.15

Internet Explorer:
==================
HKU\S-1-5-21-220767598-3805166269-1260382394-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=OIE9HP
HKU\S-1-5-21-220767598-3805166269-1260382394-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE9HP
HKU\S-1-5-21-220767598-3805166269-1260382394-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-220767598-3805166269-1260382394-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {7C452286-21F8-439C-90DB-F07CAC3CDD4C} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {7C452286-21F8-439C-90DB-F07CAC3CDD4C} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {A3067FAB-23F1-4583-9FAF-920EAAE5A873} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-220767598-3805166269-1260382394-1000 -> {187178B6-6746-4F14-948A-AD03AFB1D478} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-220767598-3805166269-1260382394-1000 -> {7C452286-21F8-439C-90DB-F07CAC3CDD4C} URL = 
SearchScopes: HKU\S-1-5-21-220767598-3805166269-1260382394-1000 -> {A3067FAB-23F1-4583-9FAF-920EAAE5A873} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-10-15] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll [2010-10-15] (Google Inc.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-10-15] (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2f85i127.default-1395077546856
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-15] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Users\Owner\New folder (2)\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: ((3) AlphaBetty Saga on Facebook) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhagcdmbdopakknimbcgcomemopdlenk [2016-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM-x32\...\Chrome\Extension: [aaaanpaddaaoffccehffldolecpkgpej] - C:\Users\Owner\AppData\Local\APN\GoogleCRXs\aaaanpaddaaoffccehffldolecpkgpej_7.14.1.0.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [206120 2011-05-16] (SupportSoft, Inc.)
R2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [185640 2011-05-16] (SupportSoft, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [876712 2016-05-12] (Webroot)
S3 disconnect-openvpn; C:\Users\Owner\AppData\Roaming\Disconnect\Disconnect Desktop\nssm.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-10-14] (Webroot)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-18 15:55 - 2016-05-18 16:03 - 00013034 _____ C:\Users\Owner\Downloads\Addition.txt
2016-05-18 15:27 - 2016-05-18 16:40 - 00016840 _____ C:\Users\Owner\Downloads\FRST.txt
2016-05-18 15:26 - 2016-05-18 16:40 - 00000000 ____D C:\FRST
2016-05-18 11:18 - 2016-05-18 11:20 - 00064052 _____ C:\Users\Owner\Desktop\CheckResults.txt
2016-05-18 11:17 - 2016-05-18 11:17 - 00001258 _____ C:\Users\Owner\Desktop\mbam-check-2.3.2.0 - Shortcut.lnk
2016-05-18 11:15 - 2016-05-18 11:20 - 01706112 _____ (Malwarebytes) C:\Users\Owner\Downloads\mbam-check-2.3.2.0.exe
2016-05-18 11:09 - 2016-05-18 11:09 - 00001186 _____ C:\Users\Owner\Desktop\FRST64 (1) - Shortcut.lnk
2016-05-18 11:06 - 2016-05-18 11:09 - 02382336 _____ (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe
2016-05-18 11:03 - 2016-05-18 11:03 - 02382336 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2016-05-15 19:16 - 2016-05-15 19:16 - 00347816 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\MicrosoftFixit.dvd.MATSKB.Run (1).exe
2016-05-11 18:11 - 2016-04-09 03:02 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-05-11 18:11 - 2016-04-09 03:01 - 05546216 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-05-11 18:11 - 2016-04-09 03:01 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-05-11 18:11 - 2016-04-09 03:01 - 00154344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-05-11 18:11 - 2016-04-09 03:01 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-05-11 18:11 - 2016-04-09 02:59 - 03998952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-05-11 18:11 - 2016-04-09 02:59 - 03943144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-05-11 18:11 - 2016-04-09 02:59 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-05-11 18:11 - 2016-04-09 02:58 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 01:52 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-05-11 18:11 - 2016-04-09 01:52 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-05-11 18:11 - 2016-04-09 01:52 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-05-11 18:11 - 2016-04-09 01:51 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-05-11 18:11 - 2016-04-09 01:48 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-05-11 18:11 - 2016-04-09 01:47 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-05-11 18:11 - 2016-04-09 01:44 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-05-11 18:11 - 2016-04-09 01:44 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-05-11 18:11 - 2016-04-09 01:44 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-05-11 18:11 - 2016-04-09 01:43 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-05-11 18:11 - 2016-04-09 01:43 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-05-11 18:11 - 2016-04-09 01:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-05-11 18:11 - 2016-04-09 01:38 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-05-11 18:11 - 2016-04-09 01:38 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-05-11 18:11 - 2016-04-09 01:38 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-05-11 18:11 - 2016-04-09 01:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-05-11 18:11 - 2016-04-09 01:37 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-05-11 18:11 - 2016-04-09 01:37 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 01:37 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 01:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 18:11 - 2016-04-09 01:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 17:56 - 2016-05-11 17:57 - 04596296 _____ (UltimateOutsider) C:\Users\Owner\Downloads\GWX_control_panel.exe
2016-05-11 11:59 - 2016-04-06 11:27 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2016-05-07 21:33 - 2016-05-07 21:33 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\4061214F.sys
2016-05-05 20:09 - 2016-05-11 16:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-04 16:01 - 2016-05-04 16:01 - 00000000 ____D C:\windows\SysWOW64\GWX
2016-05-04 16:01 - 2016-05-04 16:01 - 00000000 ____D C:\windows\system32\GWX
2016-04-25 15:11 - 2016-04-25 15:11 - 00002790 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2016-04-25 15:11 - 2016-04-25 15:11 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-25 15:11 - 2016-04-25 15:11 - 00000000 ____D C:\Program Files\CCleaner
2016-04-25 15:10 - 2016-04-25 15:10 - 06868672 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup516 (1).exe
2016-04-25 15:06 - 2016-04-25 15:06 - 06868672 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup516.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-18 16:34 - 2015-05-28 19:48 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-18 16:22 - 2009-07-14 01:13 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2016-05-18 16:22 - 2009-07-14 00:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-18 16:22 - 2009-07-14 00:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-18 16:22 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-05-18 16:14 - 2015-05-28 19:48 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-18 16:14 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-05-18 16:11 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-18 13:41 - 2012-02-04 11:10 - 00000000 ____D C:\ProgramData\WRData
2016-05-15 20:43 - 2015-11-12 09:13 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-15 19:01 - 2013-04-28 12:04 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2016-05-12 19:41 - 2015-05-28 19:56 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-12 08:49 - 2013-09-25 12:22 - 00117304 _____ (Webroot) C:\windows\system32\WRusr.dll
2016-05-12 08:49 - 2013-09-25 12:17 - 00182200 _____ (Webroot) C:\windows\SysWOW64\WRusr.dll
2016-05-11 16:35 - 2014-12-27 11:32 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-11 16:29 - 2014-03-16 14:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-10 21:29 - 2015-05-28 19:48 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 21:29 - 2015-05-28 19:48 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-05 06:58 - 2014-12-11 09:06 - 00000000 ____D C:\windows\system32\appraiser
2016-04-25 15:12 - 2012-09-30 19:08 - 00000000 ____D C:\windows\Minidump
2016-04-25 15:12 - 2011-12-01 17:52 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2016-04-25 15:12 - 2010-10-14 21:37 - 00000000 ____D C:\windows\Panther
2016-04-25 08:25 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration
2016-04-24 22:20 - 2015-11-04 21:13 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-24 22:20 - 2015-11-04 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-24 22:20 - 2015-11-04 21:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-21 15:05 - 2011-06-03 07:23 - 00453288 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-04-18 11:54 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache

==================== Files in the root of some directories =======

2014-02-14 00:58 - 2014-02-14 00:58 - 49940480 _____ () C:\Program Files (x86)\GUTF467.tmp
2012-12-12 20:15 - 2012-12-12 20:15 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-01 21:05

==================== End of FRST.txt ========

 

Link to post
Share on other sites

  • Root Admin

Okay, let me have you run the following please. Once done post back the log.

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

 

Link to post
Share on other sites

When you say "disable your security applications".....do you mean to disable Firewall?   In addition, I have Malwarebytes (Free version), Windows Defender, and Webroot Security.  Do I need to  "uninstall" those....or can those simply be "disabled"?  Thanks.

Link to post
Share on other sites

I'm confused again.  I ran Combofix from my Desktop.  I got the black screen with green lettering, running through files.  This lasted about one minute, then the dialog box disappeared.  No clock, nothing happening.  No evidence of a log created.  I'll reboot my computer now and try again.

Link to post
Share on other sites

I rebooted and ran ComboFix again.  It deleted, extracted, saved files and stopped again after one minute.  This time, I got a dialog box with Warning!  ComboFix has detected WebrootSecureAnywhere still actively running.  Please close before proceeding or machine damage can result.

I thought I had disabled Webroot by unchecking all boxes so that there is no scheduled scan.  Obviously, I don't know how to disable Webroot.  I searched on-line for information about this, and from the little I can understand, Webroot cannot, in fact, be disabled, but has to be temporarily uninstalled.  I have no problem uninstalling it for good, but don't know how to do that.  Webroot SecurityAnywhere is not listed in my programs.  ??

 

Link to post
Share on other sites

I just spent the past 2 hours on the phone with Webroot Support.  It took that long for an agent to uninstall Webroot SecureAnywhere from my computer.  I certainly could not have done it myself.  As part of the process, he had to re-install Webroot.  When he did a malware scan, the following threat was identified and removed:

Infection:  W32.Malware.Heur

Removed:  c:\programfiles(x86)\tweaking.com\registrybackup\tweakingregistrybackup.exe...

However, he told me to proceed with you as this threat may be just one part of a bigger issue.  I am ready to try running ComboFix again, but will wait for your go-ahead in light of what transpired above.  Thanks.     

Link to post
Share on other sites

  • Root Admin

Yes, please run Combofix again. Then wait for it to finish. It can take much longer than the 10 minutes it says on some systems. Let it run for a couple hours before you decide to try to stop it or reboot.

The file: c:\programfiles(x86)\tweaking.com\registrybackup\tweakingregistrybackup.exe...

Is just a generic detection and is not a threat issue at all to the computer.

Once the log is done please upload it as an attachment if possible.

Thank  you

 

Link to post
Share on other sites

  • Root Admin

That looks good. Combofix was able to remove some items and fix a couple things.

Please go ahead and run through the following steps and post back the logs when ready.

STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista / Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

 

 

Link to post
Share on other sites

Step 4.  Here is JRT.exe      (Sorry, couldn't Attach this one for some reason).  Will be back in a couple of hours to complete the rest.

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Owner (Administrator) on Fri 05/20/2016 at  9:01:45.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 14 

Successfully deleted: C:\ProgramData\best buy pc app (Folder) 
Successfully deleted: C:\Users\Owner\AppData\Local\best buy pc app (Folder) 
Successfully deleted: C:\Program Files (x86)\GUTF467.tmp (File) 
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQRJWZWL (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\prefetch\FREECELL.EXE-B8D57695.pf (File) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQRJWZWL (Temporary Internet Files Folder) 

Registry: 3 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7C452286-21F8-439C-90DB-F07CAC3CDD4C} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A3067FAB-23F1-4583-9FAF-920EAAE5A873} (Registry Key)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/20/2016 at  9:04:43.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Step 05.  I'm confused about the AdwCleaner instructions.  I did not see a "Report" button, so I just clicked on LogFile and below is what was on my Notepad.  Also, I do not understand about reviewing files/folders and unclicking the elements I want to save.  I wouldn't know what to save.  Please advise.

# AdwCleaner v5.117 - Logfile created 20/05/2016 at 11:39:11
# Updated 15/05/2016 by Xplode
# Database : 2016-05-15.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Files ] *****

File Found : C:\Users\Owner\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml

***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaanpaddaaoffccehffldolecpkgpej
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : [x64] HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [4931 bytes] - [20/05/2016 11:39:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5004 bytes] ##########
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.