Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

frequent messages that Symantec is blocking svchost.exe


  • This topic is locked This topic is locked
20 replies to this topic

#1 JenMorg13

JenMorg13

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:29 AM

Posted 27 August 2013 - 09:38 PM

My 3yr old hp laptop recently wouldn't boot (black screen with curser).  I was able to reset system and start in safe mode by removing battery and pressing power button for 30 seconds and starting without battery. (none of the F keys worked to enable safe mode) I ran malewarebytes and it detected 5 items which were sucessfully removed and my symantic AV was again able to be updated.  since then (a week ago) I keep getting these messages, some asking for my permission to block svchost.exe from making a host file change and other times symantec just tells me it has blocked svchost.exe. i ran malwarebytes today once again and it detected 1 file threat which was deleted and i am running it again right now and it is picking up something else ( won't know what until scan is complete) I think I have something deep on my computer...not sure though.  Any guidence would be appreciated.  I would like to learn how to clean up my computer mannualy.

 

I downloaded DDS and attatched is the two scans it created

 

Thanks so much

 

 

ps.  I tried to post the logs in my exsiting thread in "am I infected" but did not see any attach buttom in the reply box.

 

Thanks again

Jennifer

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:29 AM

Posted 28 August 2013 - 01:06 AM


Hello JenMorg13

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 JenMorg13

JenMorg13
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:29 AM

Posted 28 August 2013 - 08:36 AM

Hello Gringo,

Thanks for your assistence!  I installed both programs----adw-cleaner and the junkware removal tool- as your instructions and here are the reports:

also, after these cleaners my computer is still blocking and prompting me to block svchost.exe about every 5 mins.

 

Adw-cleaner:

 

# AdwCleaner v3.001 - Report created 28/08/2013 at 09:01:17
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jennifer - JENNIFER-PC
# Running from : C:\Users\Jennifer\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Common Files\Wondershare
Folder Deleted : C:\Users\Jennifer\AppData\Local\Conduit
Folder Deleted : C:\Users\Jennifer\AppData\Local\cre
Folder Deleted : C:\Users\Jennifer\AppData\Local\Wondershare
Folder Deleted : C:\Users\Jennifer\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jennifer\AppData\LocalLow\PriceGong
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\0qv6yf05.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2108 octets] - [28/08/2013 08:46:16]
AdwCleaner[S0].txt - [2083 octets] - [28/08/2013 09:01:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2143 octets] ##########

 

JUNKWARE REMOVAL TOOL:

 

Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by Jennifer on Wed 08/28/2013 at  9:16:20.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wondershare
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3225826
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{ABC8BBD4-FAB1-4334-8D88-66B7F63A2123}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Jennifer\AppData\Roaming\mozilla\firefox\profiles\0qv6yf05.default\minidumps [184 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/28/2013 at  9:25:58.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Thanks so much

Jennifer


Edited by JenMorg13, 28 August 2013 - 09:14 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:29 AM

Posted 28 August 2013 - 12:24 PM


Hello JenMorg13

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 JenMorg13

JenMorg13
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:29 AM

Posted 28 August 2013 - 05:54 PM

Gringo,

 

I followed your instructions and Here is the combofix log.. (alas, I am still getting the svchost blocks and blocking prompts)

 

COMBOFIX Log

 

ComboFix 13-08-28.02 - Jennifer 08/28/2013  18:20:19.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3003.1743 [GMT -4:00]
Running from: c:\users\Jennifer\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\SysWow64\kernel32.dll was found and disinfected
Restored copy from - c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22209_none_fcd1e4cbba5cfc7b\kernel32.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-28 to 2013-08-28  )))))))))))))))))))))))))))))))
.
.
2013-08-28 22:28 . 2013-08-28 22:28    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-08-28 13:16 . 2013-08-28 13:16    --------    d-----w-    c:\windows\ERUNT
2013-08-28 12:45 . 2013-08-28 13:01    --------    d-----w-    C:\AdwCleaner
2013-08-27 18:21 . 2013-08-27 18:21    --------    d-----w-    c:\users\Jennifer\AppData\Roaming\Template
2013-08-27 17:50 . 2013-08-27 17:51    --------    d-----w-    c:\program files (x86)\Common Files\Adobe
2013-08-27 14:08 . 2013-08-27 14:08    --------    d-----w-    c:\users\Jennifer\AppData\Roaming\SUPERAntiSpyware.com
2013-08-27 14:08 . 2013-08-27 14:08    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-08-27 14:08 . 2013-08-27 14:08    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-08-20 03:13 . 2013-08-20 03:13    --------    d-----w-    c:\users\Jennifer\AppData\Roaming\HP Support Assistant
2013-08-20 02:48 . 2013-07-09 05:52    224256    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-20 02:48 . 2013-07-09 05:46    1472512    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-20 02:48 . 2013-07-09 04:46    1166848    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-08-20 02:48 . 2013-07-09 05:46    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-20 02:48 . 2013-07-09 05:46    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-20 02:48 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-08-20 02:48 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-08-20 02:48 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-08-20 02:47 . 2013-07-19 01:58    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-20 02:47 . 2013-07-19 01:41    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-08-20 02:46 . 2013-07-25 09:25    1888768    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-08-20 02:46 . 2013-07-25 08:57    1620992    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-08-20 02:46 . 2013-07-09 05:51    1217024    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-08-20 02:46 . 2013-07-09 04:52    663552    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2013-08-20 02:46 . 2013-06-15 04:32    39936    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2013-08-20 02:46 . 2013-07-06 06:03    1910208    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-07-30 14:41 . 2013-08-20 03:54    --------    d-----w-    c:\windows\system32\MRT
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-22 16:47 . 2012-08-26 01:47    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-22 16:47 . 2012-08-26 01:47    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-20 03:51 . 2012-10-05 12:25    78161360    ----a-w-    c:\windows\system32\MRT.exe
2013-06-05 03:34 . 2013-07-11 00:42    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-11 00:43    624128    ----a-w-    c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-11 00:43    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 6581488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SyDvCtrl;SyDvCtrl;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\SyDvCtrl64.sys;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\SyDvCtrl64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20130822.011\BHDrvx64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20130822.011\BHDrvx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20130827.001\IDSvia64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20130827.001\IDSvia64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS [x]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C0103E8\009D.105\x64\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0103E8\009D.105\x64\SYMNETS.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 21:24    451872    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 16:47]
.
2013-08-27 c:\windows\Tasks\HPCeeScheduleForJennifer.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-20 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-20 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-20 365592]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\0qv6yf05.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-HP Software Update - c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Wondershare Helper Compact.exe - c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
Wow6432Node-HKLM-Run-PMBVolumeWatcher - c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
Notify-SEP - c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll
SafeBoot-77612111.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2013-08-28  18:35:47 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-28 22:35
.
Pre-Run: 212,516,659,200 bytes free
Post-Run: 215,779,737,600 bytes free
.
- - End Of File - - 2149599FA9BF9A7824AE892904227D36
5867BE28F633277963455E40FCB3B05F

 

 

Thanks so much,

Jennifer



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:29 AM

Posted 28 August 2013 - 08:25 PM


Hello Jennifer

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 JenMorg13

JenMorg13
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:29 AM

Posted 28 August 2013 - 10:01 PM

Gringo,

I followed your instructions and here are the logs you requested. (Rouge killer produced 2 logs as you said, but neither was titled with the number two. If I have posted the wrong one, please let me know. Also, TDsSkiller's log, as you mentioned, was indeed to long for this interface's pasting tool, so I only atatched the portion you requested (after "scan finished")

 

TDSSKiller log:

 

10:09:15.0754 0x12a0  Detected object count: 0
10:09:15.0754 0x12a0  Actual detected object count: 0
10:09:20.0590 0x0c5c  Deinitialize success

 

Rouge Killer

RogueKiller V8.6.7 _x64_ [Aug 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jennifer [Admin rights]
Mode : Scan -- Date : 08/28/2013 22:21:43
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3263GSX ATA Device +++++
--- User ---
[MBR] d26b8e27cd90e7bcae85375d00281110
[BSP] 2ae5bdc354d2c564e6c6f46025c9305b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 292365 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 599173120 | Size: 12679 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08282013_222143.txt >>

 

 

My AV is still give me prompts to block svchost.exe.

How does my logs look

Rouge killer found 4 items in my registry and the only option it gave me was to delete. I was a tiny bit nervous:)

 

Thanks for your assistence,

Jennifer


Edited by JenMorg13, 28 August 2013 - 10:11 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:29 AM

Posted 28 August 2013 - 10:39 PM


Please read these steps thoroughly before proceeding.


download Malwarebytes Anti-Rootkit (MBAR) from here http://downloads.malwarebytes.org/file/mbar and save it to your desktop.

•Be sure to print out and follow the instructions provided on that same page.

•Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

•Doubleclick on the MBAR file you downloaded.
•Approve the UAC prompt in Vista and newer operating systems.
•Click OK on the next screen, to allow the package to extract the contents of the file to it's own folder, mbar.
•By default, this will be on your desktop, though you can choose another location if you wish. We advise using the default location for simplicity.
•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
•After reading the Introduction, click 'Next' if you agree.
•On the Update Database screen, click on the 'Update' button.
•Once you see 'Success: Database was successfully updated' click on 'Next'.
•Click the 'Scan' button.

A.With some infections, you may see two messages boxes.
1.'Could not load protection driver'. Click 'OK'.
2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

----------------
Please monitor the scan. If during the scan you see a message that says this:
"could not be remediated because backup file is not available"

Do NOT click Cleanup when it becomes available, but rather click Exit, and provide the same logs as requested below.
-----------------



•If malware is found, click the 'Cleanup' button with the above mentioned exception.

Once the system restore point is created and the cleanup is scheduled, a 'Reboot required' message will appear.
Click 'Yes' and allow the computer to reboot.

Once back in Windows, run mbar.exe once again to ensure all previously detected items have been removed, and no additional threats found.

Please send all logs which were generated.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 JenMorg13

JenMorg13
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:29 AM

Posted 29 August 2013 - 03:17 PM

Gringo,

I ran malwarebytes antirootkit beta and it did not find anything.  I am not sure how to read all the other logs correctly, however, I am starting to wonder if the svchost.exe is a sonar false positive from my anti-virus? Here is the Log from Malewarebytes antirootkit

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.08.29.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Jennifer :: JENNIFER-PC [administrator]

8/29/2013 3:41:29 PM
mbar-log-2013-08-29 (15-41-29).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 246229
Time elapsed: 17 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:29 AM

Posted 29 August 2013 - 09:30 PM

Hello

4 of the tools we have run should have seen it if it was caused by a virus.

I want you to try and uninstall and reinstall The antivirus and see if it still picks it up


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 JenMorg13

JenMorg13
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:29 AM

Posted 31 August 2013 - 01:26 AM

Gringo,

Hello again!  I uninstalled SEP and reinstalled the newest version 12.1 RU3.  However I ran into a problem...SEP will not let me update and it says my virus and spyware definitions are out of date. I ran symantec help and the only problem it notices is that my windows autorun feature is not disabled.  It sends me to some pages on how to change some registry keys to disable autorun..but it is way out of my league and I am not sure what this means?

Any advice would be appreciated.

Thank you,

Jennifer



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:29 AM

Posted 31 August 2013 - 12:21 PM

Hello



Please download this tool to your desktop and run it so we can check some Malwarebytes and Windows settings.
https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/_check

Once it completes, it will open a log in Notepad and save a copy to your desktop named CheckResults.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 JenMorg13

JenMorg13
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:29 AM

Posted 31 August 2013 - 03:45 PM

Gringo,

 For some reason this post isn't letting me choose the paste option ( I am not sure why)  so I had to attach the log...sorry about that

Thanks for your help

Jennifer

Attached Files



#14 JenMorg13

JenMorg13
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:29 AM

Posted 31 August 2013 - 03:50 PM

Gringo,

okay,  I got it to paste...disregard last post.

 

here is the system check log

 

mbam-check result log version: 2.0.0.1000

Malwarebytes Version: REG_SZ        1.75.0.1300

Date Log Created: 08/31/13
Time Log Created: 16:38:45

User Account type: Administrator

64 bit Operating System

Product Name: REG_SZ        Windows 7 Home Premium

Current Build Number: 7601

Current Version Number: 6.1

Current CSDVersion: Service Pack 1

Proxy Status: No proxy is Set

Proxy Override:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
    ProxyOverride    REG_SZ        *.local

LAN Settings:
=============

only 'Automatically detect settings' is selected

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
    SystemPartition    REG_SZ        \Device\HarddiskVolume1

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
        h:mm:ss tt
        AM
        PM
        :

Currently:
REG_SZ        h:mm:ss tt
REG_SZ        AM
REG_SZ        PM
REG_SZ        :

Language and Regional Settings:
===============================

ACP:     Language is English (United States)
MACCP:     Language is English (United States)
OEMCP:     Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's Startup Folder Exists.


Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

TERMService:
==============
Type             : 32
State             : 1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE        : 1077
SERVICE_EXIT_CODE    : 0
CHECKPOINT        : 0
WAIT_HINT        : 0


TermService Start is set to: 3 (Manual Startup)

Compatibility Flag Settings (Any MBAM file listings should be removed):
=======================================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
    C:\Users\Jennifer\AppData\Local\Temp\IXP000.TMP\Bootstrap.exeREG_SZ        VISTARTM




Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================



MBAM Startup Entries:
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Service and Driver Status:
==========================

MBAMProtector:
==============
Type             : 2
State             : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE        : 0
SERVICE_EXIT_CODE    : 0
CHECKPOINT        : 0
WAIT_HINT        : 0


MBAMService:
==============
Type             : 16
State             : 4 (The service is running.)
WIN32_EXIT_CODE        : 0
SERVICE_EXIT_CODE    : 0
CHECKPOINT        : 0
WAIT_HINT        : 0


MBAMScheduler:
==============
Type             : 16
State             : 4 (The service is running.)
WIN32_EXIT_CODE        : 0
SERVICE_EXIT_CODE    : 0
CHECKPOINT        : 0
WAIT_HINT        : 0


        <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon


MBAMProtector Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
    Type                          REG_DWORD        2
    Start                         REG_DWORD        3
    ErrorControl                  REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    \??\C:\Windows\system32\drivers\mbam.sys
    Group                         REG_SZ        FSFilter Anti-Virus
    DependOnService               REG_MULTI_SZ    FltMgr

    WOW64                         REG_DWORD        1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
    DefaultInstance               REG_SZ        MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
    Altitude                      REG_SZ        328800
    Flags                         REG_DWORD        0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum
    0                             REG_SZ        Root\LEGACY_MBAMPROTECTOR\0000
    Count                         REG_DWORD        1
    NextInstance                  REG_DWORD        1
MBAMService Registry Values:
============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
    Type                          REG_DWORD        16
    Start                         REG_DWORD        2
    ErrorControl                  REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
    DependOnService               REG_MULTI_SZ    MBAMProtector

    WOW64                         REG_DWORD        1
    ObjectName                    REG_SZ        LocalSystem
    Description                   REG_SZ        Malwarebytes Anti-Malware service
    DelayedAutostart              REG_DWORD        0
MBAMScheduler Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler
    Type                          REG_DWORD        16
    Start                         REG_DWORD        2
    ErrorControl                  REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
    WOW64                         REG_DWORD        1
    ObjectName                    REG_SZ        LocalSystem
    Description                   REG_SZ        Malwarebytes Anti-Malware scheduler

MBAM DLL's and Runtime Files:
=============================

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid
    (Default):                    REG_SZ        vbAccelerator Grid Control
HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid
    (Default):                    REG_SZ        {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass
    (Default):                    REG_SZ        SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid
    (Default):                    REG_SZ        {71A27032-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.CTimer
    (Default):                    REG_SZ        SSubTimer6.CTimer
HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid
    (Default):                    REG_SZ        {71A27034-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass
    (Default):                    REG_SZ        SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid
    (Default):                    REG_SZ        {71A2702F-C7D8-11D2-BEF8-525400DFB47A}




HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}
    (Default):                    REG_SZ        SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID
    (Default):                    REG_SZ        SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
    (Default):                    REG_SZ        {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION
    (Default):                    REG_SZ        1.0

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}
    (Default):                    REG_SZ        SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
    ThreadingModel                REG_SZ        Apartment
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID
    (Default):                    REG_SZ        SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
    (Default):                    REG_SZ        {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION
    (Default):                    REG_SZ        1.0

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}
    (Default):                    REG_SZ        SSubTimer6.CTimer
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
    ThreadingModel                REG_SZ        Apartment
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID
    (Default):                    REG_SZ        SSubTimer6.CTimer
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
    (Default):                    REG_SZ        {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION
    (Default):                    REG_SZ        1.0


HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1
    (Default):                    REG_SZ        vbAccelerator VB6 SGrid Control 2.0
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS
    (Default):                    REG_SZ        2
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1
    (Default):                    REG_SZ        vbAccelerator VB6 SGrid Control 2.0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS
    (Default):                    REG_SZ        2
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0
    (Default):                    REG_SZ        vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS
    (Default):                    REG_SZ        0
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0
    (Default):                    REG_SZ        vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS
    (Default):                    REG_SZ        0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}
    (Default):                    REG_SZ        _ISubclass
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
    (Default):                    REG_SZ        {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
    (Default):                    REG_SZ        {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
    Version                       REG_SZ        1.0
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}
    (Default):                    REG_SZ        ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
    (Default):                    REG_SZ        {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
    (Default):                    REG_SZ        {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
    (Default):                    REG_SZ        {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
    Version                       REG_SZ        1.0
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}
    (Default):                    REG_SZ        __CTimer
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
    (Default):                    REG_SZ        {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
    (Default):                    REG_SZ        {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
    Version                       REG_SZ        1.0
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}
    (Default):                    REG_SZ        CTimer
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
    (Default):                    REG_SZ        {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
    (Default):                    REG_SZ        {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
    (Default):                    REG_SZ        {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
    Version                       REG_SZ        1.0
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}
    (Default):                    REG_SZ        __vbalGrid
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32
    (Default):                    REG_SZ        {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib
    (Default):                    REG_SZ        {DE8CE233-DD83-481D-844C-C07B96589D3A}
    Version                       REG_SZ        1.1
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}
    (Default):                    REG_SZ        vbalGrid
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid
    (Default):                    REG_SZ        {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32
    (Default):                    REG_SZ        {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib
    (Default):                    REG_SZ        {DE8CE233-DD83-481D-844C-C07B96589D3A}
    Version                       REG_SZ        1.1
MBAM Registry Settings and License Info:
========================================


HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware
    advancedheuristics            REG_DWORD        1
    downloadprogram               REG_DWORD        1
    hidereg                       REG_DWORD        0
    detectp2p                     REG_DWORD        0
    detectpum                     REG_DWORD        1
    detectpup                     REG_DWORD        2
    updatewarn                    REG_DWORD        1
    updatewarndays                REG_DWORD        7
    useproxy                      REG_DWORD        0
    useauthentication             REG_DWORD        0
    contextmenu                   REG_DWORD        1
    reportthreats                 REG_DWORD        1
    startwithwindows              REG_DWORD        1
    startfsdisabled               REG_DWORD        0
    startipdisabled               REG_DWORD        0
    silentipmode                  REG_DWORD        0
    autoquarantine                REG_DWORD        1
    notifyinstallprogram          REG_DWORD        1
    trialpromptshown              REG_DWORD        1
    autoquarantinenotify          REG_DWORD        1
    InstallPath                   REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware
    dbdate                        REG_SZ        Wed, 28 Aug 2013 13:47:55 GMT
    dbversion                     REG_SZ        v2013.08.28.04
    programversion                REG_SZ        1.75.0.1300
    programbuild                  REG_SZ        consumer
    trialended                    REG_DWORD        0
    SchedulerQueue                REG_MULTI_SZ    6148, 30287988, 1359579552, 1, 23 | 30320260, 1459875289

    alwaysscanarchives            REG_DWORD        1

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware (Trial)
    TrialId                           There is data here but it is hidden.
    StartDate                     REG_SZ        Mon, 25 Mar 2013 01:39:11 UTC
    EndDate                       REG_SZ        Mon, 08 Apr 2013 01:39:11 UTC
HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware
    alwaysscanfiles               REG_DWORD        1
    alwaysscanheuristics          REG_DWORD        1
    alwaysscanmemory              REG_DWORD        1
    alwaysscanregistry            REG_DWORD        1
    alwaysscanstartups            REG_DWORD        1
    autosavelog                   REG_DWORD        1
    openlog                       REG_DWORD        1
    defaultscan                   REG_DWORD        1
    terminateie                   REG_DWORD        1
    Language                      REG_SZ        English.lng
    selectedrives                 REG_SZ        C:\|D:\|E:\|
HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware
    alwaysscanfiles               REG_DWORD        1
    alwaysscanheuristics          REG_DWORD        1
    alwaysscanmemory              REG_DWORD        1
    alwaysscanregistry            REG_DWORD        1
    alwaysscanstartups            REG_DWORD        1
    autosavelog                   REG_DWORD        1
    openlog                       REG_DWORD        1
    defaultscan                   REG_DWORD        0
    terminateie                   REG_DWORD        0
HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware
    alwaysscanfiles               REG_DWORD        1
    alwaysscanheuristics          REG_DWORD        1
    alwaysscanmemory              REG_DWORD        1
    alwaysscanregistry            REG_DWORD        1
    alwaysscanstartups            REG_DWORD        1
    autosavelog                   REG_DWORD        1
    openlog                       REG_DWORD        1
    defaultscan                   REG_DWORD        0
    terminateie                   REG_DWORD        0

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1
    Inno Setup: Setup Version     REG_SZ        5.5.3-dev (a)
    Inno Setup: App Path          REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware
    InstallLocation               REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware\
    Inno Setup: Icon Group        REG_SZ        Malwarebytes' Anti-Malware
    Inno Setup: User              REG_SZ        Jennifer
    Inno Setup: Selected Tasks    REG_SZ        desktopicon
    Inno Setup: Deselected Tasks  REG_SZ        quicklaunchicon
    Inno Setup: Language          REG_SZ        English
    DisplayName                   REG_SZ        Malwarebytes Anti-Malware version 1.75.0.1300
    DisplayIcon                   REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    UninstallString               REG_SZ        "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
    QuietUninstallString          REG_SZ        "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" /SILENT
    DisplayVersion                REG_SZ        1.75.0.1300
    Publisher                     REG_SZ        Malwarebytes Corporation
    URLInfoAbout                  REG_SZ        http://www.malwarebytes.org
    NoModify                      REG_DWORD        1
    NoRepair                      REG_DWORD        1
    InstallDate                   REG_SZ        20130428
    MajorVersion                  REG_DWORD        1
    MinorVersion                  REG_DWORD        75
    EstimatedSize                 REG_DWORD        19743
Pending File Rename Operations:
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

Scheduler Queue:
================

Scheduled Item: Update     Schedule Options:    | Daily    | Random    
Start Time: 2013-03-24 09:45     Repeating Every: 1     Recover if missed by: 23



Context Menu Entries:
=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}


HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
    (Default):                    REG_SZ        IMBAMShlExt
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
    (Default):                    REG_SZ        {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
    (Default):                    REG_SZ        {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
    Version                       REG_SZ        1.0
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
    ThreadingModel                REG_SZ        Apartment
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
    (Default):                    REG_SZ        {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
    (Default):                    REG_SZ        MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
    (Default):                    REG_SZ        0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
    (Default):                    REG_SZ        MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
    (Default):                    REG_SZ        0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware


MBAM Drivers:
=============

C:\Windows\system32\drivers\mbam.sys    File Size: 25928     BYTES    FileVersion: 1.60.2.0


Required Dependencies:
======================

BFE:
==============
Type             : 32
State             : 4 (The service is running.)
WIN32_EXIT_CODE        : 0
SERVICE_EXIT_CODE    : 0
CHECKPOINT        : 0
WAIT_HINT        : 0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
    DisplayName                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1001
    Group                         REG_SZ        NetworkProvider
    ImagePath                     REG_EXPAND_SZ    %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
    Description                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1002
    ObjectName                    REG_SZ        NT AUTHORITY\LocalService
    ErrorControl                  REG_DWORD        1
    Start                         REG_DWORD        2
    Type                          REG_DWORD        32
    DependOnService               REG_MULTI_SZ    RpcSs

    ServiceSidType                REG_DWORD        3
    RequiredPrivileges            REG_MULTI_SZ    SeAuditPrivilege

    FailureActions                REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
    ServiceDll                    REG_EXPAND_SZ    %SystemRoot%\System32\bfe.dll
    ServiceDllUnloadOnStop        REG_DWORD        1
    ServiceMain                   REG_SZ        BfeServiceMain

fltmgr:
==============
Type             : 2
State             : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE        : 0
SERVICE_EXIT_CODE    : 0
CHECKPOINT        : 0
WAIT_HINT        : 0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
    AttachWhenLoaded              REG_DWORD        1
    DisplayName                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
    Group                         REG_SZ        FSFilter Infrastructure
    ImagePath                     REG_EXPAND_SZ    system32\drivers\fltmgr.sys
    Description                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
    ErrorControl                  REG_DWORD        3
    Start                         REG_DWORD        0
    Tag                           REG_DWORD        1
    Type                          REG_DWORD        2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
    0                             REG_SZ        Root\LEGACY_FLTMGR\0000
    Count                         REG_DWORD        1
    NextInstance                  REG_DWORD        1
C:\Windows\system32\drivers\fltmgr.sys    File Size: 289664    BYTES    FileVersion: 6.1.7601.17514
C:\Windows\SysWOW64\mscomctl.ocx    File Size: 1070152   BYTES    FileVersion: 6.1.98.34
C:\Windows\SysWOW64\olepro32.dll    File Size: 90112     BYTES    FileVersion: 6.1.7601.17514


List of MBAM Related Directories:
=================================

C:\Program Files (x86)\Malwarebytes' Anti-Malware
7z.dll                            File Size:    914432 BYTES    FileVersion: 9.20.0.0
changes.txt                       File Size:       200 BYTES
license.rtf                       File Size:     17916 BYTES
mbam.chm                          File Size:    474148 BYTES
mbam.dll                          File Size:    527944 BYTES    FileVersion: 1.70.0.0
mbam.exe                          File Size:    887432 BYTES    FileVersion: 1.75.0.1
mbamcore.dll                      File Size:   1127496 BYTES    FileVersion: 1.70.0.0
mbamext.dll                       File Size:     93544 BYTES    FileVersion: 1.70.0.0
mbamgui.exe                       File Size:    532040 BYTES    FileVersion: 1.70.0.0
mbamnet.dll                       File Size:   2191944 BYTES    FileVersion: 1.70.0.0
mbampt.exe                        File Size:     40008 BYTES    FileVersion: 1.70.0.0
mbamscheduler.exe                 File Size:    418376 BYTES    FileVersion: 1.70.0.0
mbamservice.exe                   File Size:    701512 BYTES    FileVersion: 1.70.0.0
ssubtmr6.dll                      File Size:     46416 BYTES    FileVersion: 1.1.0.3
unins000.dat                      File Size:     29909 BYTES
unins000.exe                      File Size:    712264 BYTES    FileVersion: 51.52.0.0
unins000.msg                      File Size:     11277 BYTES
vbalsgrid6.ocx                    File Size:    496976 BYTES    FileVersion: 2.0.0.40

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon
chameleon.chm                     File Size:    186068 BYTES
firefox.com                       File Size:    218184 BYTES
firefox.exe                       File Size:    218184 BYTES
firefox.pif                       File Size:    218184 BYTES
firefox.scr                       File Size:    218184 BYTES
iexplore.exe                      File Size:    218184 BYTES
mbam-chameleon.com                File Size:    218184 BYTES
mbam-chameleon.exe                File Size:    218184 BYTES
mbam-chameleon.pif                File Size:    218184 BYTES
mbam-chameleon.scr                File Size:    218184 BYTES
mbam-killer.exe                   File Size:    896072 BYTES
rundll32.exe                      File Size:    218184 BYTES
svchost.exe                       File Size:    218184 BYTES
winlogon.exe                      File Size:    218184 BYTES

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages
arabic.lng                        File Size:     21894 BYTES
belarusian.lng                    File Size:     26884 BYTES
bosnian.lng                       File Size:     27108 BYTES
bulgarian.lng                     File Size:     27574 BYTES
catalan.lng                       File Size:     28252 BYTES
chineseSI.lng                     File Size:     11024 BYTES
chineseTR.lng                     File Size:     11952 BYTES
croatian.lng                      File Size:     26670 BYTES
czech.lng                         File Size:     24874 BYTES
danish.lng                        File Size:     26582 BYTES
dutch.lng                         File Size:     28342 BYTES
english.lng                       File Size:     24542 BYTES
estonian.lng                      File Size:     25146 BYTES
finnish.lng                       File Size:     25950 BYTES
french.lng                        File Size:     29830 BYTES
german.lng                        File Size:     29894 BYTES
greek.lng                         File Size:     29300 BYTES
hebrew.lng                        File Size:     19362 BYTES
hungarian.lng                     File Size:     28666 BYTES
indonesian.lng                    File Size:     26854 BYTES
italian.lng                       File Size:     28194 BYTES
japanese.lng                      File Size:     16266 BYTES
korean.lng                        File Size:     14188 BYTES
latvian.lng                       File Size:     27100 BYTES
lithuanian.lng                    File Size:     27838 BYTES
macedonian.lng                    File Size:     28864 BYTES
norwegian.lng                     File Size:     25116 BYTES
polish.lng                        File Size:     26644 BYTES
portugueseBR.lng                  File Size:     28654 BYTES
portuguesePT.lng                  File Size:     29062 BYTES
romanian.lng                      File Size:     28290 BYTES
russian.lng                       File Size:     27302 BYTES
serbian.lng                       File Size:     26804 BYTES
slovak.lng                        File Size:     25644 BYTES
slovenian.lng                     File Size:     24852 BYTES
spanish.lng                       File Size:     30060 BYTES
swedish.lng                       File Size:     25992 BYTES
thai.lng                          File Size:     26092 BYTES
turkish.lng                       File Size:     25876 BYTES
vietnamese.lng                    File Size:     29528 BYTES

C:\Users\Jennifer\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware

C:\Users\Jennifer\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
mbam-log-2013-03-24 (21-50-10).txt    File Size:      1982 BYTES
mbam-log-2013-04-02 (21-59-03).txt    File Size:      1980 BYTES
mbam-log-2013-08-19 (23-32-25).txt    File Size:      3644 BYTES
mbam-log-2013-08-20 (01-29-47).txt    File Size:      1922 BYTES
mbam-log-2013-08-20 (07-35-03).txt    File Size:      2034 BYTES
mbam-log-2013-08-23 (12-39-21).txt    File Size:      1884 BYTES
mbam-log-2013-08-27 (00-27-58).txt    File Size:      1980 BYTES
mbam-log-2013-08-27 (00-28-32).txt    File Size:      1982 BYTES
mbam-log-2013-08-27 (08-38-20).txt    File Size:      1906 BYTES
mbam-log-2013-08-27 (11-41-56).txt    File Size:      2196 BYTES
mbam-log-2013-08-27 (21-41-49).txt    File Size:      2238 BYTES
mbam-log-2013-08-28 (09-53-04).txt    File Size:      1916 BYTES

C:\Users\Jennifer\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine
0848349833.data                   File Size:       741 BYTES
0848349833.quar                   File Size:    276856 BYTES
0981950054.data                   File Size:       741 BYTES
0981950054.quar                   File Size:    301280 BYTES
1230210890.data                   File Size:       778 BYTES
1230210890.quar                   File Size:   2180024 BYTES
2311811583.data                   File Size:       741 BYTES
2311811583.quar                   File Size:    276856 BYTES
5429340197.data                   File Size:       741 BYTES
5429340197.quar                   File Size:    301472 BYTES
6605977890.data                   File Size:       741 BYTES
6605977890.quar                   File Size:    301472 BYTES
9434240753.data                   File Size:       808 BYTES
9434240753.quar                   File Size:   2049458 BYTES
9497557015.data                   File Size:       741 BYTES
9497557015.quar                   File Size:    301472 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware
mbam-setup.exe                    File Size:  10285040 BYTES    FileVersion: 1.75.0.1300
rules.ref                         File Size:   6730702 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration
build.conf                        File Size:       140 BYTES
config.conf                       File Size:      4076 BYTES
custom.conf                       File Size:        20 BYTES
database.conf                     File Size:       432 BYTES
html.conf                         File Size:      2904 BYTES
local.conf                        File Size:      1104 BYTES
manifest.conf                     File Size:      1752 BYTES
messaging.conf                    File Size:      1430 BYTES
news.conf                         File Size:       272 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs
protection-log-2013-03-24.txt     File Size:      6934 BYTES
protection-log-2013-03-25.txt     File Size:      2190 BYTES
protection-log-2013-03-26.txt     File Size:       668 BYTES
protection-log-2013-03-27.txt     File Size:      2866 BYTES
protection-log-2013-03-28.txt     File Size:      3038 BYTES
protection-log-2013-03-29.txt     File Size:     10686 BYTES
protection-log-2013-03-30.txt     File Size:      2846 BYTES
protection-log-2013-03-31.txt     File Size:      1506 BYTES
protection-log-2013-04-02.txt     File Size:      2194 BYTES
protection-log-2013-04-04.txt     File Size:      4162 BYTES
protection-log-2013-04-05.txt     File Size:     29414 BYTES
protection-log-2013-04-06.txt     File Size:      6366 BYTES
protection-log-2013-04-07.txt     File Size:      1508 BYTES
protection-log-2013-04-28.txt     File Size:       150 BYTES
protection-log-2013-07-05.txt     File Size:       340 BYTES
protection-log-2013-08-19.txt     File Size:       340 BYTES
protection-log-2013-08-23.txt     File Size:       340 BYTES
protection-log-2013-08-27.txt     File Size:       340 BYTES
protection-log-2013-08-28.txt     File Size:       340 BYTES
protection-log-2013-08-31.txt     File Size:       150 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

===============================================================
END OF FILE

 

 

Thanks very much,

Jennifer



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:29 AM

Posted 31 August 2013 - 09:29 PM

Hello Jennifer


What I was checking on looks good.

When you uninstalled SEP did you run the removal tool?


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users