MBAM Threat Scan stuck on Pre-Scan Operations.

[TripodBob]

System is XP Home fully updated.  I've been running the Premium edition of MBAM for years.  Today I started a Threat Scan and MBAM stayed on Pre-Scan Operations for over 20 minutes.  Tried to cancel the scan but pressing the cancel button had no effect.  Restarted computer and repeated threat scan with same result...hung at Pre-Scan Operation.  Restarted computer and removed and then reinstalled MBAM but still having same issue.

What next?

 

[Firefox]

Hello and Welcome to Malwarebytes

2 minutes ago, TripodBob said:

System is XP Home fully updated

Technically this is not possible as Windows XP is no longer supported so there are no updates available to continue to patch XP.  That being said, lets try a clean reinstall of MBAM and see if it solves your issue.  Follow the steps below.

Let's try this first....

1. Please follow the steps in this pinned topic to uninstall your current version of MBAM and reinstall the latest build - MBAM Clean Removal Process 2x
2. If that does not correct the issue, then please read the following and attach to your next reply the 3 requested logs - Diagnostic Logs(the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)
3. NOTE: More info about v2.2.1 HERE; User Guide ONLINE; User Guide PDF; FAQ: Common Questions, Issues, and their Solutions
   

Please let us know how it goes.

Thank You,

Firefox

[TripodBob]

Fully Updated only meant all MS updates for XP Home have been installed.

Still having the same issue after clean removal and fresh install.

Req

 

[TripodBob]

Requested files.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-06-2016
Ran by My Name Here (administrator) on ROB (15-06-2016 12:48:19)
Running from C:\Documents and Settings\My Name Here\Desktop
Loaded Profiles: My Name Here &  (Available Profiles: My Name Here & kodak & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Nero AG) C:\Program Files\Nero\Nero 7\InCD\InCD.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(NETGEAR Inc.) C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Michel Krämer) C:\Program Files\Spamihilator\spamihilator.exe
(Microsoft Corporation) C:\WINDOWS\system32\netdde.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Nero AG) C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
() C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [814608 2016-06-13] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [866584 2006-11-03] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20064872 2011-10-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [P17Helper] => Rundll32 P17.dll,P17Helper
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-04-15] (Malwarebytes Corporation)
HKLM\...\Run: [InCD] => C:\Program Files\Nero\Nero 7\InCD\InCD.exe [1057328 2007-05-07] (Nero AG)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-19] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\vzinhomeagent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\wrdata\wrupdate3919656.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\verizon\wrapper.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\verizon\wrapper.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\vzinhomeagent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\vzinhomeagent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\weather.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\verizon\wrapper.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\vzinhomeagent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\wrdata\wrupdate3919656.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\wrdata\wrupdate3919656.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\verizon\wrapper.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\weather.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\vzinhomeagent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\gotoassistdownloadhelper.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\gotoassistdownloadhelper.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\wrdata\wrupdate3919656.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\wrdata\wrupdate3919656.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\verizon\wrapper.exe <====== ATTENTION
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2010-04-06] (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [603392 2015-08-26] (NETGEAR Inc.)
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [603392 2015-08-26] (NETGEAR Inc.)
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-839522115-115176313-682003330-1012-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [NeroHomeFirstStart] => C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [16432 2007-05-07] (Nero AG)
HKU\S-1-5-21-839522115-115176313-682003330-1013-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [NeroHomeFirstStart] => C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [16432 2007-05-07] (Nero AG)
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
Startup: C:\Documents and Settings\My Name Here\Start Menu\Programs\Startup\Spamihilator.lnk [2015-02-21]
ShortcutTarget: Spamihilator.lnk -> C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{40628E54-3350-4389-A185-C4588B457EED}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-839522115-115176313-682003330-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-839522115-115176313-682003330-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-839522115-115176313-682003330-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
URLSearchHook: [S-1-5-21-839522115-115176313-682003330-1012-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-839522115-115176313-682003330-1013-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-839522115-115176313-682003330-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

FireFox:
========
FF ProfilePath: C:\Documents and Settings\My Name Here\Application Data\Mozilla\Firefox\Profiles\o9buhfoa.default-1447643124975
FF DefaultSearchEngine.US: Google
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-13] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files\Sony\Media Go\npmediago.dll [No File]
FF Plugin HKU\S-1-5-21-839522115-115176313-682003330-1004: ncr.com/NCRImageScan -> C:\Documents and Settings\My Name Here\Application Data\NCR Corporation\NCRImageScan\3.2.0.33\npNCRImageScan.dll [2011-10-17] (NCR Corporation)
FF Plugin HKU\S-1-5-21-839522115-115176313-682003330-1004: sony.com/MediaGoDetector -> C:\Program Files\Sony\Media Go\npMediaGoDetector.dll [2014-01-16] (Sony Network Entertainment International LLC)
FF Plugin HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ncr.com/NCRImageScan -> C:\Documents and Settings\My Name Here\Application Data\NCR Corporation\NCRImageScan\3.2.0.33\npNCRImageScan.dll [2011-10-17] (NCR Corporation)
FF Plugin HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: sony.com/MediaGoDetector -> C:\Program Files\Sony\Media Go\npMediaGoDetector.dll [2014-01-16] (Sony Network Entertainment International LLC)
FF Extension: VTzilla - C:\Documents and Settings\My Name Here\Application Data\Mozilla\Firefox\Profiles\o9buhfoa.default-1447643124975\extensions\info@virustotal.com.xpi [2016-04-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-22] [not signed]
FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2013-09-28] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc.exe [955712 2016-06-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [467016 2016-06-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [467016 2016-06-13] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\AVWEBGRD.EXE [1238968 2016-06-13] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [285176 2016-05-19] (Avira Operations GmbH & Co. KG)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION)
S4 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [114688 2013-02-13] (Brio) [File not signed]
R2 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [864816 2007-05-07] (Nero AG)
S4 KodakDigitalDisplayService; C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [98304 2009-05-14] (Orb Networks, Inc.) [File not signed]
S3 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-04-15] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2015-08-26] (NETGEAR)
S3 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [605168 2013-12-20] (Paramount Software UK Ltd)
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
S3 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [43672 2010-12-01] (Oak Technology Inc.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-17] (Creative)
S1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-06-19] (Advanced Micro Devices)
R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
S3 AN983; C:\WINDOWS\System32\DRIVERS\AN983.sys [36224 2004-08-03] (ADMtek Incorporated.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [109016 2016-03-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [137240 2016-06-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2016-02-17] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [50016 2016-04-15] ()
S3 gdrv; C:\WINDOWS\gdrv.sys [15600 2016-06-13] (Windows (R) 2000 DDK provider)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43376 2016-03-16] ()
R4 InCDfs; C:\WINDOWS\System32\drivers\InCDFs.sys [108592 2007-05-07] (Nero AG)
R1 InCDPass; C:\WINDOWS\System32\drivers\InCDPass.sys [37040 2007-05-07] (Nero AG)
U1 InCDrec; C:\WINDOWS\system32\Drivers\InCDrec.sys [16304 2007-05-07] (Nero AG)
R1 incdrm; C:\WINDOWS\System32\drivers\InCDRm.sys [39472 2007-05-07] (Nero AG)
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [75504 2011-08-11] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-06-15] (Malwarebytes)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-17] (Creative Technology Ltd.)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35088 2015-12-19] (CACE Technologies, Inc.)
S3 P17; C:\WINDOWS\System32\drivers\P17.sys [1127936 2007-06-15] (Creative Technology Ltd.)
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [14572 2002-02-11] (Padus, Inc.) [File not signed]
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
S3 PSMounterEx; C:\WINDOWS\system32\drivers\psmounterex.sys [65144 2013-08-01] (Paramount Software UK Ltd)
R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)
R3 rusb3hub; C:\WINDOWS\System32\DRIVERS\rusb3hub.sys [90248 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\WINDOWS\System32\DRIVERS\rusb3xhc.sys [180744 2012-08-27] (Renesas Electronics Corporation)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [31848 2016-02-17] (Avira Operations GmbH & Co. KG)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-15 12:48 - 2016-06-15 12:48 - 00040836 _____ C:\Documents and Settings\My Name Here\Desktop\FRST.txt
2016-06-15 12:43 - 2016-06-15 12:44 - 01706112 _____ (Malwarebytes) C:\Documents and Settings\My Name Here\Desktop\mbam-check-2.3.2.0.exe
2016-06-15 12:42 - 2016-06-15 12:43 - 01736192 _____ (Farbar) C:\Documents and Settings\My Name Here\Desktop\FRST.exe
2016-06-15 12:33 - 2016-06-15 12:34 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-15 12:32 - 2016-06-15 12:32 - 00000816 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-15 12:32 - 2016-06-15 12:32 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-06-15 12:32 - 2016-06-15 12:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-15 12:32 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-15 12:32 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-15 11:31 - 2016-06-15 12:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2016-06-13 21:31 - 2016-06-13 21:35 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-06-13 12:29 - 2016-06-13 12:29 - 00015600 _____ (Windows (R) 2000 DDK provider) C:\WINDOWS\gdrv.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-15 12:48 - 2015-02-15 10:11 - 00000000 ____D C:\FRST
2016-06-15 12:48 - 2010-11-28 16:15 - 00000000 ____D C:\Documents and Settings\My Name Here\Local Settings\Temp
2016-06-15 12:47 - 2015-11-23 13:03 - 00000000 ____D C:\Documents and Settings\My Name Here\Desktop\Downloads from FireFox
2016-06-15 12:45 - 2012-10-20 19:31 - 00002479 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2016-06-15 12:44 - 2010-12-17 11:20 - 00000000 ____D C:\Documents and Settings\My Name Here\Desktop\Repair_Test Tools
2016-06-15 12:31 - 2010-11-28 10:11 - 00308308 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-15 12:29 - 2014-03-30 10:37 - 00000330 ____H C:\WINDOWS\Tasks\MP Scheduled Scan.job
2016-06-15 12:26 - 2015-02-20 15:11 - 00000000 ____D C:\Documents and Settings\My Name Here\Application Data\Spamihilator
2016-06-15 12:26 - 2010-11-28 16:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-15 12:26 - 2004-08-04 08:00 - 00001374 _____ C:\WINDOWS\system32\wpa.dbl
2016-06-15 12:25 - 2014-01-16 12:20 - 00065536 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2016-06-15 12:25 - 2012-05-22 09:15 - 03837134 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-839522115-115176313-682003330-1004-0.dat
2016-06-15 12:25 - 2012-05-22 09:15 - 00278342 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2016-06-15 12:25 - 2010-11-28 16:15 - 00000178 ___SH C:\Documents and Settings\My Name Here\ntuser.ini
2016-06-15 12:25 - 2010-11-28 16:15 - 00000000 ____D C:\Documents and Settings\My Name Here
2016-06-15 12:25 - 2010-11-28 16:14 - 00032628 _____ C:\WINDOWS\SchedLgU.Txt
2016-06-15 12:14 - 2016-04-08 23:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-15 11:03 - 2010-11-28 23:05 - 00000000 ____D C:\Documents and Settings\My Name Here\My Documents\Quicken
2016-06-15 06:49 - 2010-12-01 16:15 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2016-06-15 05:41 - 2010-11-28 15:24 - 00000000 ____D C:\WINDOWS\Registration
2016-06-15 05:01 - 2010-11-28 15:27 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2016-06-14 23:22 - 2010-11-29 20:28 - 00000000 ____D C:\Program Files\Einstein
2016-06-14 18:43 - 2014-03-23 16:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2016-06-14 11:24 - 2010-11-28 10:06 - 00000000 ___DC C:\WINDOWS\system32\dllcache
2016-06-14 11:01 - 2012-11-26 20:35 - 00000000 ____D C:\Documents and Settings\My Name Here\My Documents\Attachments
2016-06-14 10:38 - 2012-11-08 01:00 - 00000000 ____D C:\Documents and Settings\My Name Here\My Documents\Agent Downloads
2016-06-13 21:45 - 2014-02-10 15:48 - 00797376 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-06-13 21:45 - 2014-02-10 15:48 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-06-13 21:35 - 2014-05-24 18:06 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-06-13 15:47 - 2010-11-30 23:23 - 00000000 ____D C:\Documents and Settings\My Name Here\Desktop\Lessons
2016-06-13 15:31 - 2011-04-08 10:04 - 00000000 ____D C:\Documents and Settings\My Name Here\My Documents\TurboTax
2016-06-13 15:16 - 2010-11-28 10:06 - 00000000 ___HD C:\WINDOWS\inf
2016-06-13 12:24 - 2014-05-04 08:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2016-06-13 10:54 - 2016-02-24 20:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2016-06-13 10:53 - 2016-02-24 20:22 - 00137240 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-06-13 10:46 - 2014-10-04 07:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2016-06-13 10:46 - 2014-03-31 12:51 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2016-06-13 10:46 - 2014-03-31 12:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Exploit

==================== Files in the root of some directories =======

2015-07-19 14:03 - 2015-07-22 13:29 - 0004158 _____ () C:\Program Files\suit.log
2011-02-14 17:26 - 2011-02-14 17:26 - 0000036 _____ () C:\Documents and Settings\My Name Here\Local Settings\Application Data\housecall.guid.cache
2015-10-27 16:22 - 2015-10-27 16:22 - 0000594 _____ () C:\Documents and Settings\My Name Here\Local Settings\Application Data\LMIR0001.tmp.bat
2015-10-27 16:22 - 2015-10-27 16:22 - 0000519 _____ () C:\Documents and Settings\My Name Here\Local Settings\Application Data\LMIR0001.tmp_r.bat
2015-11-17 16:42 - 2015-11-17 16:42 - 0000594 _____ () C:\Documents and Settings\My Name Here\Local Settings\Application Data\LMIR0002.tmp.bat
2015-11-17 16:42 - 2015-11-17 16:42 - 0000519 _____ () C:\Documents and Settings\My Name Here\Local Settings\Application Data\LMIR0002.tmp_r.bat
2015-10-27 09:42 - 2015-10-27 16:15 - 0000600 _____ () C:\Documents and Settings\My Name Here\Local Settings\Application Data\PUTTY.RND
2014-11-19 17:04 - 2014-11-19 17:04 - 0000719 _____ () C:\Documents and Settings\My Name Here\Local Settings\Application Data\recently-used.xbel
2012-08-05 14:46 - 2012-08-05 15:12 - 0000041 ___SH () C:\Documents and Settings\All Users\Application Data\.zreglib
2013-01-23 13:42 - 2013-01-23 13:42 - 0000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini
2012-01-23 21:51 - 2016-04-10 11:55 - 0001485 _____ () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
2011-01-11 11:27 - 2011-04-23 15:10 - 0001454 _____ () C:\Documents and Settings\All Users\Application Data\ss.ini
2015-07-20 14:07 - 2014-06-16 15:18 - 0009216 _____ () C:\Documents and Settings\All Users\Application Data\Z@!-65b6bbaf-9b0a-467e-944b-3f9c1eb543ca.tmp

Some files in TEMP:
====================
C:\Documents and Settings\My Name Here\Local Settings\Temp\avgnt.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-06-2016
Ran by My Name Here (2016-06-15 12:49:13)
Running from C:\Documents and Settings\My Name Here\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2010-11-30 14:39:26)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-839522115-115176313-682003330-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-839522115-115176313-682003330-1008 - Limited - Enabled)
Guest (S-1-5-21-839522115-115176313-682003330-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-839522115-115176313-682003330-1000 - Limited - Disabled)
kodak (S-1-5-21-839522115-115176313-682003330-1013 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\kodak
My Name Here (S-1-5-21-839522115-115176313-682003330-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\My Name Here
SUPPORT_388945a0 (S-1-5-21-839522115-115176313-682003330-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Flash Player 21 ActiveX (HKLM\...\{FA944726-00F8-43B5-BB97-33E6FF409C22}) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\{C4E4BF86-4E27-4B8B-8BF9-A5BF1C7573A4}) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Asoftech Data Recovery (HKLM\...\{1AED6EB7-8FEA-4021-B8FD-EBAA6B21679F}) (Version: 1.00 - )
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{761cd2c4-5249-4346-8318-a499d06d2681}) (Version: 1.1.63.21885 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.63.21885 - Avira Operations GmbH & Co. KG) Hidden
ccc-core-preinstall (Version: 2010.0406.2133.36843 - ATI) Hidden
ccc-core-static (Version: 2010.0406.2133.36843 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
CCS64 V3.9.1 (HKLM\...\{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}) (Version: 1.0.0 - Computerbrains C.C.S.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DESCENT II (HKLM\...\Descent2DeinstKey) (Version:  - )
DigitImg (Version: 2.00.0000 - Hewlett-Packard) Hidden
Doom 3 (HKLM\...\InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}) (Version: 1.00.0000 - Activision)
Doom 3 (Version: 1.00.0000 - Activision) Hidden
Einstein Puzzle (HKLM\...\Einstein) (Version:  - )
Elsie (HKLM\...\Elsie) (Version: 2.72 - Tonne Software)
Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation)
Epson E-Web Print (HKLM\...\{695C8469-7822-4B31-A673-5ED84815B649}) (Version: 1.17.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Evince 2.32.0.145 (HKLM\...\{AA38CC00-F12C-495E-AF00-7EE413D3BFB2}) (Version: 2.32.0.145 - (Custom build))
FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Finale SongWriter 2012 (HKLM\...\Finale SongWriter 2012) (Version: 2012..r3.0 - MakeMusic)
Folder Size (HKLM\...\{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}) (Version: 2.6 - Brio)
Forté Agent (HKLM\...\{DA5ECEAB-28C6-4306-9FBB-811DEF6DD780}) (Version: 7.20.1218 - Forté Internet Software, Inc.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Memories Disc (HKLM\...\{D35191B3-F340-4C11-A4E0-8B09477B4302}) (Version: 1.0.8.816 - Hewlett-Packard Company)
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP Update (HKLM\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
KEDDS (Version: 1.04.0000.0005 - EASTMAN KODAK Company) Hidden
Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
LightScribe System Software (HKLM\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.2.6377 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Exploit version 1.8.1.1196 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1196 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MasterSplitter Program (HKLM\...\MasterSplitter) (Version:  - )
Media Go (HKLM\...\{7547239C-FA8A-4FA4-84A6-31EAC0777E1B}) (Version: 2.7.341 - Sony)
Media Go Network Downloader (HKLM\...\{73FA7631-3015-4EEC-A002-09488C47A07C}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.4.104.12040 (HKLM\...\{7C5AEEE1-6D7C-8922-4548-7BF9096077EC}) (Version: 2.4.104.12040 - Sony)
Microdem/Terra Base II (HKLM\...\Microdem/Terra Base II) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Bootvis (HKLM\...\{0F9196C6-58B4-445B-B56E-B1200FECC151}) (Version: 1.3.37 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.9327 - Microsoft Corporation)
Microsoft Tool Web Package:WntIpcfg.exe (HKLM\...\{EA82FF50-E258-4DFE-839B-8F26A01A34A7}) (Version: 1.0.0.1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Windows XP Video Decoder Checkup Utility (HKLM\...\DECCHECK) (Version:  - )
Mobipocket Reader 6.2 (HKLM\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
Mozilla Firefox 47.0 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MuseScore 2 (HKLM\...\{D0969A82-E79E-45D9-95D2-B2824880F780}) (Version: 2.0.2 - Werner Schweer and Others)
NCRImageScan (HKLM\...\{38D6A364-8601-4571-BBC9-FB91F48F0AE5}) (Version: 3.2.0.33 - NCR Corporation)
Nero 7 Essentials (HKLM\...\{E11BD6A7-5046-4D25-ABCB-386A54F71033}) (Version: 7.02.8124 - Nero AG)
neroxml (HKLM\...\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}) (Version: 1.0.0 - Nero AG)
netbrdg (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.4.18.00 - NETGEAR Inc.)
NWZ-E380 WALKMAN Guide (HKLM\...\{D98ED583-338D-4425-B2EF-A4C7FB93CE88}) (Version: 2.2.0.05230 - Sony Corporation)
OneClickdigital Media Manager (HKLM\...\{C259BBE2-2531-4387-B5E3-9E6845854272}) (Version: 61.0.0.0 - Recorded Books)
PlayStation(R)Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.18.0.15698 - Sony Computer Entertainment Inc.)
PS7700 (Version: 1.01.0000 - Hewlett-Packard) Hidden
PSShortcuts (Version: 1.01.0000 - Hewlett-Packard) Hidden
PSUsage (Version: 1.30.0000 - Hewlett-Packard) Hidden
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Quake 3 Arena Demo (HKLM\...\Quake 3 Arena Demo) (Version:  - )
Quicken 2011 (HKLM\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6482 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
R-Studio 7.2 (HKLM\...\R-Studio 7.2NSIS) (Version: 7.2.154997 - R-Tools Technology Inc.)
R-Studio Emergency Startup Media Creator 7.0 (HKLM\...\R-Studio Emergency Startup Media Creator 7.0NSIS) (Version: 7.0.551 - R-Tools Technology Inc.)
Samsung_MonSetup (HKLM\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Sansa Updater (HKU\S-1-5-21-839522115-115176313-682003330-1004\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation)
Sansa Updater (HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation)
Secunia PSI (2.0.0.4003) (HKLM\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
SFR (Version: 7.00.0000.0004 - Eastman Kodak Company) Hidden
Software Updater (HKLM\...\{A3B308B9-BE96-4334-816F-3D82B19A7DE2}) (Version: 4.1.7 - SEIKO EPSON CORPORATION)
Sound Blaster Audigy (HKLM\...\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}) (Version: 1.0 - )
Spamihilator 1.6.0 (32 bit) (HKLM\...\{961B37CC-64A0-4F1C-900C-80DD57D2B788}) (Version: 1.6.0 - Michel Krämer)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
TurboTax 2010 (HKLM\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2014 (HKLM\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Vz In Home Agent (HKLM\...\{149C2374-E707-4B53-A487-A2DA2064E03D}) (Version: 8.03.41 - Verizon)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinDjView 1.0.3 (HKLM\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.21 - Microsoft Corporation)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell(TM) 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinUpdatesList (HKLM\...\WinUpdatesList) (Version: 1.23 - NirSoft)
Wrapper (HKLM\...\{394E7D98-28C7-4CD8-B503-7E43BC43A0F2}) (Version: 1.00.0000 - Verizon)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-839522115-115176313-682003330-1004_Classes\CLSID\{2B4C13BC-0DEB-40D4-B33D-1A1D320F004D}\InprocServer32 -> C:\Documents and Settings\My Name Here\Application Data\NCR Corporation\NCRImageScan\3.2.0.33\NCRScanServerPS.dll ()
CustomCLSID: HKU\S-1-5-21-839522115-115176313-682003330-1004_Classes\CLSID\{6D3C4877-F0BE-46AD-8C8B-FCF954BDB1F5}\localserver32 -> C:\Documents and Settings\My Name Here\Application Data\NCR Corporation\NCRImageScan\3.2.0.33\NCRScanServer.exe (NCR Corporation)
CustomCLSID: HKU\S-1-5-21-839522115-115176313-682003330-1004_Classes\CLSID\{FEA4FCB7-C3C0-591D-A2FC-D707ED32BEC8}\InprocServer32 -> C:\Documents and Settings\My Name Here\Application Data\NCR Corporation\NCRImageScan\3.2.0.33\npNCRImageScan.dll (NCR Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 12:49 - 2013-09-05 12:49 - 00077944 _____ () C:\Program Files\Macrium\Reflect\AESDll.dll
2010-12-06 23:39 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2005-05-03 07:38 - 2005-05-03 19:38 - 00064512 _____ () C:\WINDOWS\system32\P17.dll
2013-09-28 21:14 - 2013-09-28 21:14 - 03369922 _____ () C:\Program Files\NETGEAR Genie\bin\icuin51.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00544817 _____ () C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00989805 _____ () C:\Program Files\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 21:14 - 2013-09-28 21:14 - 01978690 _____ () C:\Program Files\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 21:14 - 2013-09-28 21:14 - 22378434 _____ () C:\Program Files\NETGEAR Genie\bin\icudt51.dll
2013-09-28 21:14 - 2013-09-28 21:14 - 01233408 _____ () C:\Program Files\NETGEAR Genie\bin\platforms\qwindows.dll
2015-11-17 04:23 - 2015-11-17 04:23 - 00672256 _____ () C:\Program Files\NETGEAR Genie\bin\Genie.dll
2015-11-17 04:08 - 2015-11-17 04:08 - 01691136 _____ () C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dll
2015-11-10 05:52 - 2015-11-10 05:52 - 00192512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2015-11-10 05:53 - 2015-11-10 05:53 - 00631296 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2015-11-17 04:13 - 2015-11-17 04:13 - 06942208 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dll
2014-06-29 21:55 - 2014-06-29 21:55 - 00068608 _____ () C:\Program Files\NETGEAR Genie\bin\QRCode.dll
2015-11-10 06:49 - 2015-11-10 06:49 - 01165312 _____ () C:\Program Files\NETGEAR Genie\bin\qwt.dll
2015-11-15 23:34 - 2015-11-15 23:34 - 02979854 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
2012-10-15 16:27 - 2012-10-15 16:27 - 00111616 _____ () C:\Program Files\NETGEAR Genie\bin\libvlc.dll
2012-10-15 16:28 - 2012-10-15 16:28 - 02286592 _____ () C:\Program Files\NETGEAR Genie\bin\libvlccore.dll
2015-11-17 04:14 - 2015-11-17 04:14 - 01058304 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2014-09-11 04:39 - 2014-09-11 04:39 - 00144896 _____ () C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dll
2015-11-15 23:34 - 2015-11-15 23:34 - 01205248 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2015-11-10 03:55 - 2015-11-10 03:55 - 11147776 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2015-11-15 23:35 - 2015-11-15 23:35 - 02593280 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2015-11-17 04:15 - 2015-11-17 04:15 - 00200192 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2015-11-17 04:16 - 2015-11-17 04:16 - 00892928 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2015-11-10 06:17 - 2015-11-10 06:17 - 00438272 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qgif.dll
2013-08-25 15:07 - 2013-08-25 15:07 - 00052224 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00261120 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-08-25 15:16 - 2013-08-25 15:16 - 00381952 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qmng.dll
2013-08-25 15:09 - 2013-08-25 15:09 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qsvg.dll
2013-08-25 15:16 - 2013-08-25 15:16 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qtga.dll
2013-08-25 15:16 - 2013-08-25 15:16 - 00390144 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qtiff.dll
2013-08-25 15:16 - 2013-08-25 15:16 - 00045056 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qwbmp.dll
2015-11-10 05:52 - 2015-11-10 05:52 - 00081408 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dll
2015-04-17 06:36 - 2015-04-17 06:36 - 00146944 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dll
2015-08-24 04:41 - 2015-08-24 04:41 - 02360622 _____ () C:\Program Files\NETGEAR Genie\bin\drivers\libntgr_api.dll
2015-03-28 10:50 - 2015-03-28 10:50 - 00113152 _____ () C:\Program Files\NETGEAR Genie\bin\drivers\NETGEAR_PLC_L2_API.dll
2015-02-03 06:09 - 2015-02-03 06:09 - 00072192 _____ () C:\Program Files\NETGEAR Genie\bin\SVTUtils.dll
2014-09-04 02:00 - 2014-09-04 02:00 - 00074240 _____ () C:\Program Files\NETGEAR Genie\bin\NetcardApi.dll
2014-09-04 02:00 - 2014-09-04 02:00 - 00136704 _____ () C:\Program Files\NETGEAR Genie\bin\airprintdll.dll
2012-10-15 16:28 - 2012-10-15 16:28 - 00219648 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
2012-10-15 16:28 - 2012-10-15 16:28 - 00049664 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
2012-10-15 16:28 - 2012-10-15 16:28 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
2012-10-15 16:28 - 2012-10-15 16:28 - 00070144 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00040960 _____ () C:\Program Files\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2015-11-17 04:16 - 2015-11-17 04:16 - 00642560 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dll
2015-11-10 06:18 - 2015-11-10 06:18 - 00458752 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-06-29 22:33 - 2014-06-29 22:33 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dll
2014-09-04 02:00 - 2014-09-04 02:00 - 00066560 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupDll.dll
2014-04-27 19:19 - 2014-04-27 19:19 - 00014848 _____ () C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2009-11-24 13:36 - 2009-11-24 13:36 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-04-27 19:20 - 2014-04-27 19:20 - 00270336 _____ () C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-02-20 15:10 - 2015-02-20 15:10 - 00060416 _____ () C:\Program Files\Spamihilator\zlib1.dll
2015-02-20 15:10 - 2015-02-20 15:10 - 00279040 _____ () C:\Program Files\Spamihilator\sqlite3.dll
2015-08-26 10:21 - 2015-08-26 10:21 - 00105216 _____ () C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
2004-08-04 08:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:638E6F6B [136]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-839522115-115176313-682003330-1004\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-839522115-115176313-682003330-1004\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004\...\amidoncorp.com -> hxxps://www.amidoncorp.com
IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004\...\express-scripts.com -> hxxps://www.express-scripts.com
IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004\...\malwarebytes.org -> hxxps://forums.malwarebytes.org
IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004\...\medcohealth.com -> hxxps://host1.medcohealth.com
IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004\...\microsoft.com -> hxxp://v4.windowsupdate.microsoft.com
IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004\...\microsoft.com -> hxxps://v4.windowsupdate.microsoft.com
IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004\...\pccuing.org -> hxxps://www.pccuing.org
IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004\...\vanguard.com -> vanguard.com
IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\amidoncorp.com -> hxxps://www.amidoncorp.com
IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\express-scripts.com -> hxxps://www.express-scripts.com
IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\malwarebytes.org -> hxxps://forums.malwarebytes.org
IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\medcohealth.com -> hxxps://host1.medcohealth.com
IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\microsoft.com -> hxxp://v4.windowsupdate.microsoft.com
IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\microsoft.com -> hxxps://v4.windowsupdate.microsoft.com
IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\pccuing.org -> hxxps://www.pccuing.org
IE trusted site: HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\vanguard.com -> vanguard.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 08:00 - 2016-06-13 22:14 - 00505052 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 atlas.aamedia.ro
0.0.0.0 abcstats.com
0.0.0.0 ad4.abradio.cz
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 ads.ad2games.com
0.0.0.0 content.ad20.net
0.0.0.0 core.ad20.net
0.0.0.0 banner.ad.nu

There are 11958 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-21-839522115-115176313-682003330-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\My Name Here\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-839522115-115176313-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\My Name Here\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-839522115-115176313-682003330-1012-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-21-839522115-115176313-682003330-1013-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-21-839522115-115176313-682003330-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
DNS Servers: 10.0.0.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\MagicTune Premium\MagicTune.exe] => Disabled:MagicTune
StandardProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\iexplore.exe] => Enabled:Internet Explorer
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe] => :LocalSubNet:Disabled:Intuit Update Shared Downloads Server
StandardProfile\AuthorizedApplications: [C:\Q3Ademo\quake3.exe] => Disabled:quake3
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\My Name Here\Local Settings\Temp\7zS4DE4\EnterpriseDU.exe] => Enabled:DeviceUpdate
StandardProfile\AuthorizedApplications: [C:\Program Files\EPSON Software\Event Manager\EEventManager.exe] => Enabled:EEventManager.exe
StandardProfile\AuthorizedApplications: [D:\Common\EpsonNet Setup\ENEasyApp.exe] => Enabled:EpsonNet Setup
StandardProfile\AuthorizedApplications: [C:\Program Files\EPSON Software\ECPrinterSetup\ENPApp.exe] => Enabled:Epson Connect Printer Setup
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Disabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Media Player\setup_wm.exe] => Disabled:setup_wm.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Media Player\mplayer2.exe] => Disabled:mplayer2.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Raptr\raptr.exe] => Disabled:Raptr Desktop App
StandardProfile\AuthorizedApplications: [C:\Program Files\Raptr\raptr_im.exe] => Disabled:Raptr IM
StandardProfile\AuthorizedApplications: [C:\Program Files\Webroot\WRSA.exe] => Enabled:Webroot SecureAnywhere
StandardProfile\AuthorizedApplications: [C:\Program Files\Spamihilator\spamihilator.exe] => Enabled:Spamihilator
StandardProfile\AuthorizedApplications: [C:\Program Files\Spamihilator\cdcc.exe] => Enabled:Spamihilator DCC Filter Configuration
StandardProfile\AuthorizedApplications: [C:\Program Files\Spamihilator\dccproc.exe] => Enabled:Spamihilator DCC Filter
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe] => Enabled:VSDC Free Video Editor
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashIntegro\VideoEditor\Updater.exe] => Enabled:VSDC Free Video Editor Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe] => Enabled:NETGEAR Genie
StandardProfile\AuthorizedApplications: [C:\Program Files\Kodak\Digital Display\KodakDigitalDisplaySoftware.exe] => Enabled:Kodak digital display software
StandardProfile\AuthorizedApplications: [C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe] => Enabled:KodakDigitalDisplayService
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Media Player\wmdbexport.exe] => :LocalSubNet:Enabled:wmdbexport.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Media Player\wmlaunch.exe] => :LocalSubNet:Enabled:wmlaunch.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Media Player\wmsetsdk.exe] => :LocalSubNet:Enabled:wmsetsdk.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Media Player\wmplayer.exe] => :LocalSubNet:Disabled:wmplayer.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Media Player\wmpenc.exe] => :LocalSubNet:Disabled:wmpenc.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Media Player\wmpnetwk.exe] => :LocalSubNet:Disabled:wmpnetwk.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Media Player\wmpnscfg.exe] => :LocalSubNet:Disabled:wmpnscfg.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Media Player\wmpshare.exe] => :LocalSubNet:Disabled:wmpshare.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe] => :LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

==================== Restore Points =========================

16-04-2016 12:42:57 System Checkpoint
16-04-2016 12:47:33 Software Distribution Service 3.0
16-04-2016 16:52:10 Software Distribution Service 3.0
16-04-2016 16:59:46 Software Distribution Service 3.0
16-04-2016 18:22:37 Software Distribution Service 3.0
16-04-2016 18:27:08 Software Distribution Service 3.0
17-04-2016 19:09:17 System Checkpoint
18-04-2016 10:14:58 Installed Windows XP KB942288-v3.
19-04-2016 03:01:08 Software Distribution Service 3.0
19-04-2016 11:04:27 Software Distribution Service 3.0
19-04-2016 11:05:34 Software Distribution Service 3.0
19-04-2016 16:21:41 Software Distribution Service 3.0
20-04-2016 17:15:35 System Checkpoint
21-04-2016 13:32:40 Restore Point Created by FRST
22-04-2016 03:01:23 Software Distribution Service 3.0
22-04-2016 16:06:44 Software Distribution Service 3.0
23-04-2016 03:01:16 Software Distribution Service 3.0
24-04-2016 07:06:19 System Checkpoint
25-04-2016 07:47:54 System Checkpoint
26-04-2016 08:28:36 System Checkpoint
27-04-2016 09:48:43 System Checkpoint
28-04-2016 11:23:39 System Checkpoint
29-04-2016 12:14:36 System Checkpoint
30-04-2016 12:15:42 System Checkpoint
13-06-2016 16:15:16 System Checkpoint
13-06-2016 21:44:25 Removed Adobe Flash Player 21 NPAPI.
13-06-2016 21:45:07 Removed Adobe Flash Player 21 ActiveX.
13-06-2016 21:47:14 Removed Java 8 Update 77
14-06-2016 22:43:17 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2016 11:04:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application qw.exe, version 20.1.8.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/14/2016 05:12:35 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: Faulting application spoolsv.exe, version 5.1.2600.6024, faulting module unknown, version 0.0.0.0, fault address 0x4ec67403.
Error in creating result PEAP-TLV in response to received PEAP-TLV (spoolsv.exe!ld!)

Error: (06/14/2016 10:56:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application agent.exe, version 7.20.1218.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/14/2016 10:56:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application agent.exe, version 7.20.1218.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/14/2016 10:56:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application agent.exe, version 7.20.1218.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (06/15/2016 12:10:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/15/2016 10:22:41 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (40000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (06/14/2016 08:40:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (40000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (06/14/2016 06:40:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (40000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (06/14/2016 05:13:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (40000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (06/14/2016 11:25:54 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (40000 milliseconds) waiting for a transaction response from the MBAMService service.

==================== Memory info ===========================

Processor: AMD FX(tm)-4100 Quad-Core Processor
Percentage of memory in use: 38%
Total physical RAM: 3325.48 MB
Available physical RAM: 2057.93 MB
Total Virtual: 8038.77 MB
Available Virtual: 6355.85 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:298.08 GB) (Free:187.64 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 000ADE0F)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Potential issues:
==============================

LAN Settings: No Settings are Set        <--NOT DETECTING SETTING AUTOMATICALLY

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

mbam-check result log version:     2.3.2.0
========================================

User Account type:                 Administrator
DomainComputer:                    No
OS:                                Windows XP Service Pack 3 Service Pack 3 32 bit Operating System
Current Version and Build:         5.1.2600 OS Product Info: Home Edition

Malwarebytes Anti-Malware:         2.2.1.1043
Installed On:                      2016/06/15
Malware Database:                  2016.06.15.04
Rootkit Database:                  2016.05.27.01
Remediation Database:              2016.05.25.01
IP Database:                       2016.06.15.01
Domain Database:                   2016.06.15.04
License:                           Premium
Malware Protection:                4 (The service is running.)
Malicious Website Protection:      0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMWebAccessControl
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2016/06/15 13:16:53

User Information for Local System:
===========================================
User Account: Administrator
    Account Level: Admin
User Account: ASPNET
    Account Level: Limited User
User Account: Guest
    Account Level: Guest
User Account: HelpAssistant
    Account Level: Guest
User Account: kodak
    Account Level: Admin
User Account: My Name Here
    Account Level: Admin
User Account: SUPPORT_388945a0
    Account Level: Guest
Total # of user entries: 7

UAC Settings:
===================
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    Couldn't Open ENABLELUA policy
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    Couldn't Open UAC Policies

AntiVirus Information:
===================
AntiVirus Software Installed:    "Avira Antivirus"

FireWall Information:
===================
NO 3rd Party Firewall Software Installed

AntiSpyware Information:
===================
NO AntiSpyware Software Installed

Machine Information
===============================================
Machine ID:    65657d4779cb61f830fc9684ff494024a6ffbff6
Machine ID2:    8172f48ced95e0ecbf6407cd504f7aa503efd52a
Windows ID:    6ad96771-1803-43b4-afa3-112083d08e4e
NicMAC Address:    
BIOS ID:    GBT    - 42302e31:Award Modular BIOS v6.00PG::10/18/12
Machine ID3:    65657d4779cb61f830fc9684ff494024a6ffbff6
Installation Token:    k4CJ4zrksBK_Anin3xJ11444769453
System has been up for:     0.848056 Hours
System has been booted within the last hour
Current Date:    2016-Jun-15 17:16:54.015625
Date Booted:    2016-Jun-15 17:16:54.015625

Detection and Protection Settings
===============================================
Use Advanced Heuristics Engine (Shuriken):            true
Scan for rootkits:                                    false
Scan within archives:                                 true
PUP (Potentially Unwanted Program) detections:        Treat Detections as Malware
PUM (Potentially Unwanted Modification) detections:   Treat Detections as Malware

Compatibility Flag Settings:
=================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
    C:\WINDOWS\system32\notepad.exeREG_SZ        EnableNXShowUI
    C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exeREG_SZ        ELEVATECREATEPROCESS
    C:\WINDOWS\system32\spoolsv.exeREG_SZ        EnableNXShowUI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
    C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exeREG_SZ        ELEVATECREATEPROCESS

Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked

MBAM Startup Entries:
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Malwarebytes Anti-Malware Service and Driver Status:
=======================================================

--------------Driver File Info:--------------
C:\WINDOWS\system32\drivers\mbam.sys
File Size: 24448     BYTES    FileVersion: 0.1.16.0    MD5: [a1d52db330e18b5a7a718d31d950ca87]
C:\WINDOWS\system32\drivers\mbamswissarmy.sys
File Size: 170200    BYTES    FileVersion: 0.3.0.4    MD5: [5023f594d5448e16f920157174c61358]
C:\WINDOWS\system32\drivers\mbamchameleon.sys
File Size: 123264    BYTES    FileVersion: 1.1.22.0    MD5: [24a4b357d906d3cb52f370338fa3b62c]

--------------MBAMProtector:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

--------------MBAMService:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

--------------MBAMScheduler:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A

--------------MBAMWebAccessControl:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControl
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A

Required Dependencies:
======================

--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
    Type                          REG_DWORD        2
    Start                         REG_DWORD        0
    ErrorControl                  REG_DWORD        1
    Tag                           REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    system32\drivers\fltmgr.sys
    DisplayName                   REG_SZ        FltMgr
    Group                         REG_SZ        FSFilter Infrastructure
    Description                   REG_SZ        File System Filter Manager Driver
    AttachWhenLoaded              REG_DWORD        0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Security
    Security                      REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
    0                             REG_SZ        Root\LEGACY_FLTMGR\0000
    Count                         REG_DWORD        1
    NextInstance                  REG_DWORD        1

C:\WINDOWS\system32\drivers\fltmgr.sys
File Size: 129792    BYTES    FileVersion: 5.1.2600.5512    MD5: [b2cf4b0786f8212cb92ed2b50c6db6b0]
C:\WINDOWS\system32\comctl32.ocx
File Size: 608448    BYTES    FileVersion: 6.0.81.5    MD5: [eb5f811c1f78005b3c147599a0cccf51]
C:\WINDOWS\system32\mscomctl.ocx
File Size: 1066176   BYTES    FileVersion: 6.0.88.62    MD5: [714cf24fc19a20ae0dc701b48ded2cf6]
C:\WINDOWS\system32\olepro32.dll
File Size: 84992     BYTES    FileVersion: 5.1.2600.5512    MD5: [5652f6ce1d9e9d8068b9d29bc21b5409]

MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced:
    AutomaticQuarantine:                                       true
    AutostartProtection:                                       true
    LimitedMode:                                               false
    StartSilentMode:                                           false
    StartupDelay:                                              -15
ApplicationState:
    First-Run-After-Installation:                              false
General:
    DaysUntilNotifyExpiration:                                 5
    Language:                                                  en
    RightClickAccess:                                          true
    SilentErrors:                                              false
Logging:
    ExportLog:                                                 true
Notification:
ProtectionTray:
    DisplayMilliseconds:                                       3000
ScanHistory:
    Duration_Driver:                                           0
    Duration_Filesystem:                                       96000
    Duration_Heuristics:                                       8000
    Duration_Loading:                                          0
    Duration_MasterBootRecord:                                 0
    Duration_Memory:                                           40000
    Duration_PreScan:                                          44000
    Duration_Registry:                                         3000
    Duration_Sector:                                           0
    Duration_Startup:                                          7000
    ItemCount_Driver:                                          0
    ItemCount_Filesystem:                                      6890
    ItemCount_Heuristics:                                      108509
    ItemCount_Loading:                                         0
    ItemCount_MasterBootRecord:                                0
    ItemCount_Memory:                                          2797
    ItemCount_PreScan:                                         0
    ItemCount_Registry:                                        38948
    ItemCount_Sector:                                          0
    ItemCount_Startup:                                         447
    LastRemovalRequiredDOR:                                    false
    LastScanDateEpoch:                                         1466008530625
    LastScanType:                                              1 (Threat Scan)
Update:
    LastUpdate:                                                2016-06-15T16:34:31
    NotifyInstallReady:                                        true
    NotifyOutdatedDatabase:                                    7
    ProxyPassword:                                              
    ProxyPort:                                                 0
    ProxyServer:                                                
    ProxyUsername:                                              
    UseProxy:                                                  false
    UseProxyAuthentication:                                    false
    CheckProgramUpdates:                          true
--------------Account:--------------
  Account Status:                                              Premium
  Expiration Time:                                              
  Activation Time:                                             2016/06/15 12:34:20
  Trial Used:                                                  true
--------------Access Policies:--------------

Scheduler Queue:
================

tasks:
    1c1bd69a-f36f-40cb-aa13-2f3814728b27:                       
      parameters:                                               
        AutoDelete:                                            false
        CheckForUpdatesBeforeScanStart:                        true
        ScanConfig:                                             
          ExportLog:                                           true
          FileSystemOption:                                    true
          Quarantine:                                          Prompt
          RebootSystemWhenMalwareDetected:                     false
          ScanArchives:                                        true
          ScanExtra:                                           true
          ScanHeuristic:                                       true
          ScanMemoryObjects:                                   true
          ScanPUM:                                             Treat Detections as Malware
          ScanPUP:                                             Treat Detections as Malware
          ScanRegistry:                                        true
          ScanRootkits:                                        false
          ScanSource:                                          1
          ScanStartup:                                         true
          ScanTargets:                                          
          ScanType:                                            1 (Threat Scan)
          Silent:                                              true
        StartTaskFromSystemAccount:                            false
        TaskType:                                              0
      triggers:                                                 
        65b730f2-09f9-4e55-9478-2f99edafd21d:                   
          dateinterval:                                        1:0:0 (Days:Months:Years)
          lastscheduled:                                        
          lasttriggered:                                        
          nextscheduled:                                       Thu, 16 Jun 2016 03:19:51 -0400
          recovery:                                            23:00:00 (Hours:Minutes:Seconds)
          start:                                               Thu, 16 Jun 2016 03:24:04 -0400
          timeinterval:                                        00:00:00 (Hours:Minutes:Seconds)
          type:                                                Daily
          uuid:                                                65b730f2-09f9-4e55-9478-2f99edafd21d
      type:                                                    scan
      uuid:                                                    1c1bd69a-f36f-40cb-aa13-2f3814728b27
    3f265d52-21fc-4cf3-b6ad-6a1861abe662:                       
      parameters:                                               
        NotifyWhenUpdateCompletes:                             false
        TaskType:                                              3
      triggers:                                                 
        73a44cb8-146f-4984-afb9-ec72c971305c:                   
          dateinterval:                                        0:0:0 (Days:Months:Years)
          lastscheduled:                                       Wed, 15 Jun 2016 12:38:54.468750 -0400
          lasttriggered:                                       Wed, 15 Jun 2016 12:38:54.468750 -0400
          nextscheduled:                                       Wed, 15 Jun 2016 13:46:47.468750 -0400
          recovery:                                            00:00:00 (Hours:Minutes:Seconds)
          start:                                               Wed, 15 Jun 2016 12:36:34.468750 -0400
          timeinterval:                                        01:00:00 (Hours:Minutes:Seconds)
          type:                                                Hourly
          uuid:                                                73a44cb8-146f-4984-afb9-ec72c971305c
      type:                                                    update
      uuid:                                                    3f265d52-21fc-4cf3-b6ad-6a1861abe662

Pending File Rename Operations:
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
Pending File Rename Operations:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
    PendingFileRenameOperations    REG_MULTI_SZ    \??\C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll.old

 

MBAMProtector Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
    Type                          REG_DWORD        2
    Start                         REG_DWORD        3
    ErrorControl                  REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    \??\C:\WINDOWS\system32\drivers\mbam.sys
    Group                         REG_SZ        FSFilter Anti-Virus
    DependOnService               REG_MULTI_SZ    FltMgr

    DependOnGroup                 REG_DWORD        0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
    DefaultInstance               REG_SZ        MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
    Altitude                      REG_SZ        328800
    Flags                         REG_DWORD        0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters
    PassThruFile                  REG_SZ        mbampt.exe
    ProductPath                   REG_SZ        C:\Program Files\Malwarebytes Anti-Malware
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Security
    Security                      REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum
    0                             REG_SZ        Root\LEGACY_MBAMPROTECTOR\0000
    Count                         REG_DWORD        1
    NextInstance                  REG_DWORD        1

MBAMService Registry Values:
============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
    Type                          REG_DWORD        16
    Start                         REG_DWORD        2
    ErrorControl                  REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    "C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe"
    DependOnService               REG_MULTI_SZ    MBAMProtector

    DependOnGroup                 REG_DWORD        0
    ObjectName                    REG_SZ        LocalSystem
    Description                   REG_SZ        Malwarebytes Anti-Malware service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Security
    Security                      REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Enum
    0                             REG_SZ        Root\LEGACY_MBAMSERVICE\0000
    Count                         REG_DWORD        1
    NextInstance                  REG_DWORD        1

MBAMScheduler Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler
    Type                          REG_DWORD        16
    Start                         REG_DWORD        2
    ErrorControl                  REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    "C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe"
    ObjectName                    REG_SZ        LocalSystem
    Description                   REG_SZ        Malwarebytes Anti-Malware scheduler
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler\Security
    Security                      REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler\Enum
    0                             REG_SZ        Root\LEGACY_MBAMSCHEDULER\0000
    Count                         REG_DWORD        1
    NextInstance                  REG_DWORD        1

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

--------------TERMService:--------------
Type:                   32
State:                  4 (The service is running.) (State is stopped)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

TermService Start is set to: 3 (Manual Startup)

Proxy Status: No proxy is Set

LAN Settings:
=============

No Settings are Set        <--NOT DETECTING SETTING AUTOMATICALLY

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
    SystemPartition    REG_SZ        \Device\HarddiskVolume1

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
        h:mm:ss tt
        AM
        PM
        :

Currently:
REG_SZ        h:mm:ss tt
REG_SZ        AM
REG_SZ        PM
REG_SZ        :

Language and Regional Settings:
===============================

ACP:     Language is English (United States)
MACCP:     Language is English (United States)
OEMCP:     Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's startup Folder Exists.

Context Menu Entries:
=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
    (Default):                    REG_SZ        IMBAMShlExt
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid
    (Default):                    REG_SZ        {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
    (Default):                    REG_SZ        {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
    (Default):                    REG_SZ        {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
    Version                       REG_SZ        1.0
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
    (Default):                    REG_SZ        C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll
    ThreadingModel                REG_SZ        Apartment
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
    (Default):                    REG_SZ        {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
    (Default):                    REG_SZ        MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
    (Default):                    REG_SZ        C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
    (Default):                    REG_SZ        0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
    (Default):                    REG_SZ        C:\Program Files\Malwarebytes Anti-Malware

 

List of MBAM Related Directories:
=================================

C:\Program Files\Malwarebytes Anti-Malware\
7z.dll                                      File Size: 922080    BYTES    FileVersion:  9.20.0.0       MD5: [14079a2411fa2bb7f78bc100c92bbcc2]
changes.txt                                 File Size: 1596      BYTES    FileVersion:  N/A            MD5: [09371a0c8bd9e9554571da257d554d3e]
cloud-enumeration.dll                       File Size: 287200    BYTES    FileVersion:  1.0.1.0        MD5: [84ac20b9327dbd4d94039be93384dad5]
cloud.dll                                   File Size: 352736    BYTES    FileVersion:  1.0.1.0        MD5: [5659790448fb136a80be407c4a0dbb50]
license.rtf                                 File Size: 38870     BYTES    FileVersion:  N/A            MD5: [ed36ea764c3a452334416713c8cf1eed]
master.conf                                 File Size: 1258      BYTES    FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                    File Size: 609760    BYTES    FileVersion:  1.0.40.0       MD5: [c4a51c1cb174066fdaf383c09f0d574b]
mbam.exe                                    File Size: 9926112   BYTES    FileVersion:  2.3.173.0      MD5: [8e98e3ec16d2641005b4748cd330fb45]
mbamcore.dll                                File Size: 2127840   BYTES    FileVersion:  1.3.24.0       MD5: [63ce66ef2b30a09308eafe29baec6a75]
mbamdor.exe                                 File Size: 55264     BYTES    FileVersion:  1.0.2.0        MD5: [297c1bdcc26adb339d4c0f0550e434d6]
mbamext.dll                                 File Size: 381920    BYTES    FileVersion:  3.1.1.0        MD5: [1a29329d4abdb7d765a9ed2bfe39a515]
mbampt.exe                                  File Size: 40928     BYTES    FileVersion:  1.0.57.0       MD5: [04d0b942b0ad4a5d2eee45d9b7d6545b]
mbamresearch.exe                            File Size: 1949152   BYTES    FileVersion:  1.1.1.0        MD5: [e601f9ca6a72493bc8185bedda17eee8]
mbamscheduler.exe                           File Size: 1514464   BYTES    FileVersion:  3.1.7.0        MD5: [9611577752e293259c7dce19e9026362]
mbamservice.exe                             File Size: 1136608   BYTES    FileVersion:  3.2.21.0       MD5: [f1a89a34388b5626f1548d393b23ecb1]
mbamsrv.dll                                 File Size: 3863008   BYTES    FileVersion:  2.1.10.0       MD5: [a33629c51295570fe9f252a39ddcea93]
msvcp100.dll                                File Size: 422880    BYTES    FileVersion:  10.0.40219.325 MD5: [53a5f1b984f585997968cd0dfb27400c]
msvcr100.dll                                File Size: 775648    BYTES    FileVersion:  10.0.40219.325 MD5: [dc0213118e61e5ca865092109860792c]
Qt5Core.dll                                 File Size: 4646880   BYTES    FileVersion:  5.4.1.0        MD5: [91c7c50b2a290b82604163b5a679ea24]
Qt5Gui.dll                                  File Size: 4640224   BYTES    FileVersion:  5.4.1.0        MD5: [1d59b3e632aef8e24cc1707fd411113b]
Qt5Network.dll                              File Size: 673248    BYTES    FileVersion:  5.4.1.0        MD5: [e089635a8cbed229ec30cdbe29748c08]
Qt5Widgets.dll                              File Size: 4474848   BYTES    FileVersion:  5.4.1.0        MD5: [33881dda0ccc3898facadf1e4d1df237]
unins000.dat                                File Size: 37455     BYTES    FileVersion:  N/A            MD5: [d08b8761c52f7848f3992edd631e92f7]
unins000.exe                                File Size: 720085    BYTES    FileVersion:  51.52.0.0      MD5: [f1505d347325c77e3eeef418495e1f57]

C:\Program Files\Malwarebytes Anti-Malware\\Chameleon

C:\Program Files\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                               File Size: 235882    BYTES    FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.exe                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.pif                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.scr                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
iexplore.exe                                File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.com                          File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.exe                          File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.pif                          File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.scr                          File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-killer.exe                             File Size: 1504736   BYTES    FileVersion:  3.0.15.0       MD5: [b79d3c2fca170c4dd15d7316067a1fd3]
rundll32.exe                                File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
svchost.exe                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
windows.exe                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
winlogon.exe                                File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]

C:\Program Files\Malwarebytes Anti-Malware\\imageformats
qgif.dll                                    File Size: 29664     BYTES    FileVersion:  5.4.1.0        MD5: [0b528e4c9bbd9efdea9bc8ac6a967d6d]
qico.dll                                    File Size: 29664     BYTES    FileVersion:  5.4.1.0        MD5: [7b36d94db81b8b0dfd9323228dd96b51]

C:\Program Files\Malwarebytes Anti-Malware\\Languages
lang_ar.qm                                  File Size: 87404     BYTES    FileVersion:  N/A            MD5: [269d3107ca72a75fe154ce4ff718af50]
lang_bg.qm                                  File Size: 133911    BYTES    FileVersion:  N/A            MD5: [376ad1e4ad206bc32da09b12b564ecc4]
lang_ca.qm                                  File Size: 92634     BYTES    FileVersion:  N/A            MD5: [2d35f58b0c2db44ad2717f4a4526a085]
lang_cs.qm                                  File Size: 105193    BYTES    FileVersion:  N/A            MD5: [2c191de828d5e05fd7afa27ee1245023]
lang_da.qm                                  File Size: 88039     BYTES    FileVersion:  N/A            MD5: [f8a4941d5d388160d252832a77ab584f]
lang_de.qm                                  File Size: 139276    BYTES    FileVersion:  N/A            MD5: [b55f37281f0fcadfae67aecf0bf4cca5]
lang_el.qm                                  File Size: 126897    BYTES    FileVersion:  N/A            MD5: [bd671253e071bac626beea63393abcda]
lang_en.qm                                  File Size: 3081      BYTES    FileVersion:  N/A            MD5: [e2790b3cd9fdd9d3e266e9623fe477af]
lang_es.qm                                  File Size: 138468    BYTES    FileVersion:  N/A            MD5: [cc4f3aab63d933d5964e2bba62df4277]
lang_et.qm                                  File Size: 107794    BYTES    FileVersion:  N/A            MD5: [aa4845cd64b20377cea0ebc66eed4a42]
lang_fi.qm                                  File Size: 130793    BYTES    FileVersion:  N/A            MD5: [00653d1fb2f790817aef991025c176aa]
lang_fr.qm                                  File Size: 141996    BYTES    FileVersion:  N/A            MD5: [e06db8ef6b826b75ec5859913651ed44]
lang_he.qm                                  File Size: 98928     BYTES    FileVersion:  N/A            MD5: [2954e902664f2e129f8a8d8238e90552]
lang_hu.qm                                  File Size: 132359    BYTES    FileVersion:  N/A            MD5: [6bf3b8c78fd393ef2811a19742518b9a]
lang_id.qm                                  File Size: 129135    BYTES    FileVersion:  N/A            MD5: [6be058072a90897595c6f097a3caa797]
lang_it.qm                                  File Size: 134154    BYTES    FileVersion:  N/A            MD5: [183990148beec433023688db65a7bf2e]
lang_ja.qm                                  File Size: 73762     BYTES    FileVersion:  N/A            MD5: [f6bfd643cb92fa760ae6ec64344ee7e1]
lang_ko.qm                                  File Size: 85731     BYTES    FileVersion:  N/A            MD5: [53b5a94eb309d69993a5bc3cd43a85e4]
lang_lt.qm                                  File Size: 90799     BYTES    FileVersion:  N/A            MD5: [eecd8edca1fb068ad3bd88aa711bdae2]
lang_lv.qm                                  File Size: 90659     BYTES    FileVersion:  N/A            MD5: [683950904e725821740217824df440ff]
lang_nl.qm                                  File Size: 133514    BYTES    FileVersion:  N/A            MD5: [442a6cf7e07e6f676d8b5ae41637549c]
lang_no.qm                                  File Size: 129833    BYTES    FileVersion:  N/A            MD5: [8949e21e367e5a32ca9f36d8d22c9771]
lang_pl.qm                                  File Size: 133827    BYTES    FileVersion:  N/A            MD5: [48379f4ac164adfc8d448bf53c8e2df8]
lang_pt_BR.qm                               File Size: 136918    BYTES    FileVersion:  N/A            MD5: [b1ea2002cf5362b24ca0a026f448e3f1]
lang_pt_PT.qm                               File Size: 136982    BYTES    FileVersion:  N/A            MD5: [5e23b66cb6d8d9894b991cc8f33658af]
lang_ro.qm                                  File Size: 90458     BYTES    FileVersion:  N/A            MD5: [bcf524020255c4f7a6fdbae8df2bfe81]
lang_ru.qm                                  File Size: 137874    BYTES    FileVersion:  N/A            MD5: [5e28394fbd12f21301e2b7e1a9dbac94]
lang_sk.qm                                  File Size: 131080    BYTES    FileVersion:  N/A            MD5: [68e0e95e7131d101188a57e3a413dee5]
lang_sl.qm                                  File Size: 107631    BYTES    FileVersion:  N/A            MD5: [83755001a3f1bd527d0b4b7a77d0b37d]
lang_sv.qm                                  File Size: 129135    BYTES    FileVersion:  N/A            MD5: [b3c38242beb63f895fabcc14bbc6807a]
lang_tr.qm                                  File Size: 88838     BYTES    FileVersion:  N/A            MD5: [1e4a3c0dcd7074ad4a3971ce67762cda]
lang_vi.qm                                  File Size: 133386    BYTES    FileVersion:  N/A            MD5: [586de19c023986bf884ad56fc29c8f5e]
lang_zh_TW.qm                               File Size: 87797     BYTES    FileVersion:  N/A            MD5: [e120a014cf077bdcbcdcbf98c3438188]

C:\Program Files\Malwarebytes Anti-Malware\\platforms
qwindows.dll                                File Size: 929760    BYTES    FileVersion:  5.4.1.0        MD5: [6c54d2ebeaacbe9b56816536041c8281]

C:\Program Files\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                               File Size: 823776    BYTES    FileVersion:  1.4.0.1001     MD5: [bbfc25590af3e45d8cca1fab95648b40]

C:\Documents and Settings\My Name Here\Application Data\Malwarebytes\Malwarebytes Anti-Malware

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                                 File Size: 8123      BYTES    FileVersion:  N/A            MD5: [40b607f02e52755e5cbee4bed846db9a]
akadomains.ref                              File Size: 92        BYTES    FileVersion:  N/A            MD5: [73d5774cbd8df165274a0691ae264808]
akaips.ref                                  File Size: 92        BYTES    FileVersion:  N/A            MD5: [2a6869d1f91f0a0b87b1d27bd30ccc5c]
domains.ref                                 File Size: 630007    BYTES    FileVersion:  N/A            MD5: [7ad24e2efebb2cfa8872354bbf2c2675]
exclusions.dat                              File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref                                     File Size: 134129    BYTES    FileVersion:  N/A            MD5: [191efca2c7b6e623b5a430ba99965d0d]
rules.ref                                   File Size: 9521262   BYTES    FileVersion:  N/A            MD5: [03f1c364023e203e71f57b2d7a6a1387]
S-1-5-18-0-ntuser.dat                   S-1-5-18-0-ntuser.dat.LOG               S-1-5-18-1-ntuser.dat                       File Size: 299008    BYTES    FileVersion:  N/A            MD5: [b10816596d72bd53d3afcfe5250687a5]
S-1-5-18-1-ntuser.dat.LOG                   File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
S-1-5-19-0-ntuser.dat                   S-1-5-19-0-ntuser.dat.LOG               S-1-5-19-1-ntuser.dat                       File Size: 237568    BYTES    FileVersion:  N/A            MD5: [57581c736aac9f99da7116d2c7d17ac6]
S-1-5-19-1-ntuser.dat.LOG                   File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
S-1-5-19-1-UsrClass.dat                     File Size: 16384     BYTES    FileVersion:  N/A            MD5: [ade86b229c302cec0f953dcdeecdc42e]
S-1-5-20-0-ntuser.dat                   S-1-5-20-0-ntuser.dat.LOG               S-1-5-20-1-ntuser.dat                       File Size: 237568    BYTES    FileVersion:  N/A            MD5: [c9fee706933fe948e3ddf7016788c46c]
S-1-5-20-1-ntuser.dat.LOG                   File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
S-1-5-20-1-UsrClass.dat                     File Size: 16384     BYTES    FileVersion:  N/A            MD5: [febbb46e702f658da7cde2cd6addff1e]
S-1-5-21-839522115-115176313-682003330-1004-0-ntuser.datS-1-5-21-839522115-115176313-682003330-1004-0-ntuser.dat.LOGS-1-5-21-839522115-115176313-682003330-1004-1-ntuser.dat    File Size: 10051584  BYTES    FileVersion:  N/A            MD5: [a631f86d2ef2322243933a3358072d31]
S-1-5-21-839522115-115176313-682003330-1004-1-ntuser.dat.LOG    File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
S-1-5-21-839522115-115176313-682003330-1004-1-UsrClass.dat    File Size: 110592    BYTES    FileVersion:  N/A            MD5: [65106c306a21240ac127711ac8a5cab0]
S-1-5-21-839522115-115176313-682003330-1012-0-ntuser.datS-1-5-21-839522115-115176313-682003330-1012-0-ntuser.dat.LOGS-1-5-21-839522115-115176313-682003330-1012-1-ntuser.dat    File Size: 524288    BYTES    FileVersion:  N/A            MD5: [c97c7f93e84b9d3698ab6750e39a45c7]
S-1-5-21-839522115-115176313-682003330-1012-1-ntuser.dat.LOG    File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
S-1-5-21-839522115-115176313-682003330-1012-1-UsrClass.dat    File Size: 262144    BYTES    FileVersion:  N/A            MD5: [14cf5420f9f20e8037cb62d7685acad9]
S-1-5-21-839522115-115176313-682003330-1013-0-ntuser.datS-1-5-21-839522115-115176313-682003330-1013-0-ntuser.dat.LOGS-1-5-21-839522115-115176313-682003330-1013-1-ntuser.dat    File Size: 524288    BYTES    FileVersion:  N/A            MD5: [c97c7f93e84b9d3698ab6750e39a45c7]
S-1-5-21-839522115-115176313-682003330-1013-1-ntuser.dat.LOG    File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
S-1-5-21-839522115-115176313-682003330-1013-1-UsrClass.dat    File Size: 262144    BYTES    FileVersion:  N/A            MD5: [14cf5420f9f20e8037cb62d7685acad9]
S-1-5-21-839522115-115176313-682003330-500-0-ntuser.datS-1-5-21-839522115-115176313-682003330-500-0-ntuser.dat.LOGS-1-5-21-839522115-115176313-682003330-500-1-ntuser.dat    File Size: 786432    BYTES    FileVersion:  N/A            MD5: [03fb72d6bc1d558d77c56301ef31cadc]
S-1-5-21-839522115-115176313-682003330-500-1-ntuser.dat.LOG    File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
S-1-5-21-839522115-115176313-682003330-500-1-UsrClass.dat    File Size: 262144    BYTES    FileVersion:  N/A            MD5: [308c5d0017ac8df3ec5c8b7ae0f1c8d7]
swissarmy.ref                               File Size: 28249     BYTES    FileVersion:  N/A            MD5: [796931ca33465057e4349a3844809397]

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                                  File Size: 4658      BYTES    FileVersion:  N/A            MD5: [ab2a13181557f9fcecc3fa6b98266983]
database.conf                               File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                                File Size: 3322      BYTES    FileVersion:  N/A            MD5: [7c5041a4b08e62213038f75901e80df7]
manifest.conf                               File Size: 3640      BYTES    FileVersion:  N/A            MD5: [8fd2bca782e64afb5e35e55136bec5f9]
marketing.conf                              File Size: 6974      BYTES    FileVersion:  N/A            MD5: [53bbca93e7bbeb7f5dca1ef9419ccb28]
net.conf                                    File Size: 7436      BYTES    FileVersion:  N/A            MD5: [994ed596e099f2558f375b39568762b8]
notifications.conf                          File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                              File Size: 2085      BYTES    FileVersion:  N/A            MD5: [1ba5464749bc7fc1cafb6a5df98da65b]
settings.conf                               File Size: 2028      BYTES    FileVersion:  N/A            MD5: [78d18edef116e7939977abc15465218c]
statistics.conf                             File Size: 513       BYTES    FileVersion:  N/A            MD5: [8dc3eb69272341c790e0520c79c2318d]

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore
build.conf                                  File Size: 4179      BYTES    FileVersion:  N/A            MD5: [20d9566b3cf94f1e395de8f40046fc68]
database.conf                               File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                                File Size: 23        BYTES    FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                               File Size: 3171      BYTES    FileVersion:  N/A            MD5: [a6e5576f7723acab40490fb9e64dfc1c]
marketing.conf                              File Size: 6974      BYTES    FileVersion:  N/A            MD5: [53bbca93e7bbeb7f5dca1ef9419ccb28]
net.conf                                    File Size: 6530      BYTES    FileVersion:  N/A            MD5: [9fb4acfdc11c7af48a760db4c7bfebf0]
notifications.conf                          File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                              File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                               File Size: 1724      BYTES    FileVersion:  N/A            MD5: [e27b42126b89352fdaae8f1630b9a8d8]
statistics.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs
protection-log-2016-06-15.xml               File Size: 6055      BYTES    FileVersion:  N/A            MD5: [5bc7f11f56c8dfdba08630ac51b0f261]

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Quarantine

Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
===============================================================
END OF FILE

 

 

 

[Firefox]

OK thanks for the logs, I will alert someone from staff to review them...

[AdvancedSetup]

You have a few things that could probably warrant having someone assist in malware removal, but for now let me have you try doing a full disk check and see if that helps or not.

Please click on START and command prompt. CMD.EXE from the run line.

Then type in the following.

CHKDSK   C:   /R

Then it will say it cannot lock the drive. Press the Y key and then the Enter key and then restart your computer and let the disk check run. It can take a few hours to run if you have a large drive.

After it restarts again then try a new Threat Scan and let us know if it's still hanging or not.

Thank you

 

[TripodBob]

Chkdsk sez:

Cleaning up minor inconsistencies on the drive.
Cleaning up 13 unused index entries from index $SII of file 0x9.
Cleaning up 13 unused index entries from index $SDH of file 0x9.
Cleaning up 13 unused security descriptors.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

 312560608 KB total disk space.
 115227960 KB in 130030 files.
     47292 KB in 10902 indexes.
        16 KB in bad sectors.
    244936 KB in use by the system.
     65536 KB occupied by the log file.
 197040404 KB available on disk.

      4096 bytes in each allocation unit.
  78140152 total allocation units on disk.
  49260101 allocation units available on disk.

Internal Info:
d0 86 02 00 8e 26 02 00 c2 1a 03 00 00 00 00 00  .....&..........
58 07 00 00 12 00 00 00 70 0a 00 00 00 00 00 00  X.......p.......
0e e9 f2 0b 00 00 00 00 36 cc c8 75 00 00 00 00  ........6..u....
56 97 33 11 00 00 00 00 24 84 b2 f9 05 00 00 00  V.3.....$.......
b8 e6 5a fb 05 00 00 00 58 40 bd 8e 0c 00 00 00  ..Z.....X@......
99 9e 36 00 00 00 00 00 00 39 07 00 ee fb 01 00  ..6......9......
00 00 00 00 00 e0 f4 78 1b 00 00 00 96 2a 00 00  .......x.....*..

Windows has finished checking your disk.

MBAM currently 17 minutes running and still in Pre-Scan Operations.

[Gt-truth]

hi @TripodBob

The issue is with the current hard drive.You have 16 KB hit in the bad sector!

So you need to buy "a new hard drive" in the worst circumstances.

Edited June 16, 2016 by mrdodrop

[TripodBob]

16 kb bad sectors have been there for years, probably not the issue.

[AdvancedSetup]

The bad sector should be marked by the OS not to access them.

Well at this point probably need to run some other scanners. Can you please post a new topic in the malware removal section and have someone assist you with checking for an infection.

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

Thanks