Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot open any browser


  • Please log in to reply
12 replies to this topic

#1 channoff

channoff

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 08 July 2014 - 09:47 AM

Woke up this morning and cannot open any browser, IE, Chrome, and Firefox.  IE opens to a blank page with no content.  Chrome - I see hourglass for a moment, then it goes away.  Firefox - I only receive msg that says "Firefox already running, but is not responding.  To open a new window, you must first close the existing FF process."
 
Yesterday, I had something pop-up in lower right corner saying I had either malware or virus detected and asked if I wanted to quarantine it.  I clicked Yes.  I wished that I hadn't.  I assumed it was my antivirus, however, in checking history, I see no viruses detected.
 
Things I have tried:
  • Anti-malware bytes - 48 items found
  • superantispyware - nothing found
At this point, looks like I am missing full day of work to fix this, so any help would be greatly appreciated.  I am guess that something overwrote some registry values.
 
CN


Not sure if this helps, but I am on W7 Home Premium, OS Ver 6.1.7601., SP1.

Edited by boopme, 08 July 2014 - 10:59 AM.


BC AdBot (Login to Remove)

 


#2 channoff

channoff
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 08 July 2014 - 10:37 AM

Just realized I posted this in wrong section.  Mods, please close.


Merged two posts and moved to Am I Infected ~~ boopme

Edited by boopme, 08 July 2014 - 11:00 AM.


#3 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:59 PM

Posted 08 July 2014 - 10:44 AM

Don't worry about this being in the wrong forum, a moderator will move this to the Am I Infected forum.

 

Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.

 

To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.
 
Is the Malwarebytes you ran the new 2.0 version?
 
Did you update Malwarebytes before running the scan?

 

Please run the following scans.


Please run the ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Please download AdwCleaner and run it.
 
An image like the one below will open, click on Scan.
 
adwcleaner11_zps48314883.png
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  
 
You will receive a message telling you that all programs will be close so that the infections can be removed.  Click on Ok.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your next post.

Edited by dc3, 08 July 2014 - 10:46 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 channoff

channoff
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 08 July 2014 - 12:27 PM

Thanks, Arach.  All of this is in process now and appears that it will take several hours to get logs to you.  I was using Malwarebytes version 2 and update prior to running in safe mode.

 

In meantime, maybe you can make something out of this HitmanPro log.  It found a proxy server as well as plenty of other things:

HitmanPro 3.7.9.220
www.hitmanpro.com
   Computer name . . . . : TOSHIBA-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   Safe Mode Boot  . . . : NETWORK
   User name . . . . . . : Toshiba-PC\Toshiba
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Trial (Expired)
   Scan date . . . . . . : 2014-07-08 10:54:20
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 26m 19s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 1
   Traces  . . . . . . . : 48
   Objects scanned . . . : 2,003,803
   Files scanned . . . . : 126,241
   Remnants scanned  . . : 708,313 files / 1,169,249 keys
Malware _____________________________________________________________________
   C:\ProgramData\InstallMate\{D3472B14-3305-4027-A2CC-7B2708A409E2}\Custom.dll
      Size . . . . . . . : 72,192 bytes
      Age  . . . . . . . : 291.9 days (2013-09-19 13:57:19)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : D5DCD241FCAD38B8BFBD7A32EC85C71CF96B8A9671D96EB988264B00BFC2B373
      Product  . . . . . : SummerSoft
      Publisher  . . . . : SummerSoft
      Description  . . . : Custom DLL for SummerSof
      Version  . . . . . : 2013.9.
      LanguageID . . . . : 1037
    > Kaspersky  . . . . : not-a-virus:HEUR:Downloader.Win32.AdLoad.u
      Fuzzy  . . . . . . : 100.0

Potential Unwanted Programs _________________________________________________
   HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\MPCBContextMenu\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\CLSID\{2097A1B6-E86A-4072-A32D-2249A3ECBC5A}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\CLSID\{3070CF0C-F396-3DCA-87D6-9DBF3D77B610}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\CLSID\{4529EB14-6B38-3CC4-9504-6EAB6C9E1255}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\CLSID\{BEEA930F-CD8A-341E-B6B5-5BAF659685D5}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\CLSID\{F03955F1-309E-34E9-A021-1399C3532273}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\MPCBContextMenu\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}\ (Linkey)
   HKLM\SOFTWARE\Classes\MPCBContextMenu.ContextMenu\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\MPCBContextMenu.IconGenerator\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2097A1B6-E86A-4072-A32D-2249A3ECBC5A}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{3070CF0C-F396-3DCA-87D6-9DBF3D77B610}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{4529EB14-6B38-3CC4-9504-6EAB6C9E1255}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{BEEA930F-CD8A-341E-B6B5-5BAF659685D5}\ (MyPC Backup)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F03955F1-309E-34E9-A021-1399C3532273}\ (MyPC Backup)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{7be7bae5-b231-47ca-b765-a2b05ffbae66}\ (Conduit)
   HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622\ (Linkey)
   HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622\ (Linkey)
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622\ (Linkey)
   HKU\S-1-5-21-2221488314-2506892855-1009263268-1000\Software\Condut\ (Sweetpacks)
   HKU\S-1-5-21-2221488314-2506892855-1009263268-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{54739D49-AC03-4C57-9264-C5195596B3A1} (Linkey)
Repairs _____________________________________________________________________
   Proxy server on this computer (User)
   127.0.0.1:13808

Cookies _____________________________________________________________________
   C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.adotube.com
   C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Cookies\5YP82SWJ.txt
   C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Cookies\6OF2C07A.txt
   C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Cookies\NOD4TQI0.txt
   C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Cookies\OKSJNHME.txt
   C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\7avj3r30.default\cookies.sqlite:ads.yahoo.com


#5 channoff

channoff
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 08 July 2014 - 12:35 PM

Here is Malwarebytes log.  The rest is coming soon.

 

mbam-check result log version:     2.1.1.1001
========================================

User Account type:                 Administrator
OS:                                Windows 7 Service Pack 1 Service Pack 1 64 bit Operating System
Current Version and Build:         6.1.7601.0
Malwarebytes Anti-Malware:         2.0.2.1012
Installed On:                      2014/07/08
Malware Database:                  0000.00.00.00
Rootkit Database:                  0000.00.00.00
Remediation Database:              0000.00.00.00
IP Database:                       0000.00.00.00
Domain Database:                   0000.00.00.00
License:                           Free
Malware Protection:                0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
Malicious Website Protection:      0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMWebAccessControl
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2014/07/08 11:34:28
Compatibility Flag Settings:
=================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
 SIGN.IE=04C000 Surge_Installer.exeREG_SZ  VISTARTM
 SIGN.IE=069000 SendoutsSourcePro.exeREG_SZ  WINXPSP2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
 C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exeREG_SZ  ELEVATECREATEPROCESS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
 C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exeREG_SZ  ELEVATECREATEPROCESS

Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:

MBAM Startup Entries:
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Malwarebytes Anti-Malware Service and Driver Status:
=======================================================

--------------Driver File Info:--------------
C:\windows\system32\drivers\mbam.sys
File Size: 25816     BYTES FileVersion: 0.1.13.0 MD5: [f92b0e478c0faa6d6661e6e977247e60]
C:\windows\system32\drivers\mwac.sys
File Size: 63704     BYTES FileVersion: 1.0.1.0 MD5: [15e8abc06843672955ce26a009533bad]
C:\windows\system32\drivers\mbamswissarmy.sys
File Size: 122584    BYTES FileVersion: 0.1.7.0 MD5: [8a50d5304e6ae48664cf5838ec32f647]
C:\windows\system32\drivers\mbamchameleon.sys
File Size: 91352     BYTES FileVersion: 1.0.4.0 MD5: [9d9ed48f841ea37aa5310d54b9e5d3c7]

--------------MBAMProtector:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A

--------------MBAMService:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A

--------------MBAMScheduler:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A

--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A

--------------MBAMWebAccessControl:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControl
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A

Required Dependencies:
======================

--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
 DisplayName                   REG_SZ  @%SystemRoot%\system32\bfe.dll,-1001
 Group                         REG_SZ  NetworkProvider
 ImagePath                     REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
 Description                   REG_SZ  @%SystemRoot%\system32\bfe.dll,-1002
 ObjectName                    REG_SZ  NT AUTHORITY\LocalService
 ErrorControl                  REG_DWORD  1
 Start                         REG_DWORD  2
 Type                          REG_DWORD  32
 DependOnService               REG_MULTI_SZ RpcSs

 ServiceSidType                REG_DWORD  3
 RequiredPrivileges            REG_MULTI_SZ SeAuditPrivilege

 FailureActions                REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
 ServiceDll                    REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
 ServiceDllUnloadOnStop        REG_DWORD  1
 ServiceMain                   REG_SZ  BfeServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
 {dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data

 {0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data

 {12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data

 {c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data

 {0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data

 {074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data

 {c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data

 {a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data

 {0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data

 {2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data

 {2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data

 {c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data

 {935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data

 {941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
 {b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY Binary Data

 {d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY Binary Data

 {8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY Binary Data

 {4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY Binary Data

 {3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY Binary Data

 {17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY Binary Data

 {567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY Binary Data

 {4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY Binary Data

 {3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY Binary Data

 {dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data

 {f444c576-6e60-4ea2-9faa-80d57ed12cd2}REG_BINARY Binary Data

 {0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data

 {12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data

 {c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data

 {0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data

 {4d9581d2-aef8-4993-84cd-b986ced80d42}REG_BINARY Binary Data

 {be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}REG_BINARY Binary Data

 {716b48eb-0a35-4a76-92ab-1d987230d288}REG_BINARY Binary Data

 {1165065e-4996-4338-abaf-4b8556b4d431}REG_BINARY Binary Data

 {07a24961-a760-4e80-b263-6d275e1b09cb}REG_BINARY Binary Data

 {5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}REG_BINARY Binary Data

 {b6b2ca61-fb98-4422-adc2-e7cf56b3680c}REG_BINARY Binary Data

 {0aa7fff8-919f-453c-928c-28a12122ba38}REG_BINARY Binary Data

 {074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data

 {c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data

 {a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data

 {0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data

 {91ffecf0-0a9e-4572-95f1-a7111af86967}REG_BINARY Binary Data

 {64e55933-15a5-495d-a928-ccca43d44875}REG_BINARY Binary Data

 {13bfd422-6f75-4408-8924-9400ec0cb19c}REG_BINARY Binary Data

 {cbfb56db-3c85-4543-9bc2-76ea28cdd74e}REG_BINARY Binary Data

 {2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data

 {375fb39b-08c6-40f2-bdf2-08fa63f970a2}REG_BINARY Binary Data

 {2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data

 {c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data

 {b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY Binary Data

 {3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY Binary Data

 {935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data

 {941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
 {decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data

 {4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data

 {1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data

 {aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
 {b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data

 {b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data

 {b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data

 {9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data

--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
 AttachWhenLoaded              REG_DWORD  1
 DisplayName                   REG_SZ  @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
 Group                         REG_SZ  FSFilter Infrastructure
 ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys
 Description                   REG_SZ  @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
 ErrorControl                  REG_DWORD  3
 Start                         REG_DWORD  0
 Tag                           REG_DWORD  1
 Type                          REG_DWORD  2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
 0                             REG_SZ  Root\LEGACY_FLTMGR\0000
 Count                         REG_DWORD  1
 NextInstance                  REG_DWORD  1

C:\windows\system32\drivers\fltmgr.sys
File Size: 289664    BYTES FileVersion: 6.1.7601.17514 MD5: [da6b67270fd9db3697b20fce94950741]
C:\windows\SysWOW64\mscomctl.ocx
File Size: 1070232   BYTES FileVersion: 6.1.98.39 MD5: [766f501b61c22723536af696a74133d4]
C:\windows\SysWOW64\olepro32.dll
File Size: 90112     BYTES FileVersion: 6.1.7601.17514 MD5: [703ffd301ab900b047337c5d40fd6f96]

MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced:
    AutomaticQuarantine:                                       true
    AutostartProtection:                                       true
    LimitedMode:                                               false
    StartSilentMode:                                           false
    StartupDelay:                                              0
ApplicationState:
    First-Run-After-Installation:                              false
General:
    DaysUntilNotifyExpiration:                                 5
    Language:                                                  en
    RightClickAccess:                                          true
    SilentErrors:                                              false
Logging:
    ExportLog:                                                 true
Notification:
ProtectionTray:
    DisplayMilliseconds:                                       7000
ScanHistory:
    Duration_Complete:                                         637000
    Duration_Driver:                                           0
    Duration_Filesystem:                                       0
    Duration_Heuristics:                                       942000
    Duration_Loading:                                          0
    Duration_MasterBootRecord:                                 0
    Duration_Memory:                                           40000
    Duration_PreScan:                                          20000
    Duration_Registry:                                         37000
    Duration_Sector:                                           0
    Duration_Startup:                                          15000
    ItemCount_Complete:                                        229515
    ItemCount_Driver:                                          0
    ItemCount_Filesystem:                                      48373
    ItemCount_Heuristics:                                      14205
    ItemCount_Loading:                                         0
    ItemCount_MasterBootRecord:                                0
    ItemCount_Memory:                                          2797
    ItemCount_PreScan:                                         0
    ItemCount_Registry:                                        609
    ItemCount_Sector:                                          0
    ItemCount_Startup:                                         671
    LastScanDateEpoch:                                         1404837351024
    LastScanType:                                              1 (Threat Scan)
Update:
    LastUpdate:                                                2014-07-08T15:14:07
    NotifyInstallReady:                                        true
    NotifyOutdatedDatabase:                                    1
    ProxyPassword:                                             
    ProxyPort:                                                 0
    ProxyServer:                                               
    ProxyUsername:                                             
    UseProxy:                                                  false
    UseProxyAuthentication:                                    false
--------------Account:--------------
  Account Status:                                              Free
  Expiration Time:                                             
  Activation Time:                                             
  Trial Used:                                                  false
--------------Access Policies:--------------

Scheduler Queue:
================

Pending File Rename Operations:
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
Pending File Rename Operations:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
 PendingFileRenameOperations REG_MULTI_SZ \??\C:\Users\Toshiba\AppData\Local\Temp\~nsu.tmp\Au_.exe

 

MBAMProtector Registry Values:
==============================

 

MBAMService Registry Values:
============================

 

MBAMScheduler Registry Values:
==============================

 

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

TermService Start is set to: 3 (Manual Startup)

Proxy Status: No proxy is Set

Proxy Server:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
 ProxyServer REG_SZ  http=127.0.0.1:13808

Proxy Override:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
 ProxyOverride REG_SZ  <local>

LAN Settings:
=============

only 'Automatically detect settings' is selected

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
 SystemPartition REG_SZ  \Device\HarddiskVolume1

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
  h:mm:ss tt
  AM
  PM
  :

Currently:
REG_SZ  h:mm:ss tt
REG_SZ  AM
REG_SZ  PM
REG_SZ  :

Language and Regional Settings:
===============================

ACP:  Language is English (United States)
MACCP:  Language is English (United States)
OEMCP:  Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's Startup Folder Exists.

Context Menu Entries:
=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
 (Default):                    REG_SZ  {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
 (Default):                    REG_SZ  {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
 (Default):                    REG_SZ  MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
 (Default):                    REG_SZ  {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
 (Default):                    REG_SZ  MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
 (Default):                    REG_SZ  MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
 (Default):                    REG_SZ  {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
 (Default):                    REG_SZ  IMBAMShlExt
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
 (Default):                    REG_SZ  {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
 (Default):                    REG_SZ  {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
 Version                       REG_SZ  1.0
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 (Default):                    REG_SZ  MBAMShlExt Class
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
 ThreadingModel                REG_SZ  Apartment
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
 (Default):                    REG_SZ  MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
 (Default):                    REG_SZ  {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
 (Default):                    REG_SZ  MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
 (Default):                    REG_SZ  MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
 (Default):                    REG_SZ  0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
 (Default):                    REG_SZ  MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
 (Default):                    REG_SZ  0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes Anti-Malware

List of MBAM Related Directories:
=================================

C:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll                                   File Size: 920888    BYTES FileVersion:  9.20.0.0       MD5: [9f522b2708cab181c0f137abbcd1de2e]
atl100.dll                               File Size: 159032    BYTES FileVersion:  10.0.40219.325 MD5: [e013127ee031f1418b72fde79b1c2366]
changes.txt                              File Size: 2261      BYTES FileVersion:  N/A            MD5: [af70267bdf9a37a96f1a79a5c3720ae6]
license.rtf                              File Size: 39478     BYTES FileVersion:  N/A            MD5: [8627b31943a534aad30d154c2b2c1aaf]
master.conf                              File Size: 1258      BYTES FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                 File Size: 579896    BYTES FileVersion:  1.0.7.0        MD5: [d32c2a98859cb22d57a665f15f351e7d]
mbam.exe                                 File Size: 6970168   BYTES FileVersion:  1.0.0.532      MD5: [4fbc630768570e6ac35c3de8f6ec79f5]
mbamcore.dll                             File Size: 1680696   BYTES FileVersion:  1.0.11.0       MD5: [f722fa26739eafcbd8d5f3829b632cd7]
mbamdor.exe                              File Size: 54072     BYTES FileVersion:  1.0.1.0        MD5: [4da2f2da54a92850f56c0db712058188]
mbamext.dll                              File Size: 184632    BYTES FileVersion:  3.0.4.0        MD5: [945bb364b09f3a8e998dbff02a0a5a58]
mbampt.exe                               File Size: 39736     BYTES FileVersion:  1.0.0.0        MD5: [9acd7583584c93ee542c273df8e91dc1]
mbamscheduler.exe                        File Size: 1809720   BYTES FileVersion:  3.0.2.0        MD5: [d84aea3f3329d622dfc1297dddf6163b]
mbamservice.exe                          File Size: 860472    BYTES FileVersion:  3.0.2.0        MD5: [4f45ed469906494f9bf754e476390dbd]
mbamsrv.dll                              File Size: 4437816   BYTES FileVersion:  1.1.0.0        MD5: [9b48e38c35f08fa831b387a0b27c40aa]
msvcp100.dll                             File Size: 421688    BYTES FileVersion:  10.0.40219.325 MD5: [e4b829081e639e42985853bae754a53d]
msvcr100.dll                             File Size: 774456    BYTES FileVersion:  10.0.40219.325 MD5: [80fcedbe920e9cbe30d9d3665bd6efed]
QtCore4.dll                              File Size: 2732856   BYTES FileVersion:  4.8.4.0        MD5: [30490eed6a1e20e8259c0b9c58f488fe]
QtGui4.dll                               File Size: 8575288   BYTES FileVersion:  4.8.4.0        MD5: [15e21aa7d0c0c994cd565eeb96d13c20]
QtNetwork4.dll                           File Size: 909112    BYTES FileVersion:  4.8.4.0        MD5: [d7588d42e29080c32a003bee465160d8]
unins000.dat                             File Size: 43701     BYTES FileVersion:  N/A            MD5: [aca0cb9ac2b89ff1baaa3fdaca2e0e09]
unins000.exe                             File Size: 718037    BYTES FileVersion:  51.52.0.0      MD5: [d2796ecf50731e696f0c065d24c0827a]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                            File Size: 235882    BYTES FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                              File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
firefox.exe                              File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
firefox.pif                              File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
firefox.scr                              File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
iexplore.exe                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.com                       File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.exe                       File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.pif                       File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.scr                       File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-killer.exe                          File Size: 1181496   BYTES FileVersion:  N/A            MD5: [c6927fd8f7e9105b64db5d5a08b53731]
rundll32.exe                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
svchost.exe                              File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
windows.exe                              File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
winlogon.exe                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
qgif4.dll                                File Size: 32568     BYTES FileVersion:  4.8.4.0        MD5: [e59f533c26c8375cd120b4791482217e]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_bg.qm                               File Size: 144048    BYTES FileVersion:  N/A            MD5: [9ccb79999432d56b9843a3e2b2c90325]
lang_bs.qm                               File Size: 145523    BYTES FileVersion:  N/A            MD5: [6ab7a6274d4f9f7553c944f5c66201ba]
lang_ca.qm                               File Size: 132254    BYTES FileVersion:  N/A            MD5: [68a83ec63b6e7bc5dbdd412bcc49c6ce]
lang_cs.qm                               File Size: 141243    BYTES FileVersion:  N/A            MD5: [6b8acee7f461fa69b83d2c45c3725427]
lang_da.qm                               File Size: 130101    BYTES FileVersion:  N/A            MD5: [8539796784746218b229419e99ab308d]
lang_de.qm                               File Size: 149462    BYTES FileVersion:  N/A            MD5: [fcd3bc376ad219396e8c7d3c87cd8864]
lang_el.qm                               File Size: 149912    BYTES FileVersion:  N/A            MD5: [74f13f95f63fe96c08e571598df052d6]
lang_en.qm                               File Size: 115961    BYTES FileVersion:  N/A            MD5: [8c9da1c0ce06b89f8d323bf948bfba4e]
lang_es.qm                               File Size: 130487    BYTES FileVersion:  N/A            MD5: [33e1c6d40b841cc2e783ec8d8102e66f]
lang_et.qm                               File Size: 138126    BYTES FileVersion:  N/A            MD5: [aa215b5f37a72a69854c9163ac543b51]
lang_fi.qm                               File Size: 144256    BYTES FileVersion:  N/A            MD5: [18912c339939c3a6629004ec900f4fe4]
lang_fr.qm                               File Size: 149253    BYTES FileVersion:  N/A            MD5: [ec2bf2f431c4273f151b8c8a7b84c387]
lang_he.qm                               File Size: 116101    BYTES FileVersion:  N/A            MD5: [9e692744e77051c6ce14df32f9b71920]
lang_hr.qm                               File Size: 139841    BYTES FileVersion:  N/A            MD5: [3e3737fe86eb595c5f6817eebf731aa7]
lang_hu.qm                               File Size: 145621    BYTES FileVersion:  N/A            MD5: [52d3d7fcf8c8db071ef0573a1357c2fd]
lang_id.qm                               File Size: 143102    BYTES FileVersion:  N/A            MD5: [80473d2c73d2f54f2b23c9316f2d0ceb]
lang_it.qm                               File Size: 146851    BYTES FileVersion:  N/A            MD5: [7e7aea7d0b433d7e912ed9f0887684a7]
lang_ja.qm                               File Size: 121282    BYTES FileVersion:  N/A            MD5: [19ac79b7a5e05d665e417c2dd75afc94]
lang_ko.qm                               File Size: 118033    BYTES FileVersion:  N/A            MD5: [de213178c14490bf452ea45278d3442d]
lang_nl.qm                               File Size: 146325    BYTES FileVersion:  N/A            MD5: [5aec6f6bdc5e6c28744e6ef374709eeb]
lang_no.qm                               File Size: 142918    BYTES FileVersion:  N/A            MD5: [4388c08217618af2e24173af6f5d3f97]
lang_pl.qm                               File Size: 145434    BYTES FileVersion:  N/A            MD5: [699700c889447d1f9b607c04f07fff67]
lang_pt_BR.qm                            File Size: 131739    BYTES FileVersion:  N/A            MD5: [a3430222223d59da8ec6ea1edae5ee2f]
lang_pt_PT.qm                            File Size: 149128    BYTES FileVersion:  N/A            MD5: [afdf1907af4c95f9af510d5fc1bb9067]
lang_ro.qm                               File Size: 121166    BYTES FileVersion:  N/A            MD5: [1672a2b3a9807a1497fe43824c0026c0]
lang_ru.qm                               File Size: 122186    BYTES FileVersion:  N/A            MD5: [d4dd1eea2b0f52aba2fca4d159c387f7]
lang_sk.qm                               File Size: 119827    BYTES FileVersion:  N/A            MD5: [8b200d162e8028843e41aa1a927cfd84]
lang_sl.qm                               File Size: 143191    BYTES FileVersion:  N/A            MD5: [1760a6aa6990b2f0c4c71ec04b25ac9c]
lang_sr.qm                               File Size: 143261    BYTES FileVersion:  N/A            MD5: [377d15c0da0249f4a7a58978b6307d81]
lang_sv.qm                               File Size: 142525    BYTES FileVersion:  N/A            MD5: [2587ead21967296fefdd0ee0684fe8b4]
lang_tr.qm                               File Size: 142194    BYTES FileVersion:  N/A            MD5: [880fcbe97ec6f13ec094f7371b5b295f]
lang_vi.qm                               File Size: 126874    BYTES FileVersion:  N/A            MD5: [c61281786b5bfec68afc742a19f6abd9]
lang_zh_tr.qm                            File Size: 110870    BYTES FileVersion:  N/A            MD5: [f223d83580b1ee35edea13293cb2c80d]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                            File Size: 821560    BYTES FileVersion:  1.1.0.1010     MD5: [3a4dcd021d9f3a5305a22e5e309da305]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                              File Size: 314       BYTES FileVersion:  N/A            MD5: [b26a36c0696e299fdfebe180c09c2737]
domains.ref                              File Size: 38        BYTES FileVersion:  N/A            MD5: [8c30b536b67543eb68e68b9640d4d498]
exclusions.dat                           File Size: 91        BYTES FileVersion:  N/A            MD5: [da9d91ca4ac5639189ceb1673fd62087]
ips.ref                                  File Size: 33        BYTES FileVersion:  N/A            MD5: [8a1c580788ea8de3f32862c2c1cf373c]
mbam-setup.exe                           File Size: 17292760  BYTES FileVersion:  2.0.2.1012     MD5: [e90bf9e1562f40140161573b79cd5720]
rules.ref                                File Size: 8749943   BYTES FileVersion:  N/A            MD5: [12163fbb29d1a30f5a0fa0dbb58c838f]
swissarmy.ref                            File Size: 21900     BYTES FileVersion:  N/A            MD5: [140d93b2f83def65e0261f9f15d1a6e9]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                               File Size: 4495      BYTES FileVersion:  N/A            MD5: [0530b4a19d33c4daa8dac09159af79b6]
database.conf                            File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                          File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 23        BYTES FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                            File Size: 2126      BYTES FileVersion:  N/A            MD5: [6541758dda53349271cda6efcdb231e7]
marketing.conf                           File Size: 1434      BYTES FileVersion:  N/A            MD5: [19533c40d9c9778b2ab423dbcf063d80]
net.conf                                 File Size: 6108      BYTES FileVersion:  N/A            MD5: [469d10511b56a48d21653191742a3bb2]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                            File Size: 1990      BYTES FileVersion:  N/A            MD5: [78388cac776ebc694f777a5a2237348c]
statistics.conf                          File Size: 597       BYTES FileVersion:  N/A            MD5: [a32331871cbb8430a5100ce03de8527e]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
mbam-log-2014-05-08 (13-56-27).xml       File Size: 29126     BYTES FileVersion:  N/A            MD5: [94235f3206408e64bd909d6d556676bd]
mbam-log-2014-05-08 (15-33-42).xml       File Size: 2474      BYTES FileVersion:  N/A            MD5: [b78773494d5af7af6a011036377a30f3]
mbam-log-2014-05-11 (07-44-29).xml       File Size: 2474      BYTES FileVersion:  N/A            MD5: [bc08371c75476d5ad3e73405e7a9d6eb]
mbam-log-2014-05-21 (15-09-09).xml       File Size: 2856      BYTES FileVersion:  N/A            MD5: [42582a9f36e3aeb7903ba4515fe8c425]
mbam-log-2014-07-08 (07-07-43).xml       File Size: 31014     BYTES FileVersion:  N/A            MD5: [54c5afec8ff7e04c7925a62f92299ba3]
mbam-log-2014-07-08 (07-27-36).xml       File Size: 2498      BYTES FileVersion:  N/A            MD5: [5f43e953117b230fc8381a0eb7ad8497]
protection-log-2014-05-08.xml            File Size: 670       BYTES FileVersion:  N/A            MD5: [7af92b088050d10ae89218a2528e4259]
protection-log-2014-05-09.xml            File Size: 364       BYTES FileVersion:  N/A            MD5: [8530f7dc133a22be0b871ee1153e3758]
protection-log-2014-05-11.xml            File Size: 365       BYTES FileVersion:  N/A            MD5: [6492faf2717d0fd6b050629a8a9c2b1e]
protection-log-2014-05-21.xml            File Size: 365       BYTES FileVersion:  N/A            MD5: [77d2402c35a4b59f8fceb748093a0fb6]
protection-log-2014-07-08.xml            File Size: 1882      BYTES FileVersion:  N/A            MD5: [db4f73afff927b2d517c5ee6cace7747]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine

Malware Exclusions:
===================
Unable to access exclusion information: Error code 20001Web Exclusions:
================
Unable to access exclusion information: Error code 20001Quarantined Items:
===================
Unable to access quarantine information: Error code 20001===============================================================
END OF FILE



#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:59 PM

Posted 08 July 2014 - 12:47 PM

Did you update Malwarebytes before you ran this scan?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 channoff

channoff
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 08 July 2014 - 01:11 PM

I did, but this is log after running it about 4 times. Should I uninstall it and download/update again just to make sure?



#8 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:59 PM

Posted 08 July 2014 - 01:33 PM

No, if Malwarebytes has found anything and quarantined it and then restarted those items will no longer be listed.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#9 channoff

channoff
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 08 July 2014 - 03:21 PM

I went ahead and ran Malwarebytes again in SafeMode with rootkit search selected and still found nothing.

 

ESET found 21 issues.  Here is log:

 

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiolpdppdlenlpinemeiecpnmodalfl\10.19.2.5_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application 
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiolpdppdlenlpinemeiecpnmodalfl\10.19.2.5_0\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application 
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiolpdppdlenlpinemeiecpnmodalfl\10.21.1.507_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application 
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiolpdppdlenlpinemeiecpnmodalfl\10.21.1.507_0\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Users\Toshiba\AppData\Local\AnyProtectScannerSetup.exe.vir Win32/AnyProtect.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Toshiba\AppData\Local\NativeMessaging\CT3311875\1_0_0_7\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\Program Files (x86)\FrostWire 5\frostwire-installer.exe a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined
C:\Program Files (x86)\IObit\Advanced SystemCare 7\unlocker-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Users\Toshiba\.frostwire5\updates\frostwire-5.7.3.windows.coc.premium.exe a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined
C:\Users\Toshiba\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blklojfklgnogjaijkibhfjepakiocng\10.29.0.520_0\APISupport\APISupport.dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blklojfklgnogjaijkibhfjepakiocng\10.29.0.520_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blklojfklgnogjaijkibhfjepakiocng\10.29.0.520_0\plugins\ChromeApiPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blklojfklgnogjaijkibhfjepakiocng\10.24.3.3_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blklojfklgnogjaijkibhfjepakiocng\10.26.9.505_0\APISupport\APISupport.dll a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blklojfklgnogjaijkibhfjepakiocng\10.26.9.505_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\Users\Toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFDSZ090\gsp[1].zip Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiolpdppdlenlpinemeiecpnmodalfl\10.19.2.5_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiolpdppdlenlpinemeiecpnmodalfl\10.19.2.5_0\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiolpdppdlenlpinemeiecpnmodalfl\10.21.1.507_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiolpdppdlenlpinemeiecpnmodalfl\10.21.1.507_0\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application deleted - quarantined

 

I ran AdwCleaner and here is log:

 

# AdwCleaner v3.214 - Report created 08/07/2014 at 14:20:51
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Toshiba - TOSHIBA-PC
# Running from : C:\Users\Toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OAK5OKIP\AdwCleaner (1).exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\7avj3r30.default\prefs.js ]

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [11849 octets] - [08/07/2014 09:27:17]
AdwCleaner[R1].txt - [8995 octets] - [08/07/2014 09:34:21]
AdwCleaner[R2].txt - [1090 octets] - [08/07/2014 14:14:58]
AdwCleaner[R3].txt - [1023 octets] - [08/07/2014 14:20:51]
AdwCleaner[S0].txt - [8945 octets] - [08/07/2014 09:35:48]
AdwCleaner[S1].txt - [1152 octets] - [08/07/2014 14:15:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1203 octets] ##########

 

 



#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:59 PM

Posted 08 July 2014 - 05:09 PM

There is nothing malicious found.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 channoff

channoff
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 08 July 2014 - 08:28 PM

Any other suggestions you might have?  I am concerned about the proxy server.



#12 channoff

channoff
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 08 July 2014 - 09:58 PM

Ahh, I fixed it!!!!  Everything appears to be back to normal.  Ran ComboFix and did some general housekeeping, then uninstalled/reinstalled Chrome.  Thanks for helping,    Arachibutyrophobia, and stay away from peanut butter.

 

CN



#13 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:59 PM

Posted 09 July 2014 - 09:54 AM

Glad to hear you were able to resolve the issue.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users