Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected but not sure by what...


  • Please log in to reply
10 replies to this topic

#1 robertjrichardson

robertjrichardson

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 27 July 2014 - 01:27 PM

This all started shortly after roommate decided he'd torrent a movie while I was at work... It started with a program called search protect which I thought I was rid of. Now after running malwarebytes, avast, fprot and a few others I'm still plagued by something. When I'm on various sites, this one included, when I click certain areas on the page a 2nd window is immediately prompted into various adds generally relating to the website I'm on. Its also causing my intial loading page for mozilla do wierd things. Its causing the computer to run slower than normal as I can tell as well. I'm guesstimating this is likely adware in combo with malware.

BC AdBot (Login to Remove)

 


m

#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:23 PM

Posted 27 July 2014 - 01:49 PM

Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.


Please run the ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Please download AdwCleaner and run it.
 
An image like the one below will open, click on Scan.
 
adwcleaner11_zps48314883.png
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be close so that the infections can be removed.  Click on Ok.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 robertjrichardson

robertjrichardson
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 27 July 2014 - 01:58 PM

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine

Malware Exclusions:
===================
Unable to access exclusion information: Error code 20001Web Exclusions:
================
Unable to access exclusion information: Error code 20001Quarantined Items:
===================
Unable to access quarantine information: Error code 20001===============================================================
END OF FILE

#4 robertjrichardson

robertjrichardson
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 27 July 2014 - 02:02 PM

# AdwCleaner v3.216 - Report created 27/07/2014 at 13:59:29
# Updated 17/07/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : rac - STORE
# Running from : C:\Users\rac\Downloads\AdwCleaner (3).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Found : C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17028


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8519 octets] - [24/07/2014 21:36:37]
AdwCleaner[R1].txt - [1379 octets] - [27/07/2014 13:39:43]
AdwCleaner[R2].txt - [1239 octets] - [27/07/2014 13:59:29]
AdwCleaner[S0].txt - [6329 octets] - [24/07/2014 21:38:26]
AdwCleaner[S1].txt - [1448 octets] - [27/07/2014 13:42:01]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1419 octets] ##########

#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:23 PM

Posted 27 July 2014 - 02:22 PM

Search Protect is from Conduit.  I'm surprised that neither was found by AdwCleaner.

 

Open Firefox and open the Add-ons.

 

Click Extensions and Plugins tabs and look for any listings that contain the words search protect or conduit.  Remove any which are found.

 

Which version of Malwarebytes did you run?

 

I'm guessing that you are running the Eset online scan?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 robertjrichardson

robertjrichardson
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 27 July 2014 - 05:45 PM

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir Win32/Thinknice.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir a variant of Win32/ELEX.AM potentially unwanted application
C:\Users\rac\AppData\Local\DynamicPricer\IE\DynamicPricer.dll Win32/AdWare.Mrlmedia.A application cleaned by deleting - quarantined
C:\Users\rac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1F6O6UPX\SPSetup[1].exe Win32/Conduit.SearchProtect.Q potentially unwanted application deleted - quarantined
C:\Users\rac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6VHMRK0U\DesktopWeatherAlertsSetup[1].exe a variant of MSIL/Adware.StrongVault.A application cleaned by deleting - quarantined
C:\Users\rac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PKBEORLT\SPIdentifierImpl[1].exe Win32/Conduit.SearchProtect.Q potentially unwanted application deleted - quarantined
C:\Users\rac\AppData\Roaming\GroovorioUpdater\UpdateProc\UpdateTask.exe a variant of Win32/DealPly.S potentially unwanted application deleted - quarantined

Sorry for the delayed link. Took long enough I went for a nap
Used the malwarebytes link you provided to be sure it was completely up to date.
And I'm using google chrome not firefox. Only extension I show is adblock plus

#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:23 PM

Posted 28 July 2014 - 09:31 AM

Please post the Malwareabytes log.

 

You posted the following.

 

Its also causing my intial loading page for mozilla do wierd things.

 

Mozilla is the creator of Firefox, this is why I assumed you were using it.

 

It looks like AdwCleaner was able to quarantine the Conduit. Search Protect.  You will need to open the Chrome menu and then open settings.  Under Search you will find Manage Search Engines, open this and see if Conduit or Search Protect is listed there.  If it is place pointer inside the box which has this search engine an X will appear at the right side, click on this to remove it.

 

You still have not posted the results of the Eset online scan, please do so.  You need to post this so that we can determine if there are other malware issues.

 

I want you to run Malwarebytes again in order to make sure that the Conduit is gone.

 

Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.

 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
mbamreplace_zps3ead4824.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 robertjrichardson

robertjrichardson
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 28 July 2014 - 10:29 AM

my apologies. used firefox for a long time, when i attempt to open settings or history it starts to load then blank white screen?!

#9 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:23 PM

Posted 28 July 2014 - 10:44 AM

Please run and post the results of Malwarebytes.


Please run the ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#10 robertjrichardson

robertjrichardson
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 28 July 2014 - 11:42 AM

mbam-check result log version: 2.1.1.1001
========================================

User Account type: Administrator
OS: Windows 8 64 bit Operating System
Current Version and Build: 6.2.9200.0
Malwarebytes Anti-Malware: 2.0.2.1012
Installed On: 2014/07/27
Malware Database: 2014.07.28.03
Rootkit Database: 2014.07.17.01
Remediation Database: 2013.10.16.01
IP Database: 0000.00.00.00
Domain Database: 0000.00.00.00
License: Free
Malware Protection: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
Malicious Website Protection: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMWebAccessControl
Chameleon: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created: 2014/07/28 11:40:25
Compatibility Flag Settings:
=================================


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.3\deploy\League of Legends.exeREG_SZ $ IgnoreFreeLibrary<RiotRadsIO.dll>


Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:

MBAM Startup Entries:
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Malwarebytes Anti-Malware (cleanup)REG_SZ "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Malwarebytes Anti-Malware Service and Driver Status:
=======================================================

--------------Driver File Info:--------------
C:\windows\system32\drivers\mbam.sys
File Size: 25816 BYTES FileVersion: 0.1.13.0 MD5: [f92b0e478c0faa6d6661e6e977247e60]
C:\windows\system32\drivers\mwac.sys
File Size: 64216 BYTES FileVersion: 1.0.1.0 MD5: [0664f6335f108f38fe08c3ca747311ee]
C:\windows\system32\drivers\mbamswissarmy.sys
File Size: 122584 BYTES FileVersion: 0.1.7.0 MD5: [8a50d5304e6ae48664cf5838ec32f647]
C:\windows\system32\drivers\mbamchameleon.sys
File Size: 91352 BYTES FileVersion: 1.0.4.0 MD5: [9d9ed48f841ea37aa5310d54b9e5d3c7]

--------------MBAMProtector:--------------
Type: N/A
State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
WIN32_EXIT_CODE: N/A
SERVICE_EXIT_CODE: N/A
CHECKPOINT: N/A
WAIT_HINT: N/A


--------------MBAMService:--------------
Type: N/A
State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService
WIN32_EXIT_CODE: N/A
SERVICE_EXIT_CODE: N/A
CHECKPOINT: N/A
WAIT_HINT: N/A


--------------MBAMScheduler:--------------
Type: N/A
State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler
WIN32_EXIT_CODE: N/A
SERVICE_EXIT_CODE: N/A
CHECKPOINT: N/A
WAIT_HINT: N/A


--------------MBAMChameleon:--------------
Type: N/A
State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE: N/A
SERVICE_EXIT_CODE: N/A
CHECKPOINT: N/A
WAIT_HINT: N/A


--------------MBAMWebAccessControl:--------------
Type: N/A
State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControl
WIN32_EXIT_CODE: N/A
SERVICE_EXIT_CODE: N/A
CHECKPOINT: N/A
WAIT_HINT: N/A


Required Dependencies:
======================

--------------BFE:--------------
Type: 32
State: 4 (The service is running.)
WIN32_EXIT_CODE: 0
SERVICE_EXIT_CODE: 0
CHECKPOINT: 0
WAIT_HINT: 0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
DisplayName REG_SZ @%SystemRoot%\system32\bfe.dll,-1001
ErrorControl REG_DWORD 1
Group REG_SZ NetworkProvider
ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Start REG_DWORD 2
Type REG_DWORD 32
Description REG_SZ @%SystemRoot%\system32\bfe.dll,-1002
DependOnService REG_MULTI_SZ RpcSs
WfpLwfs

ObjectName REG_SZ NT AUTHORITY\LocalService
ServiceSidType REG_DWORD 3
RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege

FailureActions REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
ServiceDllUnloadOnStop REG_DWORD 1
ServiceMain REG_SZ BfeServiceMain
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
{89a89b7c-b5ab-4ed6-bf05-d3059281a5c5}REG_BINARY Binary Data

{84750a0c-b836-48e3-ab80-104985c857db}REG_BINARY Binary Data

{bf9eae1b-1905-487e-b9d3-c7328ef34113}REG_BINARY Binary Data

{b8b869cf-824b-4ee2-8c4e-24ad0ec6736a}REG_BINARY Binary Data

{4af66d81-41cf-4464-a369-e7ef70628ce6}REG_BINARY Binary Data

{f6b91a24-7c6b-4958-8111-b8d5182494fc}REG_BINARY Binary Data

{aee12ee7-fa08-4f1d-930f-71820e2968ee}REG_BINARY Binary Data

{60538d36-e220-4a0e-b31b-46778423b88d}REG_BINARY Binary Data

{98be2af4-08d0-4fba-829f-042f55a9ee30}REG_BINARY Binary Data

{5f097c86-97b5-41b2-968e-1cf1ab565ba4}REG_BINARY Binary Data

{b231fc8e-20b7-4c66-a6d6-d94f96a53ba5}REG_BINARY Binary Data

{d843fbd0-bc3b-4859-a968-f6b4095259f9}REG_BINARY Binary Data

{1bac65bb-f95d-49e5-a6d8-86daf7cc7701}REG_BINARY Binary Data

{7a224a9d-9c44-41c0-8a41-be6f2268c605}REG_BINARY Binary Data

{c3352ece-0a6a-491f-a700-2e3b1075db1b}REG_BINARY Binary Data

{771bcc07-3ea5-472c-84bd-8dc7f39300d5}REG_BINARY Binary Data

{a7598913-4311-43b3-b8b1-d4569547cc8e}REG_BINARY Binary Data

{6224d966-39ec-4d6c-a2e4-5e6dbdc26d66}REG_BINARY Binary Data

{6ce07d57-3e4e-4fcb-835c-97443212094e}REG_BINARY Binary Data

{b730961c-190c-4714-b761-14a0ba31ed54}REG_BINARY Binary Data

{fa2ae604-deff-441d-8115-04797985e840}REG_BINARY Binary Data

{a6478540-530d-4acf-974d-fd1e8da46928}REG_BINARY Binary Data

{cb251666-fcca-4b5a-8668-4eef19e06e3d}REG_BINARY Binary Data

{28db0e33-817d-4505-8822-7e5e73f75d8e}REG_BINARY Binary Data

{d2ac3df2-ccad-4858-a3c3-2a5c1379d9c2}REG_BINARY Binary Data

{ffd88f57-cd64-4cb4-bddc-002a4eb7e69a}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Options
EnablePacketQueue REG_DWORD 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout
{22989d3b-d416-4df9-b07e-3c8b6ccfd1dc}REG_BINARY Binary Data

{8368f29b-8ce5-4078-b500-3edae01c1d37}REG_BINARY Binary Data

{a566a691-3145-4529-89f9-6aa194321faf}REG_BINARY Binary Data

{db969f3a-7165-4536-a7e3-abd7973a59d1}REG_BINARY Binary Data

{c0b4a1b5-42ff-47c5-92ff-4b361feb9a1f}REG_BINARY Binary Data

{c523abea-cd87-4f67-9e59-20ae1f34bd81}REG_BINARY Binary Data

{b9171c50-767a-460c-a40b-2f22229ef1b6}REG_BINARY Binary Data

{6dcda39d-387c-4658-9de7-ed16f035dc77}REG_BINARY Binary Data

{e048b478-c649-4c55-b057-d47d901d5d9f}REG_BINARY Binary Data

{767a2c47-a4d9-4078-88c8-d2b2df2e5b6c}REG_BINARY Binary Data

{37b71985-6b8c-456b-aa6c-c27861db1788}REG_BINARY Binary Data

{476d74dc-099f-4289-af71-50f479e2956c}REG_BINARY Binary Data

{6d0d8521-0597-42d3-91eb-320920527501}REG_BINARY Binary Data

{03ea03ef-d1ea-4632-8385-5088c0965dc8}REG_BINARY Binary Data

{f1f94802-61c8-4f74-94c6-3c5afc67f0b6}REG_BINARY Binary Data

{208c15b8-107f-4ea0-b0a8-6a5c86a80935}REG_BINARY Binary Data

{1491595b-c4aa-4f99-99a6-6585f480127e}REG_BINARY Binary Data

{c1b43c96-1870-4599-bb0e-8ff2f33ba3c0}REG_BINARY Binary Data

{51adff72-e25a-4ad6-b1cf-e68423cc4315}REG_BINARY Binary Data

{e01cc7ce-61a0-4025-9d41-4e4664e1c55f}REG_BINARY Binary Data

{b435f564-1e3d-4aac-bd95-d09ae2f7d7b6}REG_BINARY Binary Data

{fb7ac9c8-6f78-424a-a15b-7f161c3987e7}REG_BINARY Binary Data

{1d86f1fc-144d-4249-b2e8-9f2076f0c98b}REG_BINARY Binary Data

{cac30c87-1805-40b6-b17e-23a3cdeaf18c}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
{89a89b7c-b5ab-4ed6-bf05-d3059281a5c5}REG_BINARY Binary Data

{84750a0c-b836-48e3-ab80-104985c857db}REG_BINARY Binary Data

{e72646bc-7d3f-4c5c-a679-b3716f8c6cc8}REG_BINARY Binary Data

{b98b75dc-17c0-4e84-bd4e-2080527ca6a6}REG_BINARY Binary Data

{b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY Binary Data

{d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY Binary Data

{8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY Binary Data

{4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY Binary Data

{3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY Binary Data

{17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY Binary Data

{567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY Binary Data

{4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY Binary Data

{3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY Binary Data

{70694559-714a-4a38-a0cd-51439e06f1d8}REG_BINARY Binary Data

{36e1be1b-6e2f-45e8-88ff-85d85e23a211}REG_BINARY Binary Data

{bf9eae1b-1905-487e-b9d3-c7328ef34113}REG_BINARY Binary Data

{d52149ee-f280-48a3-b9bb-c16fd554c111}REG_BINARY Binary Data

{b8b869cf-824b-4ee2-8c4e-24ad0ec6736a}REG_BINARY Binary Data

{9a95f83b-4d37-429f-a8d4-fb327c338c7d}REG_BINARY Binary Data

{4af66d81-41cf-4464-a369-e7ef70628ce6}REG_BINARY Binary Data

{748be50a-013b-4e22-a634-f7d33b5f1672}REG_BINARY Binary Data

{f6b91a24-7c6b-4958-8111-b8d5182494fc}REG_BINARY Binary Data

{ee9a2d81-edfa-44c7-bf0d-3f95192346b6}REG_BINARY Binary Data

{aee12ee7-fa08-4f1d-930f-71820e2968ee}REG_BINARY Binary Data

{713fb9af-2c09-4f34-84ec-638bbd201d97}REG_BINARY Binary Data

{60538d36-e220-4a0e-b31b-46778423b88d}REG_BINARY Binary Data

{417ce42c-01a3-4aac-8cb4-8ceffb48114b}REG_BINARY Binary Data

{98be2af4-08d0-4fba-829f-042f55a9ee30}REG_BINARY Binary Data

{e971191f-6b0f-4a10-b72c-0345f4a69b40}REG_BINARY Binary Data

{5f097c86-97b5-41b2-968e-1cf1ab565ba4}REG_BINARY Binary Data

{4624857b-cefb-4bf8-a8e9-b6842193e03b}REG_BINARY Binary Data

{b231fc8e-20b7-4c66-a6d6-d94f96a53ba5}REG_BINARY Binary Data

{c1c89e24-f256-4d50-8187-631ef804b931}REG_BINARY Binary Data

{d843fbd0-bc3b-4859-a968-f6b4095259f9}REG_BINARY Binary Data

{4caafd33-a4e5-4431-a4da-bd7cab8e87f7}REG_BINARY Binary Data

{1bac65bb-f95d-49e5-a6d8-86daf7cc7701}REG_BINARY Binary Data

{b2d6a25d-621a-4e20-813f-924861818094}REG_BINARY Binary Data

{7a224a9d-9c44-41c0-8a41-be6f2268c605}REG_BINARY Binary Data

{c0129fd1-aacf-4ccd-b7fc-da93feafb37a}REG_BINARY Binary Data

{c3352ece-0a6a-491f-a700-2e3b1075db1b}REG_BINARY Binary Data

{057e9567-eac8-4b53-a778-c6cea2cce4cb}REG_BINARY Binary Data

{771bcc07-3ea5-472c-84bd-8dc7f39300d5}REG_BINARY Binary Data

{e4cf1529-eb2d-4dc8-a6f3-a314c22e1efb}REG_BINARY Binary Data

{a7598913-4311-43b3-b8b1-d4569547cc8e}REG_BINARY Binary Data

{91b9783d-9949-475b-a416-26ba6e8acef2}REG_BINARY Binary Data

{6224d966-39ec-4d6c-a2e4-5e6dbdc26d66}REG_BINARY Binary Data

{1e168f86-e229-4217-8669-585e6c2996a0}REG_BINARY Binary Data

{6ce07d57-3e4e-4fcb-835c-97443212094e}REG_BINARY Binary Data

{3b71e824-3660-45e7-a48b-18efc85a9a54}REG_BINARY Binary Data

{b730961c-190c-4714-b761-14a0ba31ed54}REG_BINARY Binary Data

{038e88cb-9d30-49fc-91ce-b6ac4cbb51e6}REG_BINARY Binary Data

{fa2ae604-deff-441d-8115-04797985e840}REG_BINARY Binary Data

{ae715006-a879-4f80-9aef-c7bbe707ee66}REG_BINARY Binary Data

{a6478540-530d-4acf-974d-fd1e8da46928}REG_BINARY Binary Data

{2f3e9923-a2e8-4e07-a61c-6dd394185f72}REG_BINARY Binary Data

{cb251666-fcca-4b5a-8668-4eef19e06e3d}REG_BINARY Binary Data

{b8bf691a-2627-48ed-8a3b-2addd92be7ae}REG_BINARY Binary Data

{28db0e33-817d-4505-8822-7e5e73f75d8e}REG_BINARY Binary Data

{dca8212c-8274-4071-aafc-1955d0d67ac2}REG_BINARY Binary Data

{d2ac3df2-ccad-4858-a3c3-2a5c1379d9c2}REG_BINARY Binary Data

{dbe19dce-41ee-4815-911a-223288e43130}REG_BINARY Binary Data

{ffd88f57-cd64-4cb4-bddc-002a4eb7e69a}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data

{4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data

{1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data

{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data

{d4bd4a0f-7591-4da2-ae67-3aa97c3c34c2}REG_BINARY Binary Data

{08c1e7e7-4e47-4d05-be1f-e72415d480f1}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
{b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data

{b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data

{b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data

{9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data

{9ef7b261-649e-498c-9244-73ce0133a45e}REG_BINARY Binary Data

{989745d1-aaa5-459f-8d24-f3c0a7f6748e}REG_BINARY Binary Data

{42921b7c-d3f8-4780-813d-94511b841da9}REG_BINARY Binary Data

{1f7b80a2-57c7-43b7-a4a7-0c191aa7da22}REG_BINARY Binary Data

{37d03a93-8372-472b-9735-c1574b626e62}REG_BINARY Binary Data

{e0eafa89-1944-4e22-836e-6c218d845c78}REG_BINARY Binary Data

{672b3149-95db-4bc6-a137-14cd7310548d}REG_BINARY Binary Data

{08a1d66d-bfdc-4eb7-b60e-35217b8cc854}REG_BINARY Binary Data

{d771ff7c-b353-437a-aece-dc5fce8fee50}REG_BINARY Binary Data

{b5252aa2-05bb-495c-8028-2f880bc3ced3}REG_BINARY Binary Data

{32fe297b-b888-4be5-9e5f-d63fb43e333a}REG_BINARY Binary Data

{38789f74-39b8-4475-98c4-c707f6add2b3}REG_BINARY Binary Data

--------------fltmgr:--------------
Type: 2
State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE: 0
SERVICE_EXIT_CODE: 0
CHECKPOINT: 0
WAIT_HINT: 0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
AttachWhenLoaded REG_DWORD 1
DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
ErrorControl REG_DWORD 3
Group REG_SZ FSFilter Infrastructure
ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys
Start REG_DWORD 0
Tag REG_DWORD 1
Type REG_DWORD 2
Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000


C:\windows\system32\drivers\fltmgr.sys
File Size: 374512 BYTES FileVersion: 6.2.9200.16384 MD5: [b33ec133ae4e6c1881d2302d93d2467d]
C:\windows\SysWOW64\olepro32.dll
File Size: 79360 BYTES FileVersion: 6.2.9200.16384 MD5: [75439663a508a6256f3d50e0e760488b]


MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced:
AutomaticQuarantine: true
AutostartProtection: true
LimitedMode: false
SelfProtection: false
StartSilentMode: false
StartupDelay: 0
ApplicationState:
First-Run-After-Installation: false
General:
DaysUntilNotifyExpiration: 5
Language: en
RightClickAccess: false
SilentErrors: false
Logging:
ExportLog: true
Notification:
ProtectionTray:
DisplayMilliseconds: 7000
ScanHistory:
Duration_Complete: 757000
Duration_Driver: 0
Duration_Filesystem: 4000
Duration_Heuristics: 1624000
Duration_Loading: 0
Duration_MasterBootRecord: 0
Duration_Memory: 40000
Duration_PreScan: 79000
Duration_Registry: 75000
Duration_Sector: 0
Duration_Startup: 111000
ItemCount_Complete: 246102
ItemCount_Driver: 0
ItemCount_Filesystem: 41767
ItemCount_Heuristics: 11680
ItemCount_Loading: 0
ItemCount_MasterBootRecord: 0
ItemCount_Memory: 2797
ItemCount_PreScan: 0
ItemCount_Registry: 646
ItemCount_Sector: 0
ItemCount_Startup: 1596
LastScanDateEpoch: 1406561418442
LastScanType: 1 (Threat Scan)
Update:
LastUpdate: 2014-07-28T15:30:01
NotifyInstallReady: true
NotifyOutdatedDatabase: 1
ProxyPassword:
ProxyPort: 0
ProxyServer:
ProxyUsername:
UseProxy: false
UseProxyAuthentication: false
--------------Account:--------------
Account Status: Free
Expiration Time:
Activation Time:
Trial Used: true
--------------Access Policies:--------------

Scheduler Queue:
================

tasks:
0a62133a-714e-44ac-9809-c9373a7d919f:
parameters:
NotifyWhenUpdateCompletes: true
TaskType: 3
triggers:
6f973d19-18c5-4a4b-a1d3-4b6d99a50b2d:
dateinterval: 0:0:0
lastscheduled: Mon, 28 Jul 2014 11:01:41.631256 -0500
lasttriggered: Sat, 26 Apr 2014 11:53:27.631256 -0500
nextscheduled: Mon, 28 Jul 2014 12:01:41.631256 -0500
recovery: 00:00:00
start: Sat, 26 Apr 2014 11:41:49.621677 -0500
timeinterval: 01:00:00
type: 3
uuid: 6f973d19-18c5-4a4b-a1d3-4b6d99a50b2d
type: update
uuid: 0a62133a-714e-44ac-9809-c9373a7d919f
8056fa30-ba54-4299-bc8d-0c2091d57a32:
parameters:
CheckForUpdatesBeforeScanStart: true
ProcessLaunchedFromScheduler: true
ScanConfig:
ExitWhenNoMalwareDetected: false
ExportLog: true
FileSystemOption: true
RebootSystemWhenMalwareDetected: false
RemoveMalwareAutomaticallyWhenScanEnds: false
ScanArchives: true
ScanExtra: true
ScanHeuristic: true
ScanMemoryObjects: true
ScanPUM: 2
ScanPUP: 2
ScanRegistry: true
ScanRootkits: false
ScanStartup: true
ScanTargets:
ScanType: 1 (Threat Scan)
Silent: true
TerminateExplorerWhenMalwareIsRemoved: false
StartTaskFromSystemAccount: false
TaskType: 0
triggers:
cef34c7f-f80c-4725-b23f-837f7e3770a2:
dateinterval: 1:0:0
lastscheduled: Sun, 27 Jul 2014 21:20:27.345269 -0500
lasttriggered: Mon, 02 Jun 2014 21:31:11.345269 -0500
nextscheduled: Mon, 28 Jul 2014 21:20:27.345269 -0500
recovery: 23:00:00
start: Sun, 27 Apr 2014 02:07:46 -0500
timeinterval: 00:00:00
type: 4
uuid: cef34c7f-f80c-4725-b23f-837f7e3770a2
type: scan
uuid: 8056fa30-ba54-4299-bc8d-0c2091d57a32

Pending File Rename Operations:
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
Pending File Rename Operations:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
PendingFileRenameOperations REG_MULTI_SZ \??\C:\Windows\Tasks\Groovorio Updater.job



MBAMProtector Registry Values:
==============================



MBAMService Registry Values:
============================



MBAMScheduler Registry Values:
==============================



Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

--------------TERMService:--------------
Type: 32
State: 1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE: 1077
SERVICE_EXIT_CODE: 0
CHECKPOINT: 0
WAIT_HINT: 0


TermService Start is set to: 3 (Manual Startup)

Proxy Status: No proxy is Set

Proxy Override:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
ProxyOverride REG_SZ <local>

LAN Settings:
=============

only 'Automatically detect settings' is selected

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SystemPartition REG_SZ \Device\HarddiskVolume2

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
h:mm:ss tt
AM
PM
:

Currently:
REG_SZ h:mm:ss tt
REG_SZ AM
REG_SZ PM
REG_SZ :

Language and Regional Settings:
===============================

ACP: Language is English (United States)
MACCP: Language is English (United States)
OEMCP: Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's Startup Folder Exists.


Context Menu Entries:
=====================
















List of MBAM Related Directories:
=================================

C:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll File Size: 920888 BYTES FileVersion: 9.20.0.0 MD5: [9f522b2708cab181c0f137abbcd1de2e]
changes.txt File Size: 2261 BYTES FileVersion: N/A MD5: [af70267bdf9a37a96f1a79a5c3720ae6]
license.rtf File Size: 39478 BYTES FileVersion: N/A MD5: [8627b31943a534aad30d154c2b2c1aaf]
master.conf File Size: 1258 BYTES FileVersion: N/A MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll File Size: 579896 BYTES FileVersion: 1.0.7.0 MD5: [d32c2a98859cb22d57a665f15f351e7d]
mbam.exe File Size: 6970168 BYTES FileVersion: 1.0.0.532 MD5: [4fbc630768570e6ac35c3de8f6ec79f5]
mbamcore.dll File Size: 1680696 BYTES FileVersion: 1.0.11.0 MD5: [f722fa26739eafcbd8d5f3829b632cd7]
mbamdor.exe File Size: 54072 BYTES FileVersion: 1.0.1.0 MD5: [4da2f2da54a92850f56c0db712058188]
mbamext.dll File Size: 184632 BYTES FileVersion: 3.0.4.0 MD5: [945bb364b09f3a8e998dbff02a0a5a58]
mbampt.exe File Size: 39736 BYTES FileVersion: 1.0.0.0 MD5: [9acd7583584c93ee542c273df8e91dc1]
mbamscheduler.exe File Size: 1809720 BYTES FileVersion: 3.0.2.0 MD5: [d84aea3f3329d622dfc1297dddf6163b]
mbamservice.exe File Size: 860472 BYTES FileVersion: 3.0.2.0 MD5: [4f45ed469906494f9bf754e476390dbd]
mbamsrv.dll File Size: 4437816 BYTES FileVersion: 1.1.0.0 MD5: [9b48e38c35f08fa831b387a0b27c40aa]
mbamtoast.dll File Size: 96568 BYTES FileVersion: 1.70.0.0 MD5: [cb3f6732c7027a65f56bcb4cc7c481d3]
msvcp100.dll File Size: 421688 BYTES FileVersion: 10.0.40219.325 MD5: [e4b829081e639e42985853bae754a53d]
msvcr100.dll File Size: 774456 BYTES FileVersion: 10.0.40219.325 MD5: [80fcedbe920e9cbe30d9d3665bd6efed]
QtCore4.dll File Size: 2732856 BYTES FileVersion: 4.8.4.0 MD5: [30490eed6a1e20e8259c0b9c58f488fe]
QtGui4.dll File Size: 8575288 BYTES FileVersion: 4.8.4.0 MD5: [15e21aa7d0c0c994cd565eeb96d13c20]
QtNetwork4.dll File Size: 909112 BYTES FileVersion: 4.8.4.0 MD5: [d7588d42e29080c32a003bee465160d8]
unins000.dat File Size: 23733 BYTES FileVersion: N/A MD5: [9001080a66ba0c879678d5cdf26d4029]
unins000.exe File Size: 718037 BYTES FileVersion: 51.52.0.0 MD5: [d2796ecf50731e696f0c065d24c0827a]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm File Size: 235882 BYTES FileVersion: N/A MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]
firefox.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]
firefox.pif File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]
firefox.scr File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]
iexplore.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.com File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.pif File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.scr File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-killer.exe File Size: 1181496 BYTES FileVersion: N/A MD5: [c6927fd8f7e9105b64db5d5a08b53731]
rundll32.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]
svchost.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]
windows.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]
winlogon.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
qgif4.dll File Size: 32568 BYTES FileVersion: 4.8.4.0 MD5: [e59f533c26c8375cd120b4791482217e]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_bg.qm File Size: 144048 BYTES FileVersion: N/A MD5: [9ccb79999432d56b9843a3e2b2c90325]
lang_bs.qm File Size: 145523 BYTES FileVersion: N/A MD5: [6ab7a6274d4f9f7553c944f5c66201ba]
lang_ca.qm File Size: 132254 BYTES FileVersion: N/A MD5: [68a83ec63b6e7bc5dbdd412bcc49c6ce]
lang_cs.qm File Size: 141243 BYTES FileVersion: N/A MD5: [6b8acee7f461fa69b83d2c45c3725427]
lang_da.qm File Size: 130101 BYTES FileVersion: N/A MD5: [8539796784746218b229419e99ab308d]
lang_de.qm File Size: 149462 BYTES FileVersion: N/A MD5: [fcd3bc376ad219396e8c7d3c87cd8864]
lang_el.qm File Size: 149912 BYTES FileVersion: N/A MD5: [74f13f95f63fe96c08e571598df052d6]
lang_en.qm File Size: 115961 BYTES FileVersion: N/A MD5: [8c9da1c0ce06b89f8d323bf948bfba4e]
lang_es.qm File Size: 130487 BYTES FileVersion: N/A MD5: [33e1c6d40b841cc2e783ec8d8102e66f]
lang_et.qm File Size: 138126 BYTES FileVersion: N/A MD5: [aa215b5f37a72a69854c9163ac543b51]
lang_fi.qm File Size: 144256 BYTES FileVersion: N/A MD5: [18912c339939c3a6629004ec900f4fe4]
lang_fr.qm File Size: 149253 BYTES FileVersion: N/A MD5: [ec2bf2f431c4273f151b8c8a7b84c387]
lang_he.qm File Size: 116101 BYTES FileVersion: N/A MD5: [9e692744e77051c6ce14df32f9b71920]
lang_hr.qm File Size: 139841 BYTES FileVersion: N/A MD5: [3e3737fe86eb595c5f6817eebf731aa7]
lang_hu.qm File Size: 145621 BYTES FileVersion: N/A MD5: [52d3d7fcf8c8db071ef0573a1357c2fd]
lang_id.qm File Size: 143102 BYTES FileVersion: N/A MD5: [80473d2c73d2f54f2b23c9316f2d0ceb]
lang_it.qm File Size: 146851 BYTES FileVersion: N/A MD5: [7e7aea7d0b433d7e912ed9f0887684a7]
lang_ja.qm File Size: 121282 BYTES FileVersion: N/A MD5: [19ac79b7a5e05d665e417c2dd75afc94]
lang_ko.qm File Size: 118033 BYTES FileVersion: N/A MD5: [de213178c14490bf452ea45278d3442d]
lang_nl.qm File Size: 146325 BYTES FileVersion: N/A MD5: [5aec6f6bdc5e6c28744e6ef374709eeb]
lang_no.qm File Size: 142918 BYTES FileVersion: N/A MD5: [4388c08217618af2e24173af6f5d3f97]
lang_pl.qm File Size: 145434 BYTES FileVersion: N/A MD5: [699700c889447d1f9b607c04f07fff67]
lang_pt_BR.qm File Size: 131739 BYTES FileVersion: N/A MD5: [a3430222223d59da8ec6ea1edae5ee2f]
lang_pt_PT.qm File Size: 149128 BYTES FileVersion: N/A MD5: [afdf1907af4c95f9af510d5fc1bb9067]
lang_ro.qm File Size: 121166 BYTES FileVersion: N/A MD5: [1672a2b3a9807a1497fe43824c0026c0]
lang_ru.qm File Size: 122186 BYTES FileVersion: N/A MD5: [d4dd1eea2b0f52aba2fca4d159c387f7]
lang_sk.qm File Size: 119827 BYTES FileVersion: N/A MD5: [8b200d162e8028843e41aa1a927cfd84]
lang_sl.qm File Size: 143191 BYTES FileVersion: N/A MD5: [1760a6aa6990b2f0c4c71ec04b25ac9c]
lang_sr.qm File Size: 143261 BYTES FileVersion: N/A MD5: [377d15c0da0249f4a7a58978b6307d81]
lang_sv.qm File Size: 142525 BYTES FileVersion: N/A MD5: [2587ead21967296fefdd0ee0684fe8b4]
lang_tr.qm File Size: 142194 BYTES FileVersion: N/A MD5: [880fcbe97ec6f13ec094f7371b5b295f]
lang_vi.qm File Size: 126874 BYTES FileVersion: N/A MD5: [c61281786b5bfec68afc742a19f6abd9]
lang_zh_tr.qm File Size: 110870 BYTES FileVersion: N/A MD5: [f223d83580b1ee35edea13293cb2c80d]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe File Size: 821560 BYTES FileVersion: 1.1.0.1010 MD5: [3a4dcd021d9f3a5305a22e5e309da305]

C:\Users\rac\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref File Size: 314 BYTES FileVersion: N/A MD5: [b26a36c0696e299fdfebe180c09c2737]
cleanup.dat File Size: 9622 BYTES FileVersion: N/A MD5: [6daae8d3278aceef3bace5aaee991381]
cleanup.dll File Size: 1680696 BYTES FileVersion: 1.0.11.0 MD5: [f722fa26739eafcbd8d5f3829b632cd7]
domains.ref File Size: 38 BYTES FileVersion: N/A MD5: [8c30b536b67543eb68e68b9640d4d498]
exclusions.dat File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref File Size: 33 BYTES FileVersion: N/A MD5: [8a1c580788ea8de3f32862c2c1cf373c]
mbamdor.exe File Size: 54072 BYTES FileVersion: 1.0.1.0 MD5: [4da2f2da54a92850f56c0db712058188]
rules.ref File Size: 8993098 BYTES FileVersion: N/A MD5: [ecc46b163dcd713608bc3da5f925be7a]
swissarmy.ref File Size: 21901 BYTES FileVersion: N/A MD5: [ca847b138da2d57a4c339756517863c1]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf File Size: 4491 BYTES FileVersion: N/A MD5: [bf11b783259148e8f39bdc568329934f]
database.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf File Size: 258 BYTES FileVersion: N/A MD5: [ad79fbaf84cf9b2a4ca9d01040082d94]
manifest.conf File Size: 2126 BYTES FileVersion: N/A MD5: [bbfe44c1b418fbfcc8c57ee92a1ffbc4]
marketing.conf File Size: 1434 BYTES FileVersion: N/A MD5: [19533c40d9c9778b2ab423dbcf063d80]
net.conf File Size: 6104 BYTES FileVersion: N/A MD5: [db0fd4b331846f098dd02b42eeae2405]
notifications.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf File Size: 2241 BYTES FileVersion: N/A MD5: [cfd5597c3ccd31cf40a3336acda1e72e]
settings.conf File Size: 2021 BYTES FileVersion: N/A MD5: [2fed1d5b7acf7e0cffb316009349fd22]
statistics.conf File Size: 597 BYTES FileVersion: N/A MD5: [42d28a5ef480b93ae8404e33ab8e2845]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
mbam-log-2014-04-26 (11-33-39).xml File Size: 89530 BYTES FileVersion: N/A MD5: [2aafb3a56450a7efd4c5f42872b4ce1c]
mbam-log-2014-07-27 (13-47-19).xml File Size: 2462 BYTES FileVersion: N/A MD5: [6e743089ab7c6dab02fd245c34b63aec]
mbam-log-2014-07-28 (10-29-46).xml File Size: 17150 BYTES FileVersion: N/A MD5: [046d8e2cc0d21e6ad460f8f3439370fe]
protection-log-2014-04-26.xml File Size: 6439 BYTES FileVersion: N/A MD5: [cf24bb295dc3cce602a3db2e172a89d0]
protection-log-2014-04-27.xml File Size: 2053 BYTES FileVersion: N/A MD5: [51bf77b3d40dff4eb1c220d139f25296]
protection-log-2014-05-03.xml File Size: 2358 BYTES FileVersion: N/A MD5: [3de1f4f915d90181d10c01d0b3176561]
protection-log-2014-05-13.xml File Size: 885 BYTES FileVersion: N/A MD5: [f26bf299ff71035f86e91ad0f883b7df]
protection-log-2014-05-31.xml File Size: 885 BYTES FileVersion: N/A MD5: [f144a7afa3c6a524fe71e2443a6b8080]
protection-log-2014-06-02.xml File Size: 885 BYTES FileVersion: N/A MD5: [cb9f85bb2c6504c32d4658e4557cd662]
protection-log-2014-07-14.xml File Size: 661 BYTES FileVersion: N/A MD5: [3fdbab13cc6820080c1d6da4a53c2752]
protection-log-2014-07-27.xml File Size: 661 BYTES FileVersion: N/A MD5: [85d05e5f776cb2b1efe868b300f0682e]
protection-log-2014-07-28.xml File Size: 360 BYTES FileVersion: N/A MD5: [16fc8e18a6b7d8f3cccedb82dbf79302]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
0374100933.data File Size: 708 BYTES FileVersion: N/A MD5: [01fccc85a00d8f414832f0e688f1a7c9]
0374100933.quar File Size: 2634 BYTES FileVersion: N/A MD5: [11feb61fef297141c1b7f353d888f952]
0530160443.data File Size: 732 BYTES FileVersion: N/A MD5: [850d448e662640110fb737748970e65c]
0530160443.quar File Size: 73 BYTES FileVersion: N/A MD5: [10dfb2d55160386ec827ab9c94453811]
1281311757.data File Size: 716 BYTES FileVersion: N/A MD5: [5b8579fc9a8ce82cfb021dc574f61b76]
2240664991.data File Size: 842 BYTES FileVersion: N/A MD5: [178d1780f01a99e255e465c2da84a0d1]
2240664991.quar File Size: 1474 BYTES FileVersion: N/A MD5: [9d26ab18075f7bf2d9f0812e2f8ef473]
2465245166.data File Size: 730 BYTES FileVersion: N/A MD5: [3b94017df0641b5fc7a0af496f96ae79]
2465245166.quar File Size: 445 BYTES FileVersion: N/A MD5: [338d262b15c4c0bdf5bcc46b161e9e59]
2514700601.data File Size: 730 BYTES FileVersion: N/A MD5: [94696df2c4e53d6be8fb1c5e85c48a23]
2514700601.quar File Size: 2536 BYTES FileVersion: N/A MD5: [344ace68fe23e5d277b4ccabc324397d]
3207734501.data File Size: 774 BYTES FileVersion: N/A MD5: [1c3ff3ff19dbeff16c925a106717ef92]
3207734501.quar File Size: 468 BYTES FileVersion: N/A MD5: [a012b2204c5c4ba2fa84298b4c720663]
3303079842.data File Size: 710 BYTES FileVersion: N/A MD5: [5122049bbd981aa2819f84991154f14f]
3303079842.quar File Size: 1018 BYTES FileVersion: N/A MD5: [00bf8f4651d16a9177dbf62cd3ec8034]
3515488900.data File Size: 725 BYTES FileVersion: N/A MD5: [c4bdda8c4c3e639a70f40b7968c03aaf]
4139230615.data File Size: 743 BYTES FileVersion: N/A MD5: [f0e5c9f0ff37ccae7959978845fd348c]
4139230615.quar File Size: 1113 BYTES FileVersion: N/A MD5: [ab51761060f08464fd40af9ec22400d3]
4487887016.data File Size: 744 BYTES FileVersion: N/A MD5: [2ab54e5bed5f2c872e04aa029de40946]
4487887016.quar File Size: 323 BYTES FileVersion: N/A MD5: [9387c44f84b3f97846ba60d18042fc4c]
5131652525.data File Size: 711 BYTES FileVersion: N/A MD5: [0d845ca23da2b91c9b11740c43913f82]
5131652525.quar File Size: 714752 BYTES FileVersion: N/A MD5: [13b8c10da47e0fd03a78a4eafd3a12a4]
5251711126.data File Size: 717 BYTES FileVersion: N/A MD5: [0575bc4623a9235688c83c9a12a95099]
5829868171.data File Size: 730 BYTES FileVersion: N/A MD5: [094d5e546f12e3bff2e2afb2c27582a7]
5829868171.quar File Size: 46 BYTES FileVersion: N/A MD5: [614b78d9ae47786efff7d0ab3341c303]
6325984498.data File Size: 743 BYTES FileVersion: N/A MD5: [ce53f60d275815c2e16aad304a83f79b]
6325984498.quar File Size: 680 BYTES FileVersion: N/A MD5: [150d0888756b0bef0b8c222c85aa99e8]
6331552351.data File Size: 709 BYTES FileVersion: N/A MD5: [f6a66b321fa6d2cd722ce8a6cc127593]
6621009228.data File Size: 729 BYTES FileVersion: N/A MD5: [e120bf72c3149a8996a219e5ba47278d]
6621009228.quar File Size: 793 BYTES FileVersion: N/A MD5: [20d2e5e71dd584c848d35c4ddd91c012]
6789455913.data File Size: 697 BYTES FileVersion: N/A MD5: [1c8b76d42bac9154157660d978ff8db0]
7423132289.data File Size: 710 BYTES FileVersion: N/A MD5: [ccb7bf4870185d9540db010bc7b9ed04]
7581155123.data File Size: 736 BYTES FileVersion: N/A MD5: [8832079390a13e2f70c46bce55e6acff]
7581155123.quar File Size: 392 BYTES FileVersion: N/A MD5: [3cf988f399d651725c62e3893eddc2f7]
7717230334.data File Size: 709 BYTES FileVersion: N/A MD5: [bc568cf1b61edbfd2694bdb7f8639c47]
7717230334.quar File Size: 599419 BYTES FileVersion: N/A MD5: [0bf23401b5f38d0c1101a8299d4a5328]
7762913240.data File Size: 703 BYTES FileVersion: N/A MD5: [92de2c384046df79033f960f804de0f7]
7762913240.quar File Size: 296 BYTES FileVersion: N/A MD5: [ac2fd3c538a22502472d81a7dacc1e0c]
8231083057.data File Size: 733 BYTES FileVersion: N/A MD5: [3e566fe8bff271147ebdb89e83eb98f6]
8231083057.quar File Size: 294 BYTES FileVersion: N/A MD5: [680e1be2473d29838f4e3b6edee35de6]
8492947682.data File Size: 804 BYTES FileVersion: N/A MD5: [c1b2b467f10064f102e73d220cf9ca25]
8584687802.data File Size: 709 BYTES FileVersion: N/A MD5: [8ca0ce0610d61a70bdb6f231559699ce]
8584687802.quar File Size: 1150 BYTES FileVersion: N/A MD5: [8a4a31a0d0cf79e51f04a53d92bb8ef9]
8624160505.data File Size: 712 BYTES FileVersion: N/A MD5: [8c885e17f9b5335530898c2ec6ca1943]
8739424324.data File Size: 700 BYTES FileVersion: N/A MD5: [839dcd9374f7a71cc71609a96ffe965d]
8876204563.data File Size: 721 BYTES FileVersion: N/A MD5: [0e7a18bcc20d2f6dee52fe150f4f8f9a]
9250375693.data File Size: 708 BYTES FileVersion: N/A MD5: [b720c7e34f5eb2096163086ac3cc7575]
9250375693.quar File Size: 1024 BYTES FileVersion: N/A MD5: [eb72f5238a85dc264bff8ca296fa64b0]
9251593487.data File Size: 783 BYTES FileVersion: N/A MD5: [beef89ec7a8b7d5af981aca4d47becd7]
9251593487.quar File Size: 3608 BYTES FileVersion: N/A MD5: [c8d2a42afd31dab6eacaf567c4d52340]
9283951524.data File Size: 732 BYTES FileVersion: N/A MD5: [138f96328a838e7945918f8dd4a67de8]
9283951524.quar File Size: 195 BYTES FileVersion: N/A MD5: [bcbdf3195610a985e14bc597a0448bab]
9366069967.data File Size: 731 BYTES FileVersion: N/A MD5: [91182800a000c1c102d4ca9c51a56e53]
9366069967.quar File Size: 56 BYTES FileVersion: N/A MD5: [cc16b0d5b460f9959a6f049e802ce956]

Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
Vendor: PUP.Optional.Groovorio.A, Date: 2014/07/28 15:30:19, Type: File, Location: C:\Windows\System32\Tasks\Groovorio Updater
Vendor: PUP.Optional.Groovorio.A, Date: 2014/07/28 15:30:19, Type: File, Location: C:\Users\rac\AppData\Roaming\GroovorioUpdater\UpdateProc\config.dat
Vendor: PUP.Optional.DynamicPricer.A, Date: 2014/07/28 15:30:19, Type: Folder, Location: C:\Users\rac\AppData\Local\DynamicPricer\Chrome
Vendor: PUP.Optional.Groovorio, Date: 2014/07/28 15:30:19, Type: Registry Key, Location: HKU\S-1-5-21-2961404673-414218333-4232183137-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Vendor: PUP.Optional.DynamicPricer.A, Date: 2014/07/28 15:30:19, Type: File, Location: C:\Users\rac\AppData\Local\DynamicPricer\Chrome\manifest.json
Vendor: PUP.Optional.DynamicPricer.A, Date: 2014/07/28 15:30:19, Type: File, Location: C:\Users\rac\AppData\Local\DynamicPricer\Chrome\background.js
Vendor: PUP.Optional.Groovorio.A, Date: 2014/07/28 15:30:19, Type: Registry Key, Location: HKU\S-1-5-21-2961404673-414218333-4232183137-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\groovorio
Vendor: PUP.Optional.SearchProtect, Date: 2014/07/28 15:30:19, Type: Registry Key, Location: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD
Vendor: PUP.Optional.DynamicPricer.A, Date: 2014/07/28 15:30:19, Type: Folder, Location: C:\Users\rac\AppData\Local\DynamicPricer\Firefox\content
Vendor: PUP.Optional.DynamicPricer.A, Date: 2014/07/28 15:30:19, Type: File, Location: C:\Users\rac\AppData\Local\DynamicPricer\Firefox\content\browserOverlay.js
Vendor: PUP.Optional.DynamicPricer.A, Date: 2014/07/28 15:30:19, Type: File, Location: C:\Users\rac\AppData\Local\DynamicPricer\Firefox\content\browserOverlay.xul
Vendor: PUP.Optional.Groovorio.A, Date: 2014/07/28 15:30:19, Type: File, Location: C:\Program Files (x86)\Groovorio\uninstall.exe
Vendor: PUP.Optional.DynamicPricer.A, Date: 2014/07/28 15:30:19, Type: Folder, Location: C:\Users\rac\AppData\Local\DynamicPricer\Firefox
Vendor: PUP.Optional.Groovorio.A, Date: 2014/07/28 15:30:19, Type: File, Location: C:\Users\rac\AppData\Roaming\GroovorioUpdater\UpdateProc\info.dat
Vendor: PUP.Optional.Groovorio.A, Date: 2014/07/28 15:30:19, Type: Registry Key, Location: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Groovorio
Vendor: PUP.Optional.DynamicPricer.A, Date: 2014/07/28 15:30:19, Type: Folder, Location: C:\Users\rac\AppData\Local\DynamicPricer
Vendor: PUP.Optional.DynamicPricer.A, Date: 2014/07/28 15:30:19, Type: File, Location: C:\Users\rac\AppData\Local\DynamicPricer\Firefox\install.rdf
Vendor: PUP.Optional.Groovorio.A, Date: 2014/07/28 15:30:19, Type: Folder, Location: C:\PROGRAM FILES (X86)\Groovorio
Vendor: PUP.Optional.Groovorio.A, Date: 2014/07/28 15:30:19, Type: Folder, Location: C:\Users\rac\AppData\Roaming\GroovorioUpdater
Vendor: PUP.Optional.Groovorio.A, Date: 2014/07/28 15:30:19, Type: Registry Key, Location: HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\blmchfpimpbbdmgpcieclabeafkljbhm
Vendor: PUP.Optional.Groovorio.A, Date: 2014/07/28 15:30:19, Type: File, Location: C:\Program Files (x86)\Groovorio\Sqlite3.dll
Vendor: PUP.Optional.Groovorio.A, Date: 2014/07/28 15:30:19, Type: File, Location: C:\Windows\Tasks\Groovorio Updater.job
Vendor: PUP.Optional.DynamicPricer.A, Date: 2014/07/28 15:30:19, Type: File, Location: C:\Users\rac\AppData\Local\DynamicPricer\Firefox\chrome.manifest
Vendor: PUP.Optional.SearchProtect, Date: 2014/07/28 15:30:19, Type: Registry Value, Location: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath
Vendor: PUP.Optional.Groovorio.A, Date: 2014/07/28 15:30:19, Type: File, Location: C:\Program Files (x86)\Groovorio\FavIcon.ico
Vendor: PUP.Optional.DynamicPricer.A, Date: 2014/07/28 15:30:19, Type: Folder, Location: C:\Users\rac\AppData\Local\DynamicPricer\IE
Vendor: PUP.Optional.Groovorio.A, Date: 2014/07/28 15:30:19, Type: Folder, Location: C:\PROGRAM FILES (X86)\Groovorio\bh
Vendor: PUP.Optional.Groovorio.A, Date: 2014/07/28 15:30:19, Type: Folder, Location: C:\Users\rac\AppData\Roaming\GroovorioUpdater\UpdateProc
Vendor: PUP.Optional.Groovorio.A, Date: 2014/07/28 15:30:19, Type: File, Location: C:\Program Files (x86)\Groovorio\uninst.dat
Vendor: PUP.Optional.Superfish.A, Date: 2014/07/28 15:30:19, Type: File, Location: C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal
Vendor: PUP.Optional.DynamicPricer.A, Date: 2014/07/28 15:30:19, Type: File, Location: C:\Users\rac\AppData\Local\DynamicPricer\Chrome\background.html
Vendor: PUP.Optional.DynamicPricer.A, Date: 2014/07/28 15:30:19, Type: File, Location: C:\Users\rac\AppData\Local\DynamicPricer\Firefox\content\h.css
===============================================================
END OF FILE

I've already run Eset once already shall I run it again?
Also, I'm about to be leaving for work so I apologize for any delayed response.

#11 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:23 PM

Posted 28 July 2014 - 12:44 PM

Restart the computer.

 

Please post the Eset log in your topic.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users