Jump to content

Recommended Posts

Receiving following errors:

mwb-rootkit.jpg

as well as another box the pops up saying " Error:  Malywarebytes was unable to load the Anti-RootKit Driver. Error Code: 20025. Do you want to continue scan without anti-rootkit support?"

Have followed directions for MBAM clean, to fully remove and install Malwarebytes.  Unfortunately this did not resolve problem.  How do I proceed?  I apologize in advance as I am not tech savvy.

Link to post
Share on other sites

Hello amiller73:

The analysis experts would most likely appreciate the following to begin with:

  1. Please read the topic Diagnostic Logs and then individually ATTACH the 3 requested logs in your next reply to this thread only.
  2. The 3 files, from Step 1, to be individually ATTACHED from your desktop are CheckResults.txt, FRST.txt and Addition.txt. Please do not Zip or Copy and Paste them into a reply. Please do not alter, any FRST categories as the configuration is well suited for this forum.


Thank You.

Link to post
Share on other sites

Hopefully I have done this correctly. 
 
 
 
can result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2016 02
Ran by Alison_2 (ATTENTION: The user is not administrator) on ALISONHP (27-06-2016 07:00:53)
Running from C:\Users\Alison_2\Downloads
Loaded Profiles: Alison & Alison_2 (Available Profiles: Alison & Alison_2 & Jackson & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> TrueSuiteService.exe
Failed to access process -> svchost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> svchost.exe
Failed to access process -> HPDrvMntSvc.exe
Failed to access process -> svchost.exe
Failed to access process -> HPSupportSolutionsFrameworkService.exe
Failed to access process -> jhi_service.exe
Failed to access process -> n360.exe
Failed to access process -> svchost.exe
Failed to access process -> mqsvc.exe
Failed to access process -> pdfsvc.exe
Failed to access process -> HPClientServices.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> dasHost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> FitbitConnectService.exe
Failed to access process -> SMSvcHost.exe
Failed to access process -> SMSvcHost.exe
Failed to access process -> mbamservice.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> mbamscheduler.exe
Failed to access process -> esrv_svc.exe
Failed to access process -> HPSA_Service.exe
Failed to access process -> LMS.exe
Failed to access process -> UNS.exe
Failed to access process -> svchost.exe
Failed to access process -> iPodService.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> dwm.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\n360.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
() C:\Users\Alison_2\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Google Inc.) C:\Users\Alison_2\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
Failed to access process -> SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
Failed to access process -> fontdrvhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
Failed to access process -> rundll32.exe
Failed to access process -> VSSVC.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Failed to access process -> OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> svchost.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> dwm.exe
Failed to access process -> sihost.exe
Failed to access process -> mbam.exe
Failed to access process -> taskhostw.exe
Failed to access process -> RuntimeBroker.exe
Failed to access process -> explorer.exe
Failed to access process -> unsecapp.exe
Failed to access process -> ShellExperienceHost.exe
Failed to access process -> SearchUI.exe
Failed to access process -> n360.exe
Failed to access process -> hkcmd.exe
Failed to access process -> igfxpers.exe
Failed to access process -> OneDrive.exe
Failed to access process -> hpwuschd2.exe
Failed to access process -> jusched.exe
Failed to access process -> esrv.exe
Failed to access process -> conhost.exe
Failed to access process -> svchost.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> ApplicationFrameHost.exe
Failed to access process -> SearchFilterHost.exe
Failed to access process -> svchost.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> Fitbit Connect.exe
Failed to access process -> ApplePhotoStreams.exe
Failed to access process -> APSDaemon.exe
Failed to access process -> iCloudServices.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\Run: [Amazon Music] => C:\Users\Alison_2\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-20] ()
HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\Run: [Google Update] => C:\Users\Alison_2\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-12-02] (Google Inc.)
HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\RunOnce: [Uninstall C:\Users\Alison_2\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alison_2\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\RunOnce: [Uninstall C:\Users\Alison_2\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alison_2\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\RunOnce: [Uninstall C:\Users\Alison_2\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alison_2\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\RunOnce: [Uninstall C:\Users\Alison_2\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alison_2\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\RunOnce: [Uninstall C:\Users\Alison_2\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alison_2\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\buShell.dll [2016-06-08] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\buShell.dll [2016-06-08] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\buShell.dll [2016-06-08] (Symantec Corporation)
Startup: C:\Users\Alison_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-09-01]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{e6a63496-cdb4-47f3-ace8-c1f620148c62}: [NameServer] 75.75.75.75,75.75.76.76
 
Internet Explorer:
==================
HKU\S-1-5-21-4210471962-3087493860-930690135-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
URLSearchHook: [S-1-5-21-4210471962-3087493860-930690135-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-4210471962-3087493860-930690135-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-08-25] (HP)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-20] (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-08-25] (HP)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-11-04] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.922.1\NativeBHO.dll [2014-09-22] (WhiteSky)
BHO-x32: No Name -> {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-20] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29] (Skype Technologies S.A.)
 
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-4210471962-3087493860-930690135-1003 -> hxxp://my.xfinity.com/
 
FireFox:
========
FF ProfilePath: C:\Users\Alison_2\AppData\Roaming\Mozilla\Firefox\Profiles\l9bh9g3r.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-01-24] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-21] ()
FF Plugin HKU\S-1-5-21-4210471962-3087493860-930690135-1003: @nsroblox.roblox.com/launcher -> C:\Users\Alison_2\AppData\Local\Roblox\Versions\version-e1544481252d4990\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4210471962-3087493860-930690135-1003: @nsroblox.roblox.com/launcher64 -> C:\Users\Alison_2\AppData\Local\Roblox\Versions\version-e1544481252d4990\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4210471962-3087493860-930690135-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\Alison_2\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4210471962-3087493860-930690135-1003: @talk.google.com/O1DPlugin -> C:\Users\Alison_2\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4210471962-3087493860-930690135-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Alison_2\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-4210471962-3087493860-930690135-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Alison_2\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-4210471962-3087493860-930690135-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alison_2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-10] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Alison_2\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Alison_2\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-06-20]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-04-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{40211632-250D-4B8C-B04E-DA45BAE6DF8C}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
 
Chrome:
=======
CHR Profile: C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-21]
CHR Extension: (Star Wars VII: Kylo Ren's Saber) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\agihmbgondgffhpjdhldopeigmpldbid [2016-01-21]
CHR Extension: (Google Docs) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-21]
CHR Extension: (Google Drive) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-21]
CHR Extension: (YouTube) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-21]
CHR Extension: (Norton Security Toolbar) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-01-21]
CHR Extension: (Google Search) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-21]
CHR Extension: (Website Logon) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef [2015-06-12]
CHR Extension: (Google Sheets) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-21]
CHR Extension: (Google Docs Offline) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-21]
CHR Extension: (Norton Identity Safe) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-06-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-21]
CHR Extension: (Gmail) - C:\Users\Alison_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-21]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-20]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-20]
CHR HKLM-x32\...\Chrome\Extension: [dfaldikcoaplhepekpbngkepfcoiihef] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-22]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-02-03]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2015-11-25] ()
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R3 lmhosts; C:\Windows\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R3 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\N360.exe [289080 2016-06-16] (Symantec Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R2 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
S2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [112792 2015-11-25] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2015-11-25] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160621.003\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1607000.04C\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160624.001\IDSvia64.sys [876248 2016-05-24] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-27] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-10-12] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1607000.04C\SRTSP64.SYS [773360 2016-06-01] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1607000.04C\SRTSPX64.SYS [48888 2016-06-01] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-01] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1607000.04C\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-06-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1607000.04C\Ironx64.SYS [291056 2016-06-01] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1607000.04C\SYMNETS.SYS [567536 2016-06-01] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160620.002\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160620.002\EX64.SYS [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-27 07:00 - 2016-06-27 07:01 - 00029982 _____ C:\Users\Alison_2\Downloads\FRST.txt
2016-06-27 06:49 - 2016-06-27 07:00 - 00000000 ____D C:\FRST
2016-06-27 06:48 - 2016-06-27 06:48 - 02389504 _____ (Farbar) C:\Users\Alison_2\Downloads\FRST64.exe
2016-06-26 10:13 - 2016-06-26 10:13 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1F356559.sys
2016-06-26 09:01 - 2016-06-26 09:01 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\06492DD8.sys
2016-06-25 22:50 - 2016-06-27 07:01 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-25 22:50 - 2016-06-25 22:50 - 01380712 _____ C:\Users\Alison_2\Downloads\SteamSetup (2).exe
2016-06-25 22:50 - 2016-06-25 22:50 - 00001034 _____ C:\Users\Public\Desktop\Steam.lnk
2016-06-25 22:50 - 2016-06-25 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-06-25 22:16 - 2016-06-25 22:16 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-25 22:16 - 2016-06-25 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-25 22:16 - 2016-06-25 22:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-25 22:16 - 2016-06-25 22:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-25 22:16 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-25 22:16 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-25 22:16 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-25 21:36 - 2016-06-25 21:36 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\18FD21C9.sys
2016-06-25 21:35 - 2016-06-25 21:35 - 01380712 _____ C:\Users\Alison_2\Downloads\SteamSetup (1).exe
2016-06-25 21:29 - 2016-06-25 21:29 - 01380712 _____ C:\Users\Alison_2\Downloads\SteamSetup.exe
2016-06-20 17:37 - 2016-06-20 17:38 - 00780354 _____ C:\Users\Alison_2\Downloads\PTC News Jun 17, 2016.pdf
2016-06-20 11:09 - 2016-06-20 11:09 - 00002415 _____ C:\Users\Public\Desktop\Norton 360.lnk
2016-06-15 04:22 - 2016-05-27 21:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-15 04:22 - 2016-05-27 21:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-15 04:22 - 2016-05-27 21:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-15 04:22 - 2016-05-27 21:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-15 04:22 - 2016-05-27 21:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-15 04:22 - 2016-05-27 21:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-15 04:22 - 2016-05-27 21:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-15 04:22 - 2016-05-27 21:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-15 04:22 - 2016-05-27 21:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-15 04:22 - 2016-05-27 21:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-15 04:22 - 2016-05-27 21:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-15 04:22 - 2016-05-27 21:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-15 04:22 - 2016-05-27 21:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-15 04:22 - 2016-05-27 21:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-15 04:22 - 2016-05-27 21:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-15 04:22 - 2016-05-27 21:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-15 04:22 - 2016-05-27 21:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-15 04:22 - 2016-05-27 21:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-15 04:22 - 2016-05-27 21:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-15 04:22 - 2016-05-27 21:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-15 04:22 - 2016-05-27 21:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-15 04:22 - 2016-05-27 21:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-15 04:22 - 2016-05-27 21:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-15 04:22 - 2016-05-27 21:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-15 04:22 - 2016-05-27 21:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-15 04:22 - 2016-05-27 21:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-15 04:22 - 2016-05-27 20:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-15 04:21 - 2016-05-27 23:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-15 04:21 - 2016-05-27 23:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-15 04:21 - 2016-05-27 23:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-15 04:21 - 2016-05-27 22:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-06-15 04:21 - 2016-05-27 22:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-15 04:21 - 2016-05-27 22:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-15 04:21 - 2016-05-27 22:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-15 04:21 - 2016-05-27 22:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-15 04:21 - 2016-05-27 22:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-15 04:21 - 2016-05-27 22:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-15 04:21 - 2016-05-27 22:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-15 04:21 - 2016-05-27 22:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-15 04:21 - 2016-05-27 21:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-15 04:21 - 2016-05-27 21:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-15 04:21 - 2016-05-27 21:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-06-15 04:21 - 2016-05-27 21:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-06-15 04:21 - 2016-05-27 21:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-15 04:21 - 2016-05-27 21:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-15 04:21 - 2016-05-27 21:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-15 04:21 - 2016-05-27 21:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-15 04:21 - 2016-05-27 21:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-15 04:21 - 2016-05-27 21:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-06-15 04:21 - 2016-05-27 21:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-15 04:21 - 2016-05-27 21:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-06-15 04:21 - 2016-05-27 21:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-06-15 04:21 - 2016-05-27 21:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-15 04:21 - 2016-05-27 21:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-15 04:21 - 2016-05-27 21:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-15 04:21 - 2016-05-27 21:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-15 04:21 - 2016-05-27 21:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-15 04:21 - 2016-05-27 21:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-15 04:21 - 2016-05-27 21:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-15 04:21 - 2016-05-27 21:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-15 04:21 - 2016-05-27 21:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-15 04:21 - 2016-05-27 21:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-15 04:21 - 2016-05-27 21:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-15 04:21 - 2016-05-27 21:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-15 04:21 - 2016-05-27 21:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-15 04:21 - 2016-05-27 21:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-15 04:21 - 2016-05-27 21:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-15 04:21 - 2016-05-27 21:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-15 04:21 - 2016-05-27 21:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-15 04:21 - 2016-05-27 21:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-06-15 04:21 - 2016-05-27 21:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-15 04:21 - 2016-05-27 21:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-15 04:21 - 2016-05-27 21:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-15 04:21 - 2016-05-27 21:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-15 04:21 - 2016-05-27 21:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-15 04:21 - 2016-05-27 21:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-15 04:21 - 2016-05-27 21:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-15 04:21 - 2016-05-27 21:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-06-15 04:21 - 2016-05-27 21:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-15 04:21 - 2016-05-27 21:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-15 04:21 - 2016-05-27 21:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-15 04:21 - 2016-05-27 21:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-15 04:21 - 2016-05-27 21:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-15 04:21 - 2016-05-27 21:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-15 04:21 - 2016-05-27 21:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-15 04:21 - 2016-05-27 21:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-15 04:21 - 2016-05-27 21:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-15 04:21 - 2016-05-27 21:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-15 04:21 - 2016-05-27 21:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-15 04:21 - 2016-05-27 21:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 04:21 - 2016-05-27 21:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-15 04:21 - 2016-05-27 21:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-06-15 04:21 - 2016-05-27 21:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-15 04:21 - 2016-05-27 21:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-15 04:21 - 2016-05-27 21:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-06-15 04:21 - 2016-05-27 21:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-15 04:21 - 2016-05-27 21:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-15 04:21 - 2016-05-27 21:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-15 04:21 - 2016-05-27 21:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-15 04:21 - 2016-05-27 21:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-15 04:21 - 2016-05-27 21:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-15 04:21 - 2016-05-27 21:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-15 04:21 - 2016-05-27 20:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-15 04:21 - 2016-05-27 20:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-15 04:21 - 2016-05-27 20:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-15 04:21 - 2016-05-27 20:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-15 04:20 - 2016-05-27 23:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-15 04:20 - 2016-05-27 23:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-15 04:20 - 2016-05-27 23:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-15 04:20 - 2016-05-27 22:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-15 04:20 - 2016-05-27 22:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-15 04:20 - 2016-05-27 22:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-06-15 04:20 - 2016-05-27 22:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-06-15 04:20 - 2016-05-27 22:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-15 04:20 - 2016-05-27 22:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-06-15 04:20 - 2016-05-27 22:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-15 04:20 - 2016-05-27 22:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-15 04:20 - 2016-05-27 22:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-15 04:20 - 2016-05-27 22:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-15 04:20 - 2016-05-27 22:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-15 04:20 - 2016-05-27 22:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-15 04:20 - 2016-05-27 22:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-15 04:20 - 2016-05-27 22:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-15 04:20 - 2016-05-27 22:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-15 04:20 - 2016-05-27 22:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-15 04:20 - 2016-05-27 22:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-15 04:20 - 2016-05-27 22:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-15 04:20 - 2016-05-27 22:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-15 04:20 - 2016-05-27 22:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-15 04:20 - 2016-05-27 22:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-15 04:20 - 2016-05-27 22:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-15 04:20 - 2016-05-27 22:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-15 04:20 - 2016-05-27 22:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-15 04:20 - 2016-05-27 22:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-15 04:20 - 2016-05-27 22:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-15 04:20 - 2016-05-27 22:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-15 04:20 - 2016-05-27 22:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-15 04:20 - 2016-05-27 21:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-15 04:20 - 2016-05-27 21:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-15 04:20 - 2016-05-27 21:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-15 04:20 - 2016-05-27 21:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-15 04:20 - 2016-05-27 21:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-15 04:20 - 2016-05-27 21:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-15 04:20 - 2016-05-27 21:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-15 04:20 - 2016-05-27 21:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-15 04:20 - 2016-05-27 21:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-15 04:20 - 2016-05-27 21:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-06-15 04:20 - 2016-05-27 21:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-06-15 04:20 - 2016-05-27 21:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-15 04:20 - 2016-05-27 21:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-15 04:20 - 2016-05-27 21:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-15 04:20 - 2016-05-27 21:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-15 04:20 - 2016-05-27 21:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-15 04:20 - 2016-05-27 21:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-15 04:20 - 2016-05-27 21:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-15 04:20 - 2016-05-27 21:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-06-15 04:20 - 2016-05-27 21:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-15 04:20 - 2016-05-27 21:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-15 04:20 - 2016-05-27 21:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-06-15 04:20 - 2016-05-27 21:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-15 04:20 - 2016-05-27 21:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-06-15 04:20 - 2016-05-27 21:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-15 04:20 - 2016-05-27 21:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-15 04:20 - 2016-05-27 21:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-06-15 04:20 - 2016-05-27 21:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-15 04:20 - 2016-05-27 21:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-06-15 04:20 - 2016-05-27 21:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-06-15 04:20 - 2016-05-27 21:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-15 04:20 - 2016-05-27 21:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-06-15 04:20 - 2016-05-27 21:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-15 04:20 - 2016-05-27 21:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-15 04:20 - 2016-05-27 21:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-06-15 04:20 - 2016-05-27 21:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-06-15 04:20 - 2016-05-27 21:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-15 04:20 - 2016-05-27 21:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-15 04:20 - 2016-05-27 21:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-15 04:20 - 2016-05-27 21:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-15 04:20 - 2016-05-27 21:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-06-15 04:20 - 2016-05-27 21:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-15 04:20 - 2016-05-27 21:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-15 04:20 - 2016-05-27 21:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-15 04:20 - 2016-05-27 21:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-15 04:20 - 2016-05-27 21:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-15 04:20 - 2016-05-27 21:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-15 04:20 - 2016-05-27 21:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-15 04:20 - 2016-05-27 21:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-15 04:20 - 2016-05-27 21:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-06-15 04:20 - 2016-05-27 21:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-15 04:20 - 2016-05-27 21:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-06-15 04:20 - 2016-05-27 21:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-15 04:20 - 2016-05-27 21:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-15 04:20 - 2016-05-27 21:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-15 04:20 - 2016-05-27 21:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-06-15 04:20 - 2016-05-27 21:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-15 04:20 - 2016-05-27 21:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-15 04:20 - 2016-05-27 21:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-15 04:20 - 2016-05-27 21:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-15 04:20 - 2016-05-27 21:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-15 04:20 - 2016-05-27 21:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-15 04:20 - 2016-05-27 21:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-15 04:20 - 2016-05-27 21:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-15 04:20 - 2016-05-27 21:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-15 04:20 - 2016-05-27 21:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-06-15 04:20 - 2016-05-27 21:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-15 04:20 - 2016-05-27 21:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-15 04:20 - 2016-05-27 21:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-15 04:20 - 2016-05-27 21:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-15 04:20 - 2016-05-27 21:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-15 04:20 - 2016-05-27 21:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-15 04:20 - 2016-05-27 21:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-15 04:20 - 2016-05-27 21:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-15 04:20 - 2016-05-27 20:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-15 04:20 - 2016-05-27 20:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-15 04:20 - 2016-05-27 20:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-15 04:20 - 2016-05-27 20:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-08 08:51 - 2016-06-08 08:51 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-06-08 08:51 - 2016-06-08 08:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-08 08:50 - 2016-06-08 08:51 - 00000000 ____D C:\Program Files\iTunes
2016-06-08 08:50 - 2016-06-08 08:50 - 00000000 ____D C:\Program Files\iPod
2016-06-08 08:50 - 2016-06-08 08:50 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-06-06 08:13 - 2016-06-06 08:13 - 00069936 _____ C:\Users\Alison_2\Downloads\TheDigestiveSystem.pdf
2016-06-04 08:11 - 2016-06-04 08:11 - 00178034 _____ C:\Users\Alison_2\Downloads\WalkerGarbage052716.pdf
2016-06-03 18:02 - 2016-06-03 18:02 - 00686061 _____ C:\Users\Alison_2\Downloads\PTC News Jun 03, 2016.pdf
2016-06-02 09:48 - 2016-06-02 09:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-27 06:58 - 2011-12-21 16:38 - 00000000 ____D C:\Users\Alison_2\AppData\LocalLow\AuthenTec
2016-06-27 06:55 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-27 06:54 - 2015-09-09 09:45 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-27 06:54 - 2012-01-02 23:13 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-27 06:54 - 2011-12-21 16:21 - 00000000 ____D C:\Users\Alison\AppData\LocalLow\AuthenTec
2016-06-27 06:47 - 2011-10-12 02:53 - 00000000 ____D C:\ProgramData\truesuite
2016-06-27 06:43 - 2014-01-05 14:41 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-27 06:38 - 2012-01-02 23:13 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-26 20:30 - 2011-12-29 16:48 - 00000342 _____ C:\WINDOWS\Tasks\HPCeeScheduleForALISONHP$.job
2016-06-26 20:09 - 2011-12-21 19:10 - 00000000 ____D C:\Users\Alison_2\AppData\Local\CrashDumps
2016-06-26 19:29 - 2016-01-21 21:13 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4210471962-3087493860-930690135-1003Core.job
2016-06-26 14:21 - 2014-01-10 19:49 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAlison_2.job
2016-06-26 12:58 - 2015-03-13 15:55 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-06-26 11:42 - 2012-08-01 09:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2016-06-26 11:42 - 2012-08-01 09:21 - 00000000 ____D C:\Program Files (x86)\Amazon
2016-06-26 11:21 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-26 10:15 - 2016-01-13 14:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-26 10:15 - 2011-10-12 02:49 - 00000000 ____D C:\ProgramData\PDFC
2016-06-26 08:58 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-25 23:00 - 2016-01-09 16:05 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2016-06-25 21:38 - 2015-10-30 00:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-06-25 21:38 - 2015-01-31 16:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-25 21:38 - 2015-01-31 16:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-25 21:31 - 2016-01-13 16:05 - 00000000 ____D C:\Users\Alison_2\AppData\Local\Packages
2016-06-23 12:18 - 2015-01-31 16:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-22 09:12 - 2016-01-13 16:05 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-20 11:32 - 2014-01-05 13:16 - 00000000 ____D C:\ProgramData\Oracle
2016-06-20 11:22 - 2016-01-18 18:38 - 00000000 ____D C:\Users\Alison_2\.oracle_jre_usage
2016-06-20 11:22 - 2014-10-18 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-20 11:22 - 2012-02-02 17:42 - 00000000 ____D C:\Program Files (x86)\Java
2016-06-20 11:21 - 2016-01-18 18:37 - 00097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-06-20 11:10 - 2016-01-14 11:03 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2016-06-20 11:10 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-20 11:09 - 2016-01-13 14:20 - 00000000 ____D C:\Users\Alison_2
2016-06-20 11:09 - 2015-04-01 10:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2016-06-20 11:06 - 2015-04-01 10:13 - 00101112 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2016-06-20 11:06 - 2015-04-01 10:13 - 00008270 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2016-06-18 15:20 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-06-18 13:22 - 2016-01-13 14:12 - 00301344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-18 13:19 - 2015-10-30 00:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-06-18 13:19 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-18 13:19 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-18 13:13 - 2014-10-18 08:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-18 12:31 - 2016-01-19 16:38 - 00001140 _____ C:\Users\Alison_2\Desktop\nativelog.txt
2016-06-18 12:30 - 2013-01-11 17:45 - 00000000 ____D C:\Users\Alison_2\AppData\Roaming\.minecraft
2016-06-18 10:43 - 2011-10-12 02:49 - 00000000 ____D C:\Program Files (x86)\PDF Complete
2016-06-17 18:40 - 2015-04-01 10:09 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 18:40 - 2015-04-01 10:09 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-17 07:38 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-15 07:33 - 2013-07-10 03:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-15 07:23 - 2012-08-07 12:32 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-14 11:33 - 2016-05-24 14:07 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-14 11:33 - 2016-05-24 14:07 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-08 08:50 - 2011-12-21 22:58 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-02 06:13 - 2016-01-13 14:19 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-02 06:00 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
 
==================== Files in the root of some directories =======
 
2011-10-12 02:52 - 2011-06-09 16:44 - 0002792 _____ () C:\Program Files\HP SimplePass 2011
2013-01-14 23:56 - 2013-01-15 00:01 - 0012976 _____ () C:\Users\Alison_2\AppData\Roaming\Comma Separated Values (Windows).CAL
2012-01-02 12:54 - 2013-12-04 13:00 - 0000173 _____ () C:\Users\Alison_2\AppData\Local\msmathematics.qat.Alison_2
2015-04-19 08:32 - 2015-04-19 08:32 - 0000000 _____ () C:\Users\Alison_2\AppData\Local\{E51AA556-1167-49B1-8573-BBB31387344D}
2013-01-16 11:18 - 2013-01-16 11:18 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

ATTENTION: ==> Could not access BCD. The user is not administrator
 
==================== End of FRST.txt ============================
 
 
dditional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2016 02
Ran by Alison_2 (2016-06-27 07:01:45)
Running from C:\Users\Alison_2\Downloads
Windows 10 Home Version 1511 (X64) (2016-01-13 23:04:55)
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Administrator (S-1-5-21-4210471962-3087493860-930690135-500 - Administrator - Disabled)
Alison (S-1-5-21-4210471962-3087493860-930690135-1000 - Administrator - Enabled) => C:\Users\Alison
Alison_2 (S-1-5-21-4210471962-3087493860-930690135-1003 - Limited - Enabled) => C:\Users\Alison_2
DefaultAccount (S-1-5-21-4210471962-3087493860-930690135-503 - Limited - Disabled)
Guest (S-1-5-21-4210471962-3087493860-930690135-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4210471962-3087493860-930690135-1006 - Limited - Enabled)
Jackson (S-1-5-21-4210471962-3087493860-930690135-1004 - Limited - Enabled) => C:\Users\Jackson
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.01.18.0 - Ralink)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon Music (HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version:  - Studio Wildcard)
AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.139.918 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
Get Yahoo! Messenger (HKLM-x32\...\Get Yahoo! Messenger) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP SimplePass PE 2011 (HKLM-x32\...\{4741965C-AFD0-4D00-81D1-1039F96D4DC3}) (Version: 5.3.0.273 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)
Intel Driver Update Utility (HKLM-x32\...\{a699b395-cd93-4135-85ec-828113841355}) (Version: 2.2.0.6 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Driver Update Utility 2.2.0.6 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden
LEGO® Jurassic World (HKLM-x32\...\Steam App 352400) (Version:  - TT Games Ltd)
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Mabinogi (HKLM-x32\...\Mabinogi) (Version:  - devCAT)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Motorola Device Manager (HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.3.4 - Motorola Mobility)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.7.0.76 - Symantec Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pin It (HKLM-x32\...\Pin It_is1) (Version: 0.0.4 - Pinterest)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ROBLOX Player for Alison_2 (HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for Alison_2 (HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.8.8855 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Torch (HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\Torch) (Version: 29.0.0.5394 - Torch Media, Inc) <==== ATTENTION
Unity Web Player (HKU\S-1-5-21-4210471962-3087493860-930690135-1003\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
VIP Access SDK (1.0.1.4)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
VS10Runtimex64 (Version: 1.0.0 - sourcefire) Hidden
WildTangent Games App for HP (x32 Version: 4.0.11.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job =>
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job =>  <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job =>  <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4210471962-3087493860-930690135-1003Core.job => C:\Users\Alison_2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4210471962-3087493860-930690135-1003UA.job => C:\Users\Alison_2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForALISONHP$.job =>
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAlison_2.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-04-12 10:32 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 10:32 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-24 14:09 - 2016-05-24 14:09 - 00959168 _____ () C:\Users\Alison_2\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-06-15 04:20 - 2016-05-27 20:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-19 05:17 - 2016-04-19 05:17 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-13 14:07 - 2016-01-13 14:07 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 19:22 - 2016-04-22 21:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-15 04:21 - 2016-05-27 20:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-15 04:20 - 2016-05-27 20:55 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-06-15 04:21 - 2016-05-27 20:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-15 04:21 - 2016-05-27 20:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 22:00 - 2015-06-01 22:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-27 11:14 - 2015-07-20 22:02 - 05887808 _____ () C:\Users\Alison_2\AppData\Local\Amazon Music\Amazon Music Helper.exe
2016-01-18 19:15 - 2015-11-25 22:36 - 00458904 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
2016-01-18 19:15 - 2015-11-25 22:46 - 00709272 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll
2016-01-18 19:15 - 2015-11-25 22:45 - 00185496 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\foreground_window_input.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 

==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 

==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 

==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4210471962-3087493860-930690135-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Alison_2\Pictures\Jeff Vietnam 3_2015\P1020661.JPG
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Creative WebCam Tray => C:\Program Files (x86)\Creative\Shared Files\CAMTRAY.EXE
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: HP Officejet Pro 8600 (NET) => "C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN296BXGNC05KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{C690BDAF-04CB-47AE-8290-FA2DBC769642}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7D73FABE-402A-4302-BAED-B249B4A68DB5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{208229AB-1429-4DFF-ABE6-63396C2C8DBE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{31D87CCA-EE6E-4792-80DF-0747C1DEE1EB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5AB1CE48-29E6-45E2-A5C4-75026E3E058E}] => (Allow) C:\Users\Alison\AppData\Local\Temp\7zSF388.tmp\SymNRT.exe
FirewallRules: [{1B0E3F99-69B6-4850-A65A-27B782CA9A28}] => (Allow) C:\Users\Alison\AppData\Local\Temp\7zSF388.tmp\SymNRT.exe
FirewallRules: [{704DD0EF-948B-4C8F-BDFE-968318F94246}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E7433654-9C80-4BEF-AEEE-75D470A8974B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{94CE31C2-3FF8-4A6B-9DFF-CA18990D7E3D}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{BF55E9F8-8B69-49B1-AB8C-8A6080CA7706}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{52502181-B07A-44D0-8419-76B2EEDF69D4}] => (Allow) C:\Users\Alison\AppData\Local\Temp\7zS4CD2\HPDiagnosticCoreUI.exe
FirewallRules: [{95FC1602-B4A8-4DC1-AE42-E1780A5FEF4D}] => (Allow) C:\Users\Alison\AppData\Local\Temp\7zS4CD2\HPDiagnosticCoreUI.exe
FirewallRules: [{8132AD7D-DB8B-4D70-8E48-56672CD7FBCB}] => (Allow) C:\Users\Alison\AppData\Local\Temp\7zS3D6F\HPDiagnosticCoreUI.exe
FirewallRules: [{00D83074-C4EB-4C4A-96CE-83EEE80550C2}] => (Allow) C:\Users\Alison\AppData\Local\Temp\7zS3D6F\HPDiagnosticCoreUI.exe
FirewallRules: [{BE5FC637-AC0B-4C0E-A9EF-3A1EFA4DE70C}] => (Allow) C:\Users\Alison\AppData\Local\Temp\7zS28CD\HPDiagnosticCoreUI.exe
FirewallRules: [{66D7066F-5E1C-408E-A04F-3CAFB8844A5C}] => (Allow) C:\Users\Alison\AppData\Local\Temp\7zS28CD\HPDiagnosticCoreUI.exe
FirewallRules: [{BE8A9E68-6448-4219-BC0A-EA53B60975D6}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{CDFEF599-F03B-4BB3-904F-36B86459FE31}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{61321D3A-0AB2-47DB-B27F-C7CB261999D8}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{AD70F4CB-5DB9-466B-9F0D-349580A193E4}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{ABA1BEE8-08D5-4FE6-9909-506780619135}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{72658F51-0FB8-4C96-A170-5B6D4949DA6A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{69DA08A9-9365-4F10-98D2-1DA4013C786C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{D456A896-E28B-4573-BFD7-6F366DDFE55F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{D36C869F-9170-493F-955F-C5B5BBB2D313}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{FC32EA84-20D7-4648-B7B8-B3D9FA39EF37}] => (Allow) C:\Users\Alison\AppData\Local\Temp\7zS69EA\HPDiagnosticCoreUI.exe
FirewallRules: [{89EE8DC1-7520-42E1-A022-C6D719A1C590}] => (Allow) C:\Users\Alison\AppData\Local\Temp\7zS69EA\HPDiagnosticCoreUI.exe
FirewallRules: [{92DC7EB8-2829-49EC-974D-EBAFB1B9A86F}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{31B454A6-BF59-4425-98DE-6D72026FBAD3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{9FF35612-721E-4998-BEAD-473506DDB2C2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F995E64E-462B-4E25-9097-2DD89D2C9F5A}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{7E08BB73-3B9C-4BFE-94C5-4B51A60526F8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{DA7376BA-F2EE-4D90-988D-854CA5988502}] => (Allow) LPort=1900
FirewallRules: [{DD478BFB-D7BC-4C27-AFE5-62D3F063199F}] => (Allow) LPort=2869
FirewallRules: [{F929A970-C0E6-492F-B58D-2B5951D1B5C9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D963A9BD-C486-42B7-BF27-B2F3DD3A436F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{31603311-6352-4432-AC50-2086FD8C7706}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{30D56280-AA33-4BE3-8A74-B55AB9BF02FF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{FA3ABCD3-BC0D-4837-AF28-2BC00236220A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{86E80672-D173-449C-871A-1D3486ED490E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{97CFE2B1-735B-4667-9006-5152C281650A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{26802BF2-98E5-45F9-A4F2-B192CEB7DD6B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{64D68D7A-D641-42BF-A4EF-DFD7AD0E16FD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{061A4BE4-22A4-4C66-BCAC-814BFC040E3D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3755A88C-1630-49D8-9B94-CB56A1AB12CE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CDFD6BA1-210E-4978-8ECD-BDCEE3999AD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{EACA8FA9-EF14-46E5-AC37-1099161D29BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{286C1510-3A41-4D47-9115-6CCFDA53F051}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{B2C34586-F18B-4993-BB35-C3FA486BEFD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
 
 
mbam-check result log version:     2.3.2.0
========================================
 
User Account type:                 Limited User
DomainComputer:                    No
OS:                                Windows 10  64 bit Operating System
Current Version and Build:         10.0.10586 OS Product Info: Home Edition
 

Malwarebytes Anti-Malware:         2.2.1.1043
Installed On:                      2016/06/25
Malware Database:                  2016.06.27.03
Rootkit Database:                  2016.05.27.01
Remediation Database:              2016.06.21.01
IP Database:                       2016.06.27.01
Domain Database:                   2016.06.27.01
License:                           Premium
Malware Protection:                4 (The service is running.)
Malicious Website Protection:      4 (The service is running.)
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2016/06/27 07:09:36
 
User Information for Local System:
===========================================
User Account: Administrator
 Account Level: Admin
User Account: Alison
 Account Level: Admin
User Account: Alison_2
 Account Level: Limited User
User Account: DefaultAccount
 Account Level: Guest
User Account: Guest
 Account Level: Guest
User Account: HomeGroupUser$
 Account Level: Guest
User Account: Jackson
 Account Level: Limited User
Total # of user entries: 7
 
UAC Settings:
===================
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
 DWORD 1 Status: ON
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
 DWORD 5 Status: ON
 
AntiVirus Information:
===================
AntiVirus Software Installed: "Norton Security Suite"
AntiVirus Software Installed: "Windows Defender"
 
FireWall Information:
===================
3rd Party Firewall Software Installed: "Norton Security Suite"
 
AntiSpyware Information:
===================
AntiSpyware Software Installed: "Windows Defender"
AntiSpyware Software Installed: "Norton Security Suite"
 
Machine Information
===============================================
Machine ID: a9e54fcf31b2cac71fbb71b274827270a4fe861c
Installation Token: LkqoMEzVxW8_Es2hmz8F1466918238
System has been up for:  20.9106 Hours
Current Date: 2016-Jun-27 14:09:36.274230
Date Booted: 2016-Jun-26 18:09:36.274230
 
Detection and Protection Settings
===============================================
Use Advanced Heuristics Engine (Shuriken):            true
Scan for rootkits:                                    true
Scan within archives:                                 true
PUP (Potentially Unwanted Program) detections:        Treat Detections as Malware
PUM (Potentially Unwanted Modification) detections:   Treat Detections as Malware
 
Compatibility Flag Settings:
=================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
 C:\Program Files\Logitech\SetPointP\SetPoint.exeREG_SZ  DISABLEUSERCALLBACKEXCEPTION
 C:\Users\Alison_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YH9CD9KD\MabinogiSetup190R.exeREG_SZ  VISTARTM
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
 

Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:
 
MBAM Startup Entries:
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
 
Malwarebytes Anti-Malware Service and Driver Status:
=======================================================
 
--------------Driver File Info:--------------
C:\WINDOWS\system32\drivers\mbam.sys
File Size: 27008     BYTES FileVersion: 0.1.16.0 MD5: [78bff5425e044086e74e78650a359fbb]
C:\WINDOWS\system32\drivers\mwac.sys
File Size: 65408     BYTES FileVersion: 1.0.6.0 MD5: [898415ac0b5f1d2a9a48abcb68a6dc4b]
C:\WINDOWS\system32\drivers\mbamswissarmy.sys
File Size: 192216    BYTES FileVersion: 0.3.0.4 MD5: [78488af2ab2111d67b3c4044707a519b]
C:\WINDOWS\system32\drivers\mbamchameleon.sys
File Size: 140672    BYTES FileVersion: 1.1.22.0 MD5: [1239597bab7eed2bb16d035af87e65d9]
 
--------------MBAMProtector:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 

--------------MBAMService:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 

--------------MBAMScheduler:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 

--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 

--------------MBAMWebAccessControl:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 

Required Dependencies:
======================
 
--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
 DisplayName                   REG_SZ  @%SystemRoot%\system32\bfe.dll,-1001
 ErrorControl                  REG_DWORD  1
 Group                         REG_SZ  NetworkProvider
 ImagePath                     REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
 Start                         REG_DWORD  2
 Type                          REG_DWORD  32
 Description                   REG_SZ  @%SystemRoot%\system32\bfe.dll,-1002
 DependOnService               REG_MULTI_SZ RpcSs
 
 ObjectName                    REG_SZ  NT AUTHORITY\LocalService
 ServiceSidType                REG_DWORD  3
 RequiredPrivileges            REG_MULTI_SZ SeAuditPrivilege
 
 FailureActions                REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
 ServiceDll                    REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
 ServiceDllUnloadOnStop        REG_DWORD  1
 ServiceMain                   REG_SZ  BfeServiceMain
 
--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
 AttachWhenLoaded              REG_DWORD  1
 DisplayName                   REG_SZ  @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
 ErrorControl                  REG_DWORD  3
 Group                         REG_SZ  FSFilter Infrastructure
 ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys
 Start                         REG_DWORD  0
 Tag                           REG_DWORD  1
 Type                          REG_DWORD  2
 Description                   REG_SZ  @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
 

C:\WINDOWS\system32\drivers\fltmgr.sys
File Size: 377696    BYTES FileVersion: 6.2.10586.0 MD5: [25d7a58625e1453e40d36825de74e4f1]
C:\WINDOWS\SysWOW64\mscomctl.ocx
File Size: 1070232   BYTES FileVersion: 6.1.98.46 MD5: [273676426739b02a45a0fc9349500b65]
C:\WINDOWS\SysWOW64\olepro32.dll
File Size: 88576     BYTES FileVersion: 6.2.10586.420 MD5: [56deb6f17f290b8c4af8b2aa10097b55]
 

MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced:
    AutomaticQuarantine:                                       true
    AutostartProtection:                                       true
    LimitedMode:                                               false
    StartSilentMode:                                           false
    StartupDelay:                                              -15
ApplicationState:
    First-Run-After-Installation:                              false
General:
    DaysUntilNotifyExpiration:                                 5
    Language:                                                  en
    RightClickAccess:                                          true
    SilentErrors:                                              false
Logging:
    ExportLog:                                                 true
Marketing:
    LastPostScanMarketingIndex:                                2
Notification:
ProtectionTray:
    DisplayMilliseconds:                                       3000
ScanHistory:
    Duration_Complete:                                         22423
    Duration_Driver:                                           0
    Duration_Filesystem:                                       23
    Duration_Heuristics:                                       968050
    Duration_Loading:                                          0
    Duration_MasterBootRecord:                                 0
    Duration_Memory:                                           40000
    Duration_PreScan:                                          9584
    Duration_Registry:                                         10263
    Duration_Sector:                                           0
    Duration_Startup:                                          7899
    ItemCount_Complete:                                        169967
    ItemCount_Driver:                                          0
    ItemCount_Filesystem:                                      60672
    ItemCount_Heuristics:                                      44795
    ItemCount_Loading:                                         0
    ItemCount_MasterBootRecord:                                0
    ItemCount_Memory:                                          2797
    ItemCount_PreScan:                                         0
    ItemCount_Registry:                                        798
    ItemCount_Sector:                                          0
    ItemCount_Startup:                                         1036
    LastRemovalRequiredDOR:                                    false
    LastScanDateEpoch:                                         1467018801530
    LastScanType:                                              1 (Threat Scan)
Update:
    LastUpdate:                                                2016-06-27T13:13:33
    NotifyInstallReady:                                        true
    NotifyOutdatedDatabase:                                    1
    ProxyPassword:                                             
    ProxyPort:                                                 0
    ProxyServer:                                               
    ProxyUsername:                                             
    UseProxy:                                                  false
    UseProxyAuthentication:                                    false
    CheckProgramUpdates:              true
--------------Account:--------------
  Account Status:                                              Premium
  Expiration Time:                                             2016/07/10 05:17:19
  Activation Time:                                             2016/06/25 22:19:11
  Trial Used:                                                  true
--------------Access Policies:--------------
 
Scheduler Queue:
================
 
tasks:
    11ff8439-b8e9-4993-b5d0-0cac36e6ad2e:                      
      parameters:                                              
        AutoDelete:                                            false
        CheckForUpdatesBeforeScanStart:                        true
        ScanConfig:                                            
          ExportLog:                                           true
          FileSystemOption:                                    true
          Quarantine:                                          Prompt
          RebootSystemWhenMalwareDetected:                     false
          ScanArchives:                                        true
          ScanExtra:                                           true
          ScanHeuristic:                                       true
          ScanMemoryObjects:                                   true
          ScanPUM:                                             Treat Detections as Malware
          ScanPUP:                                             Treat Detections as Malware
          ScanRegistry:                                        true
          ScanRootkits:                                        false
          ScanSource:                                          1
          ScanStartup:                                         true
          ScanTargets:                                         
          ScanType:                                            1 (Threat Scan)
          Silent:                                              true
        StartTaskFromSystemAccount:                            false
        TaskType:                                              0
      triggers:                                                
        c1e84b30-070c-438e-91c5-b795fa984bdc:                  
          dateinterval:                                        1:0:0 (Days:Months:Years)
          lastscheduled:                                       Mon, 27 Jun 2016 02:13:19.010622 -0700
          lasttriggered:                                       Mon, 27 Jun 2016 02:13:19.010622 -0700
          nextscheduled:                                       Tue, 28 Jun 2016 02:00:15 -0700
          recovery:                                            23:00:00 (Hours:Minutes:Seconds)
          start:                                               Sun, 26 Jun 2016 02:12:11 -0700
          timeinterval:                                        00:00:00 (Hours:Minutes:Seconds)
          type:                                                Daily
          uuid:                                                c1e84b30-070c-438e-91c5-b795fa984bdc
      type:                                                    scan
      uuid:                                                    11ff8439-b8e9-4993-b5d0-0cac36e6ad2e
    62728ac3-b673-417a-b263-ee85cd91c499:                      
      parameters:                                              
        NotifyWhenUpdateCompletes:                             false
        TaskType:                                              3
      triggers:                                                
        69e4316a-4ea6-4c1d-abc1-472b75b73705:                  
          dateinterval:                                        0:0:0 (Days:Months:Years)
          lastscheduled:                                       Mon, 27 Jun 2016 06:10:27.071381 -0700
          lasttriggered:                                       Mon, 27 Jun 2016 06:10:27.071381 -0700
          nextscheduled:                                       Mon, 27 Jun 2016 07:15:11.071107 -0700
          recovery:                                            00:00:00 (Hours:Minutes:Seconds)
          start:                                               Sat, 25 Jun 2016 23:00:11.071107 -0700
          timeinterval:                                        01:00:00 (Hours:Minutes:Seconds)
          type:                                                Hourly
          uuid:                                                69e4316a-4ea6-4c1d-abc1-472b75b73705
      type:                                                    update
      uuid:                                                    62728ac3-b673-417a-b263-ee85cd91c499
 
Pending File Rename Operations:
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
Pending File Rename Operations:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
 PendingFileRenameOperations REG_MULTI_SZ \??\C:\Users\Alison\AppData\Local\Temp\~nsu.tmp\Au_.exe
 
 
 
MBAMProtector Registry Values:
==============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
 Type                          REG_DWORD  2
 Start                         REG_DWORD  3
 ErrorControl                  REG_DWORD  1
 ImagePath                     REG_EXPAND_SZ \??\C:\WINDOWS\system32\drivers\mbam.sys
 Group                         REG_SZ  FSFilter Anti-Virus
 DependOnService               REG_MULTI_SZ FltMgr
 
 WOW64                         REG_DWORD  1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
 DefaultInstance               REG_SZ  MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
 Altitude                      REG_SZ  328800
 Flags                         REG_DWORD  0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters
 PassThruFile                  REG_SZ  mbampt.exe
 ProductPath                   REG_SZ  C:\Program Files (x86)\Malwarebytes Anti-Malware
 
MBAMService Registry Values:
============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
 Type                          REG_DWORD  16
 Start                         REG_DWORD  2
 ErrorControl                  REG_DWORD  1
 ImagePath                     REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
 DependOnService               REG_MULTI_SZ MBAMProtector
 
 WOW64                         REG_DWORD  1
 ObjectName                    REG_SZ  LocalSystem
 Description                   REG_SZ  Malwarebytes Anti-Malware service
 DelayedAutostart              REG_DWORD  0
 
MBAMScheduler Registry Values:
==============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler
 Type                          REG_DWORD  16
 Start                         REG_DWORD  2
 ErrorControl                  REG_DWORD  1
 ImagePath                     REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
 WOW64                         REG_DWORD  1
 ObjectName                    REG_SZ  LocalSystem
 Description                   REG_SZ  Malwarebytes Anti-Malware scheduler
 
Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================
 
--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 

TermService Start is set to: 3 (Manual Startup)
 
Proxy Status: No proxy is Set
 
LAN Settings:
=============
 
only 'Automatically detect settings' is selected
 
SystemPartition:
================
 
HKEY_LOCAL_MACHINE\SYSTEM\Setup\
 SystemPartition REG_SZ  \Device\HarddiskVolume1
 
Balloon Tips Status:
====================
 
Enabled
 
Time Format Settings:
=====================
 
Should be:
  h:mm:ss tt
  AM
  PM
  :
 
Currently:
REG_SZ  h:mm:ss tt
REG_SZ  AM
REG_SZ  PM
REG_SZ  :
 
Language and Regional Settings:
===============================
 
ACP:  Language is English (United States)
MACCP:  Language is English (United States)
OEMCP:  Language is English (United States)
 
Startup Folders for Error_Expanding_Variables Check:
====================================================
 
All Users Startup Folder Exists.
Current User's Startup Folder Exists.
 

Context Menu Entries:
=====================
 
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
 (Default):                    REG_SZ  {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
 (Default):                    REG_SZ  {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
 (Default):                    REG_SZ  MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
 (Default):                    REG_SZ  {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
 (Default):                    REG_SZ  MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
 (Default):                    REG_SZ  MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
 (Default):                    REG_SZ  {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
 (Default):                    REG_SZ  IMBAMShlExt
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
 (Default):                    REG_SZ  {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
 (Default):                    REG_SZ  {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
 Version                       REG_SZ  1.0
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 (Default):                    REG_SZ  MBAMShlExt Class
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
 ThreadingModel                REG_SZ  Apartment
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
 (Default):                    REG_SZ  MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
 (Default):                    REG_SZ  {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
 (Default):                    REG_SZ  MBAMExt.MBAMShlExt
 
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
 (Default):                    REG_SZ  MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
 (Default):                    REG_SZ  0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
 (Default):                    REG_SZ  MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
 (Default):                    REG_SZ  0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes Anti-Malware
 

List of MBAM Related Directories:
=================================
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll                                   File Size: 922080    BYTES FileVersion:  9.20.0.0       MD5: [14079a2411fa2bb7f78bc100c92bbcc2]
changes.txt                              File Size: 1596      BYTES FileVersion:  N/A            MD5: [09371a0c8bd9e9554571da257d554d3e]
cloud-enumeration.dll                    File Size: 287200    BYTES FileVersion:  1.0.1.0        MD5: [84ac20b9327dbd4d94039be93384dad5]
cloud.dll                                File Size: 352736    BYTES FileVersion:  1.0.1.0        MD5: [5659790448fb136a80be407c4a0dbb50]
license.rtf                              File Size: 38870     BYTES FileVersion:  N/A            MD5: [ed36ea764c3a452334416713c8cf1eed]
master.conf                              File Size: 1258      BYTES FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                 File Size: 609760    BYTES FileVersion:  1.0.40.0       MD5: [c4a51c1cb174066fdaf383c09f0d574b]
mbam.exe                                 File Size: 9926112   BYTES FileVersion:  2.3.173.0      MD5: [8e98e3ec16d2641005b4748cd330fb45]
mbamcore.dll                             File Size: 2127840   BYTES FileVersion:  1.3.24.0       MD5: [63ce66ef2b30a09308eafe29baec6a75]
mbamdor.exe                              File Size: 55264     BYTES FileVersion:  1.0.2.0        MD5: [297c1bdcc26adb339d4c0f0550e434d6]
mbamext.dll                              File Size: 431072    BYTES FileVersion:  3.1.1.0        MD5: [67a6ec1735c77c2623b49cc1f284c8a0]
mbampt.exe                               File Size: 40928     BYTES FileVersion:  1.0.57.0       MD5: [04d0b942b0ad4a5d2eee45d9b7d6545b]
mbamresearch.exe                         File Size: 1949152   BYTES FileVersion:  1.1.1.0        MD5: [e601f9ca6a72493bc8185bedda17eee8]
mbamscheduler.exe                        File Size: 1514464   BYTES FileVersion:  3.1.7.0        MD5: [9611577752e293259c7dce19e9026362]
mbamservice.exe                          File Size: 1136608   BYTES FileVersion:  3.2.21.0       MD5: [f1a89a34388b5626f1548d393b23ecb1]
mbamsrv.dll                              File Size: 3863008   BYTES FileVersion:  2.1.10.0       MD5: [a33629c51295570fe9f252a39ddcea93]
mbamtoast.dll                            File Size: 98272     BYTES FileVersion:  1.70.0.0       MD5: [b55f6f7b61ae6070a6e023e11fda92ee]
msvcp100.dll                             File Size: 422880    BYTES FileVersion:  10.0.40219.325 MD5: [53a5f1b984f585997968cd0dfb27400c]
msvcr100.dll                             File Size: 775648    BYTES FileVersion:  10.0.40219.325 MD5: [dc0213118e61e5ca865092109860792c]
Qt5Core.dll                              File Size: 4646880   BYTES FileVersion:  5.4.1.0        MD5: [91c7c50b2a290b82604163b5a679ea24]
Qt5Gui.dll                               File Size: 4640224   BYTES FileVersion:  5.4.1.0        MD5: [1d59b3e632aef8e24cc1707fd411113b]
Qt5Network.dll                           File Size: 673248    BYTES FileVersion:  5.4.1.0        MD5: [e089635a8cbed229ec30cdbe29748c08]
Qt5Widgets.dll                           File Size: 4474848   BYTES FileVersion:  5.4.1.0        MD5: [33881dda0ccc3898facadf1e4d1df237]
unins000.dat                             File Size: 37895     BYTES FileVersion:  N/A            MD5: [9d7102551daff528cc3549bece4754c9]
unins000.exe                             File Size: 720085    BYTES FileVersion:  51.52.0.0      MD5: [f1505d347325c77e3eeef418495e1f57]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                            File Size: 235882    BYTES FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                              File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.exe                              File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.pif                              File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.scr                              File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
iexplore.exe                             File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.com                       File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.exe                       File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.pif                       File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.scr                       File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-killer.exe                          File Size: 1504736   BYTES FileVersion:  3.0.15.0       MD5: [b79d3c2fca170c4dd15d7316067a1fd3]
rundll32.exe                             File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
svchost.exe                              File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
windows.exe                              File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
winlogon.exe                             File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
qgif.dll                                 File Size: 29664     BYTES FileVersion:  5.4.1.0        MD5: [0b528e4c9bbd9efdea9bc8ac6a967d6d]
qico.dll                                 File Size: 29664     BYTES FileVersion:  5.4.1.0        MD5: [7b36d94db81b8b0dfd9323228dd96b51]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_ar.qm                               File Size: 87404     BYTES FileVersion:  N/A            MD5: [269d3107ca72a75fe154ce4ff718af50]
lang_bg.qm                               File Size: 133911    BYTES FileVersion:  N/A            MD5: [376ad1e4ad206bc32da09b12b564ecc4]
lang_ca.qm                               File Size: 92634     BYTES FileVersion:  N/A            MD5: [2d35f58b0c2db44ad2717f4a4526a085]
lang_cs.qm                               File Size: 105193    BYTES FileVersion:  N/A            MD5: [2c191de828d5e05fd7afa27ee1245023]
lang_da.qm                               File Size: 88039     BYTES FileVersion:  N/A            MD5: [f8a4941d5d388160d252832a77ab584f]
lang_de.qm                               File Size: 139276    BYTES FileVersion:  N/A            MD5: [b55f37281f0fcadfae67aecf0bf4cca5]
lang_el.qm                               File Size: 126897    BYTES FileVersion:  N/A            MD5: [bd671253e071bac626beea63393abcda]
lang_en.qm                               File Size: 3081      BYTES FileVersion:  N/A            MD5: [e2790b3cd9fdd9d3e266e9623fe477af]
lang_es.qm                               File Size: 138468    BYTES FileVersion:  N/A            MD5: [cc4f3aab63d933d5964e2bba62df4277]
lang_et.qm                               File Size: 107794    BYTES FileVersion:  N/A            MD5: [aa4845cd64b20377cea0ebc66eed4a42]
lang_fi.qm                               File Size: 130793    BYTES FileVersion:  N/A            MD5: [00653d1fb2f790817aef991025c176aa]
lang_fr.qm                               File Size: 141996    BYTES FileVersion:  N/A            MD5: [e06db8ef6b826b75ec5859913651ed44]
lang_he.qm                               File Size: 98928     BYTES FileVersion:  N/A            MD5: [2954e902664f2e129f8a8d8238e90552]
lang_hu.qm                               File Size: 132359    BYTES FileVersion:  N/A            MD5: [6bf3b8c78fd393ef2811a19742518b9a]
lang_id.qm                               File Size: 129135    BYTES FileVersion:  N/A            MD5: [6be058072a90897595c6f097a3caa797]
lang_it.qm                               File Size: 134154    BYTES FileVersion:  N/A            MD5: [183990148beec433023688db65a7bf2e]
lang_ja.qm                               File Size: 73762     BYTES FileVersion:  N/A            MD5: [f6bfd643cb92fa760ae6ec64344ee7e1]
lang_ko.qm                               File Size: 85731     BYTES FileVersion:  N/A            MD5: [53b5a94eb309d69993a5bc3cd43a85e4]
lang_lt.qm                               File Size: 90799     BYTES FileVersion:  N/A            MD5: [eecd8edca1fb068ad3bd88aa711bdae2]
lang_lv.qm                               File Size: 90659     BYTES FileVersion:  N/A            MD5: [683950904e725821740217824df440ff]
lang_nl.qm                               File Size: 133514    BYTES FileVersion:  N/A            MD5: [442a6cf7e07e6f676d8b5ae41637549c]
lang_no.qm                               File Size: 129833    BYTES FileVersion:  N/A            MD5: [8949e21e367e5a32ca9f36d8d22c9771]
lang_pl.qm                               File Size: 133827    BYTES FileVersion:  N/A            MD5: [48379f4ac164adfc8d448bf53c8e2df8]
lang_pt_BR.qm                            File Size: 136918    BYTES FileVersion:  N/A            MD5: [b1ea2002cf5362b24ca0a026f448e3f1]
lang_pt_PT.qm                            File Size: 136982    BYTES FileVersion:  N/A            MD5: [5e23b66cb6d8d9894b991cc8f33658af]
lang_ro.qm                               File Size: 90458     BYTES FileVersion:  N/A            MD5: [bcf524020255c4f7a6fdbae8df2bfe81]
lang_ru.qm                               File Size: 137874    BYTES FileVersion:  N/A            MD5: [5e28394fbd12f21301e2b7e1a9dbac94]
lang_sk.qm                               File Size: 131080    BYTES FileVersion:  N/A            MD5: [68e0e95e7131d101188a57e3a413dee5]
lang_sl.qm                               File Size: 107631    BYTES FileVersion:  N/A            MD5: [83755001a3f1bd527d0b4b7a77d0b37d]
lang_sv.qm                               File Size: 129135    BYTES FileVersion:  N/A            MD5: [b3c38242beb63f895fabcc14bbc6807a]
lang_tr.qm                               File Size: 88838     BYTES FileVersion:  N/A            MD5: [1e4a3c0dcd7074ad4a3971ce67762cda]
lang_vi.qm                               File Size: 133386    BYTES FileVersion:  N/A            MD5: [586de19c023986bf884ad56fc29c8f5e]
lang_zh_TW.qm                            File Size: 87797     BYTES FileVersion:  N/A            MD5: [e120a014cf077bdcbcdcbf98c3438188]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\platforms
qwindows.dll                             File Size: 929760    BYTES FileVersion:  5.4.1.0        MD5: [6c54d2ebeaacbe9b56816536041c8281]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                            File Size: 823776    BYTES FileVersion:  1.4.0.1001     MD5: [bbfc25590af3e45d8cca1fab95648b40]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                              File Size: 8263      BYTES FileVersion:  N/A            MD5: [c312abcb0e4fa4d6007dcd1976b49b77]
akadomains.ref                           File Size: 92        BYTES FileVersion:  N/A            MD5: [73d5774cbd8df165274a0691ae264808]
akaips.ref                               File Size: 92        BYTES FileVersion:  N/A            MD5: [2a6869d1f91f0a0b87b1d27bd30ccc5c]
domains.ref                              File Size: 665024    BYTES FileVersion:  N/A            MD5: [1a55c088b78e80c333ca8e7cd7b9d369]
exclusions.dat                           File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref                                  File Size: 137904    BYTES FileVersion:  N/A            MD5: [6c3fc2a051bf681388457c4b1d17bb2e]
rules.ref                                File Size: 9665359   BYTES FileVersion:  N/A            MD5: [ea1c09839de6f347a325d0c995022595]
swissarmy.ref                            File Size: 28249     BYTES FileVersion:  N/A            MD5: [796931ca33465057e4349a3844809397]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                               File Size: 4597      BYTES FileVersion:  N/A            MD5: [c6dfb378179569c8780bde988db7e54b]
database.conf                            File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                          File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 3425      BYTES FileVersion:  N/A            MD5: [feb2427b408a0e7cc3eae65c34f6857a]
manifest.conf                            File Size: 3409      BYTES FileVersion:  N/A            MD5: [2f060fff850b1e75fb71022ee92329d7]
marketing.conf                           File Size: 7318      BYTES FileVersion:  N/A            MD5: [3160ac4f81161044b4ee01c9f0c70f5e]
net.conf                                 File Size: 7337      BYTES FileVersion:  N/A            MD5: [69fe93e6fc15317a1043ca27c9bb65ca]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 2119      BYTES FileVersion:  N/A            MD5: [e0133576b28ffa1f1fe7004e8fb9d5ff]
settings.conf                            File Size: 2086      BYTES FileVersion:  N/A            MD5: [c5df652e3935db306ec795761c345b6a]
statistics.conf                          File Size: 513       BYTES FileVersion:  N/A            MD5: [ba9ecb3372d82d7337d1b352166acd90]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore
build.conf                               File Size: 4179      BYTES FileVersion:  N/A            MD5: [20d9566b3cf94f1e395de8f40046fc68]
database.conf                            File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                          File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 23        BYTES FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                            File Size: 3171      BYTES FileVersion:  N/A            MD5: [a6e5576f7723acab40490fb9e64dfc1c]
marketing.conf                           File Size: 6974      BYTES FileVersion:  N/A            MD5: [53bbca93e7bbeb7f5dca1ef9419ccb28]
net.conf                                 File Size: 6530      BYTES FileVersion:  N/A            MD5: [9fb4acfdc11c7af48a760db4c7bfebf0]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                            File Size: 1724      BYTES FileVersion:  N/A            MD5: [e27b42126b89352fdaae8f1630b9a8d8]
statistics.conf                          File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
mbam-log-2016-06-25 (22-19-15).xml       File Size: 2574      BYTES FileVersion:  N/A            MD5: [262c07a20a7290e91ab22028865380a7]
mbam-log-2016-06-26 (08-38-21).xml       File Size: 2576      BYTES FileVersion:  N/A            MD5: [22d8422c9ed0ee02702f038fdb0ed47a]
mbam-log-2016-06-27 (02-13-19).xml       File Size: 2578      BYTES FileVersion:  N/A            MD5: [5d999b7bec8e0909e36dfeb46a974236]
protection-log-2016-06-25.xml            File Size: 6005      BYTES FileVersion:  N/A            MD5: [a33e32e00f7dea22a43ecac4585e7650]
protection-log-2016-06-26.xml            File Size: 14127     BYTES FileVersion:  N/A            MD5: [ef6655996e400aebb6f1cf96fc9288cc]
protection-log-2016-06-27.xml            File Size: 8580      BYTES FileVersion:  N/A            MD5: [b662d68311f1dacbf8ddc9cde46ba4fb]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
 
Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
===============================================================
END OF FILE
 
 
 
Link to post
Share on other sites

Hello and Welcome to Malwarebytes

I noticed you are logged in as a limited account.  Does this happen as well when you login as and administrator?

Your diagnostic logs need to be run while logged in as an administrator as well.

That being said, your computer could use a good cleanup.  To do that follow the instructions below...

So, for expert assistance, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.

It explains the options for free, expert help -->>AND<<-- the suggested, preliminary steps to expedite the process.
A malware analyst will assist you with looking into your issue.

Thank you

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.