Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake software not up to date pop


  • Please log in to reply
17 replies to this topic

#1 bex1990

bex1990

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 21 June 2014 - 05:47 AM

Hi, 

 

For about 2-3 months I've had this pop up that comes up several times a day in the bottom right corner of my laptop screen. It tells about various program needing updating. It's fake, I know this as I have a proper different pop up for the programs that it says need updating. I clicked on it one just to see what it would do and as I expected it tried to put a virus on my pc, however Avast blocked it. I have tried super-anti spyware and malwarebites Anti malware as well as Avast to remove it. None were successful.

 

Can anyone help me? I have attached at screen shot of what it looks like.

 

Thanks,

Rebecca

Attached Files


Edited by hamluis, 21 June 2014 - 11:53 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 caperjac

caperjac

  • Members
  • 1,649 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NS. CAN
  • Local time:10:13 PM

Posted 21 June 2014 - 07:55 AM

first ting I would do is look in [add remove] programs and look for a google updater and remove them\ it

 

you could also try windows autoruns to check in login /run  for it .

http://technet.microsoft.com/en-ca/sysinternals/bb963902.aspx


Edited by caperjac, 21 June 2014 - 08:00 AM.

My answers are my opinion only,usually


#3 bex1990

bex1990
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 21 June 2014 - 08:29 AM

Ok , i'll have a look thanks. If anyone else has other idea's too please let me know



#4 bex1990

bex1990
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 21 June 2014 - 09:45 AM

I have no google updater programs installed so not that...



#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:13 PM

Posted 21 June 2014 - 10:26 AM

Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.


Please run the ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

 
Please download AdwCleaner and run it.
 
An image like the one below will open, click on Scan.
 
adwcleaner11_zps48314883.png
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  
 
You will receive a message telling you that all programs will be close so that the infections can be removed.  Click on Ok.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 bex1990

bex1990
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 21 June 2014 - 11:23 AM

mbam-check result log version:     2.1.0.0002
========================================
 
User Account type:                 Administrator
OS:                                Windows 7 Service Pack 1 Service Pack 1 32 bit Operating System
Current Build Number:              7601
Current Version Number:            6.1
Current CSDVersion:                Service Pack 1
Malwarebytes Anti-Malware:         2.0.2.1012
Installed On:                      2014/06/19
Malware Database:                  2014.06.20.08
Rootkit Database:                  2014.06.19.01
Remediation Database:              2013.10.16.01
IP Database:                       0000.00.00.00
Domain Database:                   0000.00.00.00
License:                           Free
Malware Protection:                0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
Malicious Website Protection:      0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMWebAccessControl
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2014/06/21 17:21:54
Compatibility Flag Settings:
=================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exeREG_SZ ELEVATECREATEPROCESS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
C:\Program Files\House of Tales\The Moment of Silence\moslaunch.exeREG_SZ # WIN2000 RUNASADMIN
 
 
Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:
 
MBAM Startup Entries: 
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
DBRMTray                      REG_SZ C:\Dell\DBRM\Reminder\TrayApp.exe
 
Malwarebytes Anti-Malware Service and Driver Status:
=======================================================
 
--------------Driver File Info:--------------
C:\Windows\system32\drivers\mbam.sys
File Size: 23256     BYTES FileVersion: 0.1.13.0 MD5: [8683c1b450f4b3872839308d836e0f92]
C:\Windows\system32\drivers\mwac.sys
File Size: 51928     BYTES FileVersion: 1.0.1.0 MD5: [bd27d97297934fd4217a37fd28a7abc7]
C:\Windows\system32\drivers\mbamswissarmy.sys
File Size: 110296    BYTES FileVersion: 0.1.7.0 MD5: [12e71da845d76665b56753ad149e32b3]
C:\Windows\system32\drivers\mbamchameleon.sys
File Size: 74456     BYTES FileVersion: 1.0.4.0 MD5: [1aa835e8a0b8edf3d676b4ed4bf5ef07]
 
--------------MBAMProtector:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMService:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMScheduler:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMWebAccessControl:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControl
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
Required Dependencies:
======================
 
--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
DisplayName                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1001
Group                         REG_SZ NetworkProvider
ImagePath                     REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Description                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1002
ObjectName                    REG_SZ NT AUTHORITY\LocalService
ErrorControl                  REG_DWORD 1
Start                         REG_DWORD 2
Type                          REG_DWORD 32
DependOnService               REG_MULTI_SZ RpcSs
 
ServiceSidType                REG_DWORD 3
RequiredPrivileges            REG_MULTI_SZ SeAuditPrivilege
 
FailureActions                REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
ServiceDll                    REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
ServiceDllUnloadOnStop        REG_DWORD 1
ServiceMain                   REG_SZ BfeServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data
 
{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data
 
{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data
 
{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data
 
{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data
 
{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data
 
{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data
 
{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data
 
{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data
 
{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data
 
{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data
 
{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data
 
{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data
 
{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout
{7ddc363a-0b40-43cf-b48e-7e038fe0c656}REG_BINARY Binary Data
 
{7850862f-bfc5-4723-ac79-2d8b12f9780d}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data
 
{f444c576-6e60-4ea2-9faa-80d57ed12cd2}REG_BINARY Binary Data
 
{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data
 
{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data
 
{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data
 
{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data
 
{4d9581d2-aef8-4993-84cd-b986ced80d42}REG_BINARY Binary Data
 
{be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}REG_BINARY Binary Data
 
{716b48eb-0a35-4a76-92ab-1d987230d288}REG_BINARY Binary Data
 
{1165065e-4996-4338-abaf-4b8556b4d431}REG_BINARY Binary Data
 
{07a24961-a760-4e80-b263-6d275e1b09cb}REG_BINARY Binary Data
 
{5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}REG_BINARY Binary Data
 
{b6b2ca61-fb98-4422-adc2-e7cf56b3680c}REG_BINARY Binary Data
 
{0aa7fff8-919f-453c-928c-28a12122ba38}REG_BINARY Binary Data
 
{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data
 
{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data
 
{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data
 
{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data
 
{91ffecf0-0a9e-4572-95f1-a7111af86967}REG_BINARY Binary Data
 
{64e55933-15a5-495d-a928-ccca43d44875}REG_BINARY Binary Data
 
{13bfd422-6f75-4408-8924-9400ec0cb19c}REG_BINARY Binary Data
 
{cbfb56db-3c85-4543-9bc2-76ea28cdd74e}REG_BINARY Binary Data
 
{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data
 
{375fb39b-08c6-40f2-bdf2-08fa63f970a2}REG_BINARY Binary Data
 
{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data
 
{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data
 
{b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY Binary Data
 
{3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY Binary Data
 
{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data
 
{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data
 
{b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY Binary Data
 
{d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY Binary Data
 
{8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY Binary Data
 
{4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY Binary Data
 
{3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY Binary Data
 
{17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY Binary Data
 
{567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY Binary Data
 
{4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY Binary Data
 
{3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data
 
{4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data
 
{1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data
 
{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data
 
{8dfb7ab4-65f2-4889-a54b-e4a929173158}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
{b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data
 
{9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data
 
{255d26ec-e6af-43a7-a2f9-9aa462d637e7}REG_BINARY Binary Data
 
{6568a2f1-7fb0-4fe0-8fa3-c017b26d3315}REG_BINARY Binary Data
 
--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
AttachWhenLoaded              REG_DWORD 1
DisplayName                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
Group                         REG_SZ FSFilter Infrastructure
ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys
Description                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
ErrorControl                  REG_DWORD 3
Start                         REG_DWORD 0
Tag                           REG_DWORD 1
Type                          REG_DWORD 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
0                             REG_SZ Root\LEGACY_FLTMGR\0000
Count                         REG_DWORD 1
NextInstance                  REG_DWORD 1
 
 
C:\Windows\system32\drivers\fltmgr.sys
File Size: 198208    BYTES FileVersion: 6.1.7600.16385 MD5: [7520ec808e0c35e0ee6f841294316653]
C:\Windows\system32\comctl32.ocx
File Size: 608448    BYTES FileVersion: 6.0.81.5 MD5: [eb5f811c1f78005b3c147599a0cccf51]
C:\Windows\system32\mscomctl.ocx
File Size: 1066176   BYTES FileVersion: 6.0.88.62 MD5: [714cf24fc19a20ae0dc701b48ded2cf6]
C:\Windows\system32\olepro32.dll
File Size: 90112     BYTES FileVersion: 6.1.7601.17514 MD5: [703ffd301ab900b047337c5d40fd6f96]
 
 
MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced: 
    AutomaticQuarantine:                                       true 
    AutostartProtection:                                       true 
    LimitedMode:                                               false 
    SelfProtection:                                            false 
    StartSilentMode:                                           false 
    StartupDelay:                                              0 
ApplicationState: 
    First-Run-After-Installation:                              false 
General: 
    DaysUntilNotifyExpiration:                                 5 
    Language:                                                  en 
    RightClickAccess:                                          false 
    SilentErrors:                                              false 
Logging: 
    ExportLog:                                                 true 
Notification: 
ProtectionTray: 
    DisplayMilliseconds:                                       12000 
ScanHistory: 
    Duration_Complete:                                         69000 
    Duration_Driver:                                           33000 
    Duration_Filesystem:                                       1000 
    Duration_Heuristics:                                       261000 
    Duration_Loading:                                          0 
    Duration_MasterBootRecord:                                 0 
    Duration_Memory:                                           40000 
    Duration_PreScan:                                          10000 
    Duration_Registry:                                         16000 
    Duration_Sector:                                           0 
    Duration_SectorMemory:                                     1000 
    Duration_Startup:                                          70000 
    ItemCount_Complete:                                        186383 
    ItemCount_Driver:                                          342 
    ItemCount_Filesystem:                                      35890 
    ItemCount_Heuristics:                                      7104 
    ItemCount_Loading:                                         0 
    ItemCount_MasterBootRecord:                                2 
    ItemCount_Memory:                                          2797 
    ItemCount_PreScan:                                         0 
    ItemCount_Registry:                                        610 
    ItemCount_Sector:                                          0 
    ItemCount_SectorMemory:                                    201 
    ItemCount_Startup:                                         5607 
    LastScanDateEpoch:                                         1399624077467 
    LastScanType:                                              1 (Threat Scan)
Update: 
    LastUpdate:                                                2014-06-20T17:20:49 
    NotifyInstallReady:                                        true 
    NotifyOutdatedDatabase:                                    1 
    ProxyPassword:                                              
    ProxyPort:                                                 0 
    ProxyServer:                                                
    ProxyUsername:                                              
    UseProxy:                                                  false 
    UseProxyAuthentication:                                    false 
--------------Account:--------------
  Account Status:                                              Free 
  Expiration Time:                                              
  Activation Time:                                              
  Trial Used:                                                  true 
--------------Access Policies:--------------
 
Scheduler Queue:
================
 
tasks: 
    8bd5bad3-ec07-4bcd-8115-856e60c5a9bc:                       
      parameters:                                               
        CheckForUpdatesBeforeScanStart:                        true 
        ProcessLaunchedFromScheduler:                          true 
        ScanConfig:                                             
          ExitWhenNoMalwareDetected:                           false 
          ExportLog:                                           true 
          FileSystemOption:                                    true 
          RebootSystemWhenMalwareDetected:                     false 
          RemoveMalwareAutomaticallyWhenScanEnds:              false 
          ScanArchives:                                        true 
          ScanExtra:                                           true 
          ScanHeuristic:                                       true 
          ScanMemoryObjects:                                   true 
          ScanPUM:                                             2 
          ScanPUP:                                             2 
          ScanRegistry:                                        true 
          ScanRootkits:                                        false 
          ScanStartup:                                         true 
          ScanTargets:                                          
          ScanType:                                            1 (Threat Scan)
          Silent:                                              true 
          TerminateExplorerWhenMalwareIsRemoved:               false 
        StartTaskFromSystemAccount:                            false 
        TaskType:                                              0 
      triggers:                                                 
        73166c15-4e55-41c7-adff-0df693f80465:                   
          dateinterval:                                        1:0:0 
          lastscheduled:                                       Sat, 21 Jun 2014 09:30:23.655156 +0100 
          lasttriggered:                                       Fri, 09 May 2014 09:22:58.655156 +0100 
          nextscheduled:                                       Sun, 22 Jun 2014 09:30:23.655156 +0100 
          recovery:                                            23:00:00 
          start:                                               Sat, 26 Apr 2014 03:59:32 +0100 
          timeinterval:                                        00:00:00 
          type:                                                4 
          uuid:                                                73166c15-4e55-41c7-adff-0df693f80465 
      type:                                                    scan 
      uuid:                                                    8bd5bad3-ec07-4bcd-8115-856e60c5a9bc 
    92825eff-8304-4830-b9c9-3c4a939810c6:                       
      parameters:                                               
        NotifyWhenUpdateCompletes:                             true 
        ProcessLaunchedFromScheduler:                          true 
        TaskType:                                              3 
      triggers:                                                 
        a6872528-00b9-4024-a624-3a19f8c9cf56:                   
          dateinterval:                                        0:0:0 
          lastscheduled:                                       Sat, 21 Jun 2014 16:48:23.689010 +0100 
          lasttriggered:                                       Sat, 10 May 2014 02:00:02.689010 +0100 
          nextscheduled:                                       Sat, 21 Jun 2014 17:48:23.689010 +0100 
          recovery:                                            00:00:00 
          start:                                               Fri, 25 Apr 2014 11:15:34.456154 +0100 
          timeinterval:                                        01:00:00 
          type:                                                3 
          uuid:                                                a6872528-00b9-4024-a624-3a19f8c9cf56 
      type:                                                    update 
      uuid:                                                    92825eff-8304-4830-b9c9-3c4a939810c6 
 
Pending File Rename Operations: 
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
Pending File Rename Operations: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
PendingFileRenameOperations REG_MULTI_SZ \??\c:\Config.Msi\4e15790.rbf
 
 
 
MBAMProtector Registry Values:
==============================
 
 
 
MBAMService Registry Values:
============================
 
 
 
MBAMScheduler Registry Values:
==============================
 
 
 
Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================
 
--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
TermService Start is set to: 3 (Manual Startup)
 
Proxy Status: No proxy is Set
 
Proxy Override: 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
ProxyOverride REG_SZ *.local
 
LAN Settings:
=============
 
only 'Automatically detect settings' is selected
 
SystemPartition:
================
 
HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SystemPartition REG_SZ \Device\HarddiskVolume2
 
Balloon Tips Status:
====================
 
Enabled
 
Time Format Settings:
=====================
 
Should be:
h:mm:ss tt
AM 
PM 
:
 
Currently:
REG_SZ HH:mm:ss
REG_SZ AM
REG_SZ PM
REG_SZ :
 
Language and Regional Settings:
===============================
 
ACP: Language is English (United States)
MACCP: Language is English (United States)
OEMCP: 850 Please refer to this link for details: Here 
 
Startup Folders for Error_Expanding_Variables Check:
====================================================
 
All Users Startup Folder Exists.
Current User's Startup Folder Exists.
 
 
Context Menu Entries:
=====================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
List of MBAM Related Directories:
=================================
 
C:\Program Files\Malwarebytes Anti-Malware\
7z.dll                                   File Size: 920888    BYTES FileVersion:  9.20.0.0       MD5: [9f522b2708cab181c0f137abbcd1de2e]
atl100.dll                               File Size: 138552    BYTES FileVersion:  10.0.40219.325 MD5: [df077284408f1ebe031c0579735140f0]
changes.txt                             File Size: 2261      BYTES FileVersion:  N/A            MD5: [af70267bdf9a37a96f1a79a5c3720ae6]
license.rtf                             File Size: 39478     BYTES FileVersion:  N/A            MD5: [8627b31943a534aad30d154c2b2c1aaf]
master.conf                             File Size: 1258      BYTES FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                 File Size: 579896    BYTES FileVersion:  1.0.7.0        MD5: [d32c2a98859cb22d57a665f15f351e7d]
mbam.exe                                 File Size: 6970168   BYTES FileVersion:  1.0.0.532      MD5: [4fbc630768570e6ac35c3de8f6ec79f5]
mbamcore.dll                             File Size: 1680696   BYTES FileVersion:  1.0.11.0       MD5: [f722fa26739eafcbd8d5f3829b632cd7]
mbamdor.exe                             File Size: 54072     BYTES FileVersion:  1.0.1.0        MD5: [4da2f2da54a92850f56c0db712058188]
mbamext.dll                             File Size: 157496    BYTES FileVersion:  3.0.4.0        MD5: [1be09650974c36d9b2a890eea0c338c3]
mbampt.exe                               File Size: 39736     BYTES FileVersion:  1.0.0.0        MD5: [9acd7583584c93ee542c273df8e91dc1]
mbamscheduler.exe                       File Size: 1809720   BYTES FileVersion:  3.0.2.0        MD5: [d84aea3f3329d622dfc1297dddf6163b]
mbamservice.exe                         File Size: 860472    BYTES FileVersion:  3.0.2.0        MD5: [4f45ed469906494f9bf754e476390dbd]
mbamsrv.dll                             File Size: 4437816   BYTES FileVersion:  1.1.0.0        MD5: [9b48e38c35f08fa831b387a0b27c40aa]
msvcp100.dll                             File Size: 421688    BYTES FileVersion:  10.0.40219.325 MD5: [e4b829081e639e42985853bae754a53d]
msvcr100.dll                             File Size: 774456    BYTES FileVersion:  10.0.40219.325 MD5: [80fcedbe920e9cbe30d9d3665bd6efed]
QtCore4.dll                             File Size: 2732856   BYTES FileVersion:  4.8.4.0        MD5: [30490eed6a1e20e8259c0b9c58f488fe]
QtGui4.dll                               File Size: 8575288   BYTES FileVersion:  4.8.4.0        MD5: [15e21aa7d0c0c994cd565eeb96d13c20]
QtNetwork4.dll                           File Size: 909112    BYTES FileVersion:  4.8.4.0        MD5: [d7588d42e29080c32a003bee465160d8]
unins000.dat                             File Size: 42736     BYTES FileVersion:  N/A            MD5: [5893f4a741fd014c144e6184103c1a70]
unins000.exe                             File Size: 718037    BYTES FileVersion:  51.52.0.0      MD5: [d2796ecf50731e696f0c065d24c0827a]
 
C:\Program Files\Malwarebytes Anti-Malware\\Chameleon
 
C:\Program Files\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                           File Size: 235882    BYTES FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
firefox.exe                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
firefox.pif                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
firefox.scr                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
iexplore.exe                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.com                       File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.exe                       File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.pif                       File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.scr                       File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-killer.exe                         File Size: 1181496   BYTES FileVersion:  N/A            MD5: [c6927fd8f7e9105b64db5d5a08b53731]
rundll32.exe                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
svchost.exe                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
windows.exe                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
winlogon.exe                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
 
C:\Program Files\Malwarebytes Anti-Malware\\imageformats
qgif4.dll                               File Size: 32568     BYTES FileVersion:  4.8.4.0        MD5: [e59f533c26c8375cd120b4791482217e]
 
C:\Program Files\Malwarebytes Anti-Malware\\Languages
lang_bg.qm                               File Size: 144048    BYTES FileVersion:  N/A            MD5: [9ccb79999432d56b9843a3e2b2c90325]
lang_bs.qm                               File Size: 145523    BYTES FileVersion:  N/A            MD5: [6ab7a6274d4f9f7553c944f5c66201ba]
lang_ca.qm                               File Size: 132254    BYTES FileVersion:  N/A            MD5: [68a83ec63b6e7bc5dbdd412bcc49c6ce]
lang_cs.qm                               File Size: 141243    BYTES FileVersion:  N/A            MD5: [6b8acee7f461fa69b83d2c45c3725427]
lang_da.qm                               File Size: 130101    BYTES FileVersion:  N/A            MD5: [8539796784746218b229419e99ab308d]
lang_de.qm                               File Size: 149462    BYTES FileVersion:  N/A            MD5: [fcd3bc376ad219396e8c7d3c87cd8864]
lang_el.qm                               File Size: 149912    BYTES FileVersion:  N/A            MD5: [74f13f95f63fe96c08e571598df052d6]
lang_en.qm                               File Size: 115961    BYTES FileVersion:  N/A            MD5: [8c9da1c0ce06b89f8d323bf948bfba4e]
lang_es.qm                               File Size: 130487    BYTES FileVersion:  N/A            MD5: [33e1c6d40b841cc2e783ec8d8102e66f]
lang_et.qm                               File Size: 138126    BYTES FileVersion:  N/A            MD5: [aa215b5f37a72a69854c9163ac543b51]
lang_fi.qm                               File Size: 144256    BYTES FileVersion:  N/A            MD5: [18912c339939c3a6629004ec900f4fe4]
lang_fr.qm                               File Size: 149253    BYTES FileVersion:  N/A            MD5: [ec2bf2f431c4273f151b8c8a7b84c387]
lang_he.qm                               File Size: 116101    BYTES FileVersion:  N/A            MD5: [9e692744e77051c6ce14df32f9b71920]
lang_hr.qm                               File Size: 139841    BYTES FileVersion:  N/A            MD5: [3e3737fe86eb595c5f6817eebf731aa7]
lang_hu.qm                               File Size: 145621    BYTES FileVersion:  N/A            MD5: [52d3d7fcf8c8db071ef0573a1357c2fd]
lang_id.qm                               File Size: 143102    BYTES FileVersion:  N/A            MD5: [80473d2c73d2f54f2b23c9316f2d0ceb]
lang_it.qm                               File Size: 146851    BYTES FileVersion:  N/A            MD5: [7e7aea7d0b433d7e912ed9f0887684a7]
lang_ja.qm                               File Size: 121282    BYTES FileVersion:  N/A            MD5: [19ac79b7a5e05d665e417c2dd75afc94]
lang_ko.qm                               File Size: 118033    BYTES FileVersion:  N/A            MD5: [de213178c14490bf452ea45278d3442d]
lang_nl.qm                               File Size: 146325    BYTES FileVersion:  N/A            MD5: [5aec6f6bdc5e6c28744e6ef374709eeb]
lang_no.qm                               File Size: 142918    BYTES FileVersion:  N/A            MD5: [4388c08217618af2e24173af6f5d3f97]
lang_pl.qm                               File Size: 145434    BYTES FileVersion:  N/A            MD5: [699700c889447d1f9b607c04f07fff67]
lang_pt_BR.qm                           File Size: 131739    BYTES FileVersion:  N/A            MD5: [a3430222223d59da8ec6ea1edae5ee2f]
lang_pt_PT.qm                           File Size: 149128    BYTES FileVersion:  N/A            MD5: [afdf1907af4c95f9af510d5fc1bb9067]
lang_ro.qm                               File Size: 121166    BYTES FileVersion:  N/A            MD5: [1672a2b3a9807a1497fe43824c0026c0]
lang_ru.qm                               File Size: 122186    BYTES FileVersion:  N/A            MD5: [d4dd1eea2b0f52aba2fca4d159c387f7]
lang_sk.qm                               File Size: 119827    BYTES FileVersion:  N/A            MD5: [8b200d162e8028843e41aa1a927cfd84]
lang_sl.qm                               File Size: 143191    BYTES FileVersion:  N/A            MD5: [1760a6aa6990b2f0c4c71ec04b25ac9c]
lang_sr.qm                               File Size: 143261    BYTES FileVersion:  N/A            MD5: [377d15c0da0249f4a7a58978b6307d81]
lang_sv.qm                               File Size: 142525    BYTES FileVersion:  N/A            MD5: [2587ead21967296fefdd0ee0684fe8b4]
lang_tr.qm                               File Size: 142194    BYTES FileVersion:  N/A            MD5: [880fcbe97ec6f13ec094f7371b5b295f]
lang_vi.qm                               File Size: 126874    BYTES FileVersion:  N/A            MD5: [c61281786b5bfec68afc742a19f6abd9]
lang_zh_tr.qm                           File Size: 110870    BYTES FileVersion:  N/A            MD5: [f223d83580b1ee35edea13293cb2c80d]
 
C:\Program Files\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                           File Size: 821560    BYTES FileVersion:  1.1.0.1010     MD5: [3a4dcd021d9f3a5305a22e5e309da305]
 
C:\Users\Bex\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                             File Size: 314       BYTES FileVersion:  N/A            MD5: [b26a36c0696e299fdfebe180c09c2737]
cleanup.dll                             File Size: 1675064   BYTES FileVersion:  0.6.7.0        MD5: [5c7e53d7eabd1618afc1bd156a6fd064]
domains.ref                             File Size: 38        BYTES FileVersion:  N/A            MD5: [8c30b536b67543eb68e68b9640d4d498]
exclusions.dat                           File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref                                 File Size: 33        BYTES FileVersion:  N/A            MD5: [8a1c580788ea8de3f32862c2c1cf373c]
rules.ref                               File Size: 8557881   BYTES FileVersion:  N/A            MD5: [bd2229468f1524379806b0a64faf2f74]
swissarmy.ref                           File Size: 21463     BYTES FileVersion:  N/A            MD5: [c5ed764ef0a6ad34b0be70ddc0b20211]
wajam_validate.exe-k.mbam               File Size: 11264     BYTES FileVersion:  N/A            MD5: [46f5c497f96e733176b010ff0ee56de3]
wajam_validate.exe-r.mbam               File Size: 11264     BYTES FileVersion:  N/A            MD5: [46f5c497f96e733176b010ff0ee56de3]
wajam_validate.exe-u.mbam               File Size: 11264     BYTES FileVersion:  N/A            MD5: [46f5c497f96e733176b010ff0ee56de3]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                               File Size: 4485      BYTES FileVersion:  N/A            MD5: [118c2e1ffc78eb8fe8ceb8649ed9f3de]
database.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 259       BYTES FileVersion:  N/A            MD5: [8561b4e1b5eb0c5b0a80c13103d701ee]
manifest.conf                           File Size: 2126      BYTES FileVersion:  N/A            MD5: [792bf524bfdfd19045f15e8fdb2e0437]
marketing.conf                           File Size: 1434      BYTES FileVersion:  N/A            MD5: [19533c40d9c9778b2ab423dbcf063d80]
net.conf                                 File Size: 6098      BYTES FileVersion:  N/A            MD5: [b6929c2960df91759e195e18e416f84f]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 2282      BYTES FileVersion:  N/A            MD5: [e568e9dd27030e24ad63d5f81a4e5266]
settings.conf                           File Size: 2084      BYTES FileVersion:  N/A            MD5: [b11e022d0db3b88930a2b9d7947b8720]
statistics.conf                         File Size: 597       BYTES FileVersion:  N/A            MD5: [aa07619333eae2d8278328730bb02fdb]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
mbam-log-2014-04-25 (10-34-01).xml       File Size: 19182     BYTES FileVersion:  N/A            MD5: [f72167e8f7e58020be86638967b6370d]
mbam-log-2014-04-25 (10-49-31).xml       File Size: 2468      BYTES FileVersion:  N/A            MD5: [4d05e193327a4dc37d1b1f568a43179a]
mbam-log-2014-04-26 (10-51-30).xml       File Size: 2468      BYTES FileVersion:  N/A            MD5: [2f39bc61a52fdd2f1fde2ac86c81773a]
mbam-log-2014-04-26 (15-01-23).xml       File Size: 2468      BYTES FileVersion:  N/A            MD5: [3808996eb2e6cb37cb66b60751b38ad0]
mbam-log-2014-04-27 (12-06-17).xml       File Size: 2468      BYTES FileVersion:  N/A            MD5: [4a133cca6093761dfdcd91ff4dd4bfcf]
mbam-log-2014-04-28 (12-16-13).xml       File Size: 2468      BYTES FileVersion:  N/A            MD5: [ed1582e4dc0d48b3b24e54bfd826cf85]
mbam-log-2014-04-29 (12-14-35).xml       File Size: 2468      BYTES FileVersion:  N/A            MD5: [030a5bbd4a202f7bd8079f0ceec9ee36]
mbam-log-2014-04-30 (12-05-33).xml       File Size: 2468      BYTES FileVersion:  N/A            MD5: [d23abd48e2bb43aae45d746058e92fb2]
mbam-log-2014-05-01 (11-51-57).xml       File Size: 2468      BYTES FileVersion:  N/A            MD5: [be52e00d069366a2168035190626365f]
mbam-log-2014-05-02 (13-29-38).xml       File Size: 2474      BYTES FileVersion:  N/A            MD5: [a7231caf47076d1cacbaf520436dfdb9]
mbam-log-2014-05-07 (09-18-43).xml       File Size: 2468      BYTES FileVersion:  N/A            MD5: [ba9b0797775cf91faa6f26339056e13a]
mbam-log-2014-05-08 (09-10-48).xml       File Size: 2468      BYTES FileVersion:  N/A            MD5: [cf5702900a7b64c71853d6d92559d376]
mbam-log-2014-05-09 (08-57-18).xml       File Size: 2468      BYTES FileVersion:  N/A            MD5: [f69ed6eb656e711bcee97b63beb08b0d]
mbam-log-2014-05-09 (09-22-58).xml       File Size: 2466      BYTES FileVersion:  N/A            MD5: [406c71fee59cee0b6dd090cf5e53c9f3]
mbam-log-2014-05-09 (09-27-52).xml       File Size: 2468      BYTES FileVersion:  N/A            MD5: [b535d00aa12fb7b3c908e7ce258c0208]
protection-log-2014-04-25.xml           File Size: 4690      BYTES FileVersion:  N/A            MD5: [dd2b25d4a248edd70c56b693c34ffb59]
protection-log-2014-04-26.xml           File Size: 9312      BYTES FileVersion:  N/A            MD5: [4571f7d3413aebc87071cbcfc5e8ab26]
protection-log-2014-04-27.xml           File Size: 10183     BYTES FileVersion:  N/A            MD5: [86e97b02db7c275cdc9721c2fa866edd]
protection-log-2014-04-28.xml           File Size: 12208     BYTES FileVersion:  N/A            MD5: [1add9aa8da9aafad0e7ecc8bba563089]
protection-log-2014-04-29.xml           File Size: 8158      BYTES FileVersion:  N/A            MD5: [273b22945a03777d995e783412aad5aa]
protection-log-2014-04-30.xml           File Size: 16261     BYTES FileVersion:  N/A            MD5: [722ece7524ba7f5936e306109063569e]
protection-log-2014-05-01.xml           File Size: 20683     BYTES FileVersion:  N/A            MD5: [0389a2e94265b96c8a8af0fc087bd7a4]
protection-log-2014-05-02.xml           File Size: 8153      BYTES FileVersion:  N/A            MD5: [a4c5cd3e13dd23c5775053008d8d5977]
protection-log-2014-05-04.xml           File Size: 10173     BYTES FileVersion:  N/A            MD5: [912f7b8899e826f17c73f6a3f7c98462]
protection-log-2014-05-05.xml           File Size: 3235      BYTES FileVersion:  N/A            MD5: [2de7d7a0cf5c51c770dff01ed5ebf86d]
protection-log-2014-05-06.xml           File Size: 2082      BYTES FileVersion:  N/A            MD5: [2677a4ac827c128fa6450f751ded561e]
protection-log-2014-05-07.xml           File Size: 11830     BYTES FileVersion:  N/A            MD5: [37639d5d3ee2a6202f6fb8a113503101]
protection-log-2014-05-08.xml           File Size: 21409     BYTES FileVersion:  N/A            MD5: [7dff152c4586a27ea4175341789aac37]
protection-log-2014-05-09.xml           File Size: 3812      BYTES FileVersion:  N/A            MD5: [579126bc6d4b05220bf3c3224623a62c]
protection-log-2014-05-10.xml           File Size: 363       BYTES FileVersion:  N/A            MD5: [1b0b3469711590812b6a63d5aeba95de]
protection-log-2014-05-12.xml           File Size: 361       BYTES FileVersion:  N/A            MD5: [dc536df0337986f0a2e8a0fe1494e48e]
protection-log-2014-06-19.xml           File Size: 662       BYTES FileVersion:  N/A            MD5: [80045593bbd42a3d8c539447c49e25a2]
protection-log-2014-06-20.xml           File Size: 663       BYTES FileVersion:  N/A            MD5: [77c77e87e4207340a210e6e76d41ea90]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
0034666555.data                         File Size: 841       BYTES FileVersion:  N/A            MD5: [f2d39bcd67939112bf0407b69521bedd]
0125327546.data                         File Size: 739       BYTES FileVersion:  N/A            MD5: [75df91c7cc5fc3ae0971c7e221e49fa3]
0125327546.quar                         File Size: 711776    BYTES FileVersion:  N/A            MD5: [d41f996ff6c8c146fa0c746d8fa8bbbd]
0663294063.data                         File Size: 727       BYTES FileVersion:  N/A            MD5: [72e1f0f327a47a7e408d0984f76cefde]
0663294063.quar                         File Size: 5         BYTES FileVersion:  N/A            MD5: [cc86998a41047e8973f909290461f6e6]
0900506345.data                         File Size: 1266      BYTES FileVersion:  N/A            MD5: [2dac79b0ff80abf32c623d87c48c5d1f]
1237857616.data                         File Size: 735       BYTES FileVersion:  N/A            MD5: [b8ef5c9f45db13de33b856c32a1236c7]
1237857616.quar                         File Size: 1484      BYTES FileVersion:  N/A            MD5: [76ddf0daec64bfecb3d2a5ccfc670cb5]
1252547403.data                         File Size: 825       BYTES FileVersion:  N/A            MD5: [294f7d57f94b414193e4b4b240acf26a]
1252547403.quar                         File Size: 530       BYTES FileVersion:  N/A            MD5: [a4f01570586dcff1907c1f4eb4f112a2]
1276256078.data                         File Size: 719       BYTES FileVersion:  N/A            MD5: [4123b0b26589eb41e5be380f90d824c2]
1291544888.data                         File Size: 733       BYTES FileVersion:  N/A            MD5: [836dd4941a38749436b9524ebf960b37]
1291544888.quar                         File Size: 1780      BYTES FileVersion:  N/A            MD5: [62b8da1492cae62a04739ec6bef6d076]
1678206271.data                         File Size: 730       BYTES FileVersion:  N/A            MD5: [1b09e64725e122df64c0d14757cef36b]
1678206271.quar                         File Size: 73        BYTES FileVersion:  N/A            MD5: [b74f4b192531984ab5cc5068f99b90e8]
1762224151.data                         File Size: 705       BYTES FileVersion:  N/A            MD5: [25a06d9e1e623a3891f85d29b819fd0e]
1762224151.quar                         File Size: 370       BYTES FileVersion:  N/A            MD5: [f5ed9bba20384a0ffe4890bad76dc8b6]
2035757519.data                         File Size: 1171      BYTES FileVersion:  N/A            MD5: [80237c901aa948eeceae9531adfb66c8]
2325114551.data                         File Size: 713       BYTES FileVersion:  N/A            MD5: [5b4928faddd623d8504b9dfef2f62cbe]
2325114551.quar                         File Size: 490       BYTES FileVersion:  N/A            MD5: [2626ffb3736de474312d6c28adcea402]
2482994897.data                         File Size: 792       BYTES FileVersion:  N/A            MD5: [48b5070ea6b69e33cfd15ca940b32af1]
2482994897.quar                         File Size: 448       BYTES FileVersion:  N/A            MD5: [055db6ac0303422eb90c5102734ccbac]
3465053740.data                         File Size: 726       BYTES FileVersion:  N/A            MD5: [8c873442542c431aa1b6662550badab9]
3465053740.quar                         File Size: 423709    BYTES FileVersion:  N/A            MD5: [fecfae013dcf811e58fdeb65a01fdecb]
4012588603.data                         File Size: 774       BYTES FileVersion:  N/A            MD5: [411b8c340b6f38000f6520bdf17d62f2]
4012588603.quar                         File Size: 550       BYTES FileVersion:  N/A            MD5: [e3b4a5b744251a9ff2d10e4cd960d6e8]
4054860535.data                         File Size: 738       BYTES FileVersion:  N/A            MD5: [c80798d761f93f114ee889e6584989f9]
4054860535.quar                         File Size: 452       BYTES FileVersion:  N/A            MD5: [0d18bcedbfd628e09637a796a43e80f1]
4197439624.data                         File Size: 787       BYTES FileVersion:  N/A            MD5: [1e6aba246e410d34836bfc1e2734a0cc]
4197439624.quar                         File Size: 374       BYTES FileVersion:  N/A            MD5: [53ae010a7233d70fdee0734ece7899a8]
4845200749.data                         File Size: 733       BYTES FileVersion:  N/A            MD5: [9516b5b41b29c368ecc2e553798438d4]
4845200749.quar                         File Size: 254       BYTES FileVersion:  N/A            MD5: [b5e70d6b627ac5aa8bd81faa87072e2e]
5165594007.data                         File Size: 847       BYTES FileVersion:  N/A            MD5: [7abbe3244c1583f767dce54d101a1a0b]
5165594007.quar                         File Size: 1560      BYTES FileVersion:  N/A            MD5: [ffb571586fb9e4afaacc2aee4eb8d4fd]
5382587953.data                         File Size: 780       BYTES FileVersion:  N/A            MD5: [69e8c5591f0be1855aedd491baacae6c]
5382587953.quar                         File Size: 738       BYTES FileVersion:  N/A            MD5: [718f947b703f7fa08b7506fb51a704cd]
6855889241.data                         File Size: 708       BYTES FileVersion:  N/A            MD5: [29d6c6f783e67e163973d5cdc91e9770]
7392844956.data                         File Size: 850       BYTES FileVersion:  N/A            MD5: [2041aa72ba9faccca775491fb3065f91]
7392844956.quar                         File Size: 444       BYTES FileVersion:  N/A            MD5: [c706c9b4c8bf76198796f2d1176cd54b]
7746684751.data                         File Size: 724       BYTES FileVersion:  N/A            MD5: [fb557e67e6c4c46822c6cdc24491b8de]
7888054135.data                         File Size: 733       BYTES FileVersion:  N/A            MD5: [01309637f16ff9b70856a023f742f115]
7888054135.quar                         File Size: 722232    BYTES FileVersion:  N/A            MD5: [0af46232148d455d71d1d3dcb7aade4f]
7955463964.data                         File Size: 739       BYTES FileVersion:  N/A            MD5: [72584a713f8e54d539944e3bda7c557f]
7955463964.quar                         File Size: 32038     BYTES FileVersion:  N/A            MD5: [831a1e326d3dd8efa0a52085ae730874]
8162426311.data                         File Size: 1179      BYTES FileVersion:  N/A            MD5: [82208490041c6cba684a559140854e8a]
8281401176.data                         File Size: 734       BYTES FileVersion:  N/A            MD5: [55aed5b71c5baf6dca697ebdf50711f2]
8281401176.quar                         File Size: 32038     BYTES FileVersion:  N/A            MD5: [99e42c32bb86496a06001bc848ffe838]
8590694168.data                         File Size: 778       BYTES FileVersion:  N/A            MD5: [d527e1d99a5151f020c8f6799374f088]
8590694168.quar                         File Size: 2664      BYTES FileVersion:  N/A            MD5: [04673c980a5564ef0768237422dd67b8]
9087182349.data                         File Size: 778       BYTES FileVersion:  N/A            MD5: [bbbd55608747a002546afb2322a47e8c]
9087182349.quar                         File Size: 1804      BYTES FileVersion:  N/A            MD5: [5d536f43f5bd9c75e0d223819a88650d]
9743475798.data                         File Size: 711       BYTES FileVersion:  N/A            MD5: [bc933f12aef7dcb320c696939afd0c69]
9743475798.quar                         File Size: 684       BYTES FileVersion:  N/A            MD5: [bed76bc02b4f121d31e35503397e1af5]
 
Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
Vendor: PUP.Optional.InstallCore.A, Date: 2014/04/25 09:42:36, Type: Registry Value, Location: HKU\S-1-5-21-3295534306-1767356150-2545195788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb
Vendor: PUP.Optional.InstallCore, Date: 2014/04/25 09:42:36, Type: File, Location: C:\$Recycle.Bin\S-1-5-21-3295534306-1767356150-2545195788-1000\$RJSPCD5.exe
Vendor: PUP.Optional.MySearchDial.A, Date: 2014/04/25 09:42:36, Type: File, Location: C:\Users\Bex\AppData\Roaming\mysearchdial\UpdateProc\TTL.DAT
Vendor: PUP.Optional.MySearchDial.A, Date: 2014/04/25 09:42:36, Type: Registry Value, Location: HKU\S-1-5-21-3295534306-1767356150-2545195788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page
Vendor: PUP.Optional.MySearchDial.A, Date: 2014/04/25 09:42:36, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Vendor: PUP.Optional.MySearchDial.A, Date: 2014/04/25 09:42:36, Type: Registry Key, Location: HKU\S-1-5-21-3295534306-1767356150-2545195788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff
Vendor: PUP.Optional.MySearchDial.A, Date: 2014/04/25 09:42:36, Type: Folder, Location: C:\Users\Bex\AppData\Roaming\mysearchdial\UpdateProc
Vendor: PUP.Optional.MySearchDial.A, Date: 2014/04/25 09:42:36, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Vendor: PUP.Optional.MySearchDial.A, Date: 2014/04/25 09:42:36, Type: File, Location: C:\Users\Bex\AppData\Roaming\mysearchdial\UpdateProc\config.dat
Vendor: PUP.Optional.MySearchDial.A, Date: 2014/04/25 09:42:36, Type: Registry Key, Location: HKLM\SOFTWARE\INSTALLCORE\mysearchdial
Vendor: PUP.Optional.MySearchDial.A, Date: 2014/04/25 09:42:36, Type: Registry Value, Location: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs
Vendor: PUP.Optional.MySearchDial.A, Date: 2014/04/25 09:42:36, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1
Vendor: PUP.Optional.MySearchDial.A, Date: 2014/04/25 09:42:36, Type: Registry Key, Location: HKU\S-1-5-21-3295534306-1767356150-2545195788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\mysearchdial
Vendor: PUP.Optional.MySearchDial.A, Date: 2014/04/25 09:42:36, Type: File, Location: C:\Users\Bex\AppData\Local\mysearchdial_speedial_v9.0.2.crx
Vendor: PUP.Optional.MySearchDial.A, Date: 2014/04/25 09:42:36, Type: Registry Key, Location: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Vendor: PUP.Optional.MySearchDial.A, Date: 2014/04/25 09:42:36, Type: Registry Key, Location: HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff
Vendor: PUP.Optional.InstallCore.A, Date: 2014/04/25 09:42:36, Type: Registry Key, Location: HKU\S-1-5-21-3295534306-1767356150-2545195788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S
Vendor: PUP.Optional.MySearchDial.A, Date: 2014/04/25 09:42:36, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Vendor: PUP.Optional.MegaBrowse.A, Date: 2014/04/25 09:42:36, Type: Registry Key, Location: HKU\S-1-5-21-3295534306-1767356150-2545195788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4E6CD411-CE62-4584-97FF-6AFBCF6900AF}
Vendor: PUP.Optional.MySearchDial.A, Date: 2014/04/25 09:42:36, Type: Registry Key, Location: HKU\S-1-5-21-3295534306-1767356150-2545195788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial
Vendor: PUP.Optional.MySearchDial.A, Date: 2014/04/25 09:42:36, Type: Folder, Location: C:\Users\Bex\AppData\Roaming\mysearchdial
Vendor: PUP.Optional.MegaBrowse.A, Date: 2014/04/25 09:42:36, Type: Registry Key, Location: HKU\S-1-5-21-3295534306-1767356150-2545195788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4E6CD411-CE62-4584-97FF-6AFBCF6900AF}
Vendor: PUP.Optional.MySearchDial.A, Date: 2014/04/25 09:42:36, Type: Folder, Location: C:\Users\Bex\AppData\Roaming\mysearchdial\icons_2.2.4.731
Vendor: PUP.Optional.Crimsolite.A, Date: 2014/04/25 09:42:36, Type: File, Location: C:\Users\Bex\AppData\Local\Temp\is1914646434\396793202_stp\setup.exe
Vendor: PUP.Optional.MySearchDial.A, Date: 2014/04/25 09:42:36, Type: File, Location: C:\Users\Bex\AppData\Roaming\mysearchdial\icons_2.2.4.731\magnifying.ico
Vendor: PUP.Optional.MySearchDial.A, Date: 2014/04/25 09:42:36, Type: Registry Value, Location: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page
Vendor: PUP.Optional.MySearchDial.A, Date: 2014/04/25 09:42:36, Type: File, Location: C:\Users\Bex\AppData\Roaming\mysearchdial\icons_2.2.4.731\star2.ico
Vendor: PUP.Optional.InstallCore.A, Date: 2014/04/25 09:42:36, Type: Registry Key, Location: HKU\S-1-5-21-3295534306-1767356150-2545195788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE
Vendor: PUP.Optional.TidyNetwork.A, Date: 2014/04/25 09:42:36, Type: Registry Key, Location: HKU\S-1-5-21-3295534306-1767356150-2545195788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TidyNetwork
Vendor: PUP.Optional.MySearchDial.A, Date: 2014/04/25 09:42:36, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc


#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:13 PM

Posted 21 June 2014 - 11:35 AM

Please run the Eset online scan and run the AdwCleaner and post those logs.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:13 PM

Posted 21 June 2014 - 11:46 AM

If you have not restarted the computer after running Malwarebytes do so now.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#9 bex1990

bex1990
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 21 June 2014 - 12:07 PM

I am currently running the ESET thing, it's found threat. I haven't run MBAM again though was I supposed too? Thank you for your help



#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:13 PM

Posted 21 June 2014 - 12:14 PM

No, you don't need to run the Malwarebytes scan again.  Too many topics.

 

When your up to your arse in alligators it's hard to remember that your prime objective was to drain the swamp.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 bex1990

bex1990
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 21 June 2014 - 01:08 PM

Ok so ESET has done it's business and quarantined the naughty stuff. Do i delete the quarantined files and un-install ESET or just close it? ANd yes don't worry, I can imagin you've been helping people all day, you must be exhausted from our stupidity



#12 bex1990

bex1990
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 21 June 2014 - 01:24 PM

From ADWcleaner:

 

# AdwCleaner v3.212 - Report created 21/06/2014 at 19:19:07
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Bex - BEX-PC
# Running from : C:\Users\Bex\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\File Type Assistant
Folder Deleted : C:\Users\Bex\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\Bex\AppData\Local\Temp\LinkSwift
Folder Deleted : C:\Users\Bex\AppData\Local\Temp\Mega Browse
File Deleted : C:\Users\Bex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Bex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\ProgramRefresh-ATFST
File Deleted : C:\Windows\System32\Tasks\ProgramUpdateCheck
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2E155D5-13F4-427B-BE86-704EC808B749}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2E155D5-13F4-427B-BE86-704EC808B749}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9328EE16-96A6-4B3A-B7CF-26794A9DE784}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9328EE16-96A6-4B3A-B7CF-26794A9DE784}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\Software\InstallCore
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Users\Bex\AppData\Roaming\Mozilla\Firefox\Profiles\6k65f0e7.default\prefs.js ]
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Bex\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=D5FE206E-80CB-41F9-B433-662BB263860A&apn_ptnrs=U3&apn_sauid=1A7E28EA-F7B9-4E13-9962-475A4AA18DAF&apn_dtid=OSJ000YYGB&q={searchTerms}
Deleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff
 
*************************
 
AdwCleaner[R0].txt - [2710 octets] - [21/06/2014 19:10:24]
AdwCleaner[S0].txt - [3001 octets] - [21/06/2014 19:19:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3061 octets] ##########


#13 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:13 PM

Posted 21 June 2014 - 01:24 PM

Please post the log of the Eset scan.

 

Yes, go ahead and delete the quarantined items and then uninstall Eset.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#14 bex1990

bex1990
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 21 June 2014 - 01:25 PM

Pop up hasn't popped up again yet. So might be fixed, fingers crossed


Oh ESET never gave me a log....

 

should I do it again?



#15 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:13 PM

Posted 21 June 2014 - 01:41 PM

Since the scan has already been run and it quarantined and removed the malware another scan will not produce the same results.

 

If you followed the instructions for running the Eset scan steps 9 through 13 would have placed an icon on your desktop to access the log.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users