Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Google Chrome Virus


  • Please log in to reply
9 replies to this topic

#1 ashthebrit3

ashthebrit3

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 13 October 2014 - 10:49 AM

Hello all,
 
I recently have contracted a virus on my pc that is calling itself google chrome. I haven't ever downloaded google chrome and yet, it somehow is on my pc. It only shows up in my processes tab and I am unable to remove it as it recreates itself when I try to. It is hidden in my loval C: drive and has really messed with my computer as it now freezes quite often and is much slower than before.
 
Can somebody help me out here.
 
Thanks

Edited by Queen-Evie, 13 October 2014 - 10:50 AM.
moved from Windows 7 to the appropriate forum


BC AdBot (Login to Remove)

 


m

#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 29,991 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:21 AM

Posted 13 October 2014 - 11:10 AM

Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
mbamreplace_zps3ead4824.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 

 

To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.

 

 

 
Please run AdwCleaner
 
Please download AdwCleaner and install it.
 
When AdwCleaner opens you will see an image like the one below.
 
adwcleaner11_zps48314883.png
 
Click on Scan to start the scan.
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.

 

 
 

 

Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to have the time to allow this to run till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

  • Click on this link to open ESET OnlineScan in a new window.
  • The ESET Online Scanner page will open, click on Yes, I agree to the trems of use, then click on Start, the scan will now begine.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 ashthebrit3

ashthebrit3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 13 October 2014 - 01:49 PM

mbam-check result log version:     2.1.1.1001
========================================

User Account type:                 Administrator
OS:                                Windows 7 Service Pack 1 Service Pack 1 64 bit Operating System
Current Version and Build:         6.1.7601.0 
Malwarebytes Anti-Malware:         2.0.2.1012
Installed On:                      2014/10/13
Malware Database:                  2014.10.13.07
Rootkit Database:                  2014.10.11.01
Remediation Database:              2013.10.16.01
IP Database:                       0000.00.00.00
Domain Database:                   0000.00.00.00
License:                           Trial
Malware Protection:                4 (The service is running.)
Malicious Website Protection:      4 (The service is running.)
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2014/10/13 14:46:38
Compatibility Flag Settings:
=================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
	C:\Program Files\Autodesk\DWG TrueView 2014\dwgviewr.exeREG_SZ		DISABLEUSERCALLBACKEXCEPTION



Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:

MBAM Startup Entries: 
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
	NCPluginUpdater               REG_SZ		"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update

Malwarebytes Anti-Malware Service and Driver Status:
=======================================================

--------------Driver File Info:--------------
C:\Windows\system32\drivers\mbam.sys
File Size: 25816     BYTES	FileVersion: 0.1.13.0	MD5: [f92b0e478c0faa6d6661e6e977247e60]
C:\Windows\system32\drivers\mwac.sys
File Size: 63704     BYTES	FileVersion: 1.0.1.0	MD5: [15e8abc06843672955ce26a009533bad]
C:\Windows\system32\drivers\mbamswissarmy.sys
File Size: 122584    BYTES	FileVersion: 0.1.7.0	MD5: [8a50d5304e6ae48664cf5838ec32f647]
C:\Windows\system32\drivers\mbamchameleon.sys
File Size: 91352     BYTES	FileVersion: 1.0.4.0	MD5: [9d9ed48f841ea37aa5310d54b9e5d3c7]

--------------MBAMProtector:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


--------------MBAMService:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


--------------MBAMScheduler:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMWebAccessControl:--------------
Type:                   1
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


Required Dependencies:
======================

--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
	DisplayName                   REG_SZ		@%SystemRoot%\system32\bfe.dll,-1001
	Group                         REG_SZ		NetworkProvider
	ImagePath                     REG_EXPAND_SZ	%systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
	Description                   REG_SZ		@%SystemRoot%\system32\bfe.dll,-1002
	ObjectName                    REG_SZ		NT AUTHORITY\LocalService
	ErrorControl                  REG_DWORD		1
	Start                         REG_DWORD		2
	Type                          REG_DWORD		32
	DependOnService               REG_MULTI_SZ	RpcSs

	ServiceSidType                REG_DWORD		3
	RequiredPrivileges            REG_MULTI_SZ	SeAuditPrivilege

	FailureActions                REG_BINARY	Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
	ServiceDll                    REG_EXPAND_SZ	%SystemRoot%\System32\bfe.dll
	ServiceDllUnloadOnStop        REG_DWORD		1
	ServiceMain                   REG_SZ		BfeServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
	{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY	Binary Data

	{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY	Binary Data

	{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY	Binary Data

	{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY	Binary Data

	{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY	Binary Data

	{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY	Binary Data

	{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY	Binary Data

	{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY	Binary Data

	{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY	Binary Data

	{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY	Binary Data

	{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY	Binary Data

	{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY	Binary Data

	{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY	Binary Data

	{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY	Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout
	{22001ee0-8e87-4f75-ba58-248f5918a63a}REG_BINARY	Binary Data

	{79f2a265-b693-4cc9-b480-cbcd87bd4747}REG_BINARY	Binary Data

	{c4b50f21-503e-4d7a-abd4-ed0a823a2453}REG_BINARY	Binary Data

	{91e902db-2cef-4040-b8e2-02fe4fd49c25}REG_BINARY	Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
	{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY	Binary Data

	{f444c576-6e60-4ea2-9faa-80d57ed12cd2}REG_BINARY	Binary Data

	{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY	Binary Data

	{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY	Binary Data

	{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY	Binary Data

	{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY	Binary Data

	{4d9581d2-aef8-4993-84cd-b986ced80d42}REG_BINARY	Binary Data

	{be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}REG_BINARY	Binary Data

	{716b48eb-0a35-4a76-92ab-1d987230d288}REG_BINARY	Binary Data

	{1165065e-4996-4338-abaf-4b8556b4d431}REG_BINARY	Binary Data

	{07a24961-a760-4e80-b263-6d275e1b09cb}REG_BINARY	Binary Data

	{5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}REG_BINARY	Binary Data

	{b6b2ca61-fb98-4422-adc2-e7cf56b3680c}REG_BINARY	Binary Data

	{0aa7fff8-919f-453c-928c-28a12122ba38}REG_BINARY	Binary Data

	{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY	Binary Data

	{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY	Binary Data

	{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY	Binary Data

	{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY	Binary Data

	{91ffecf0-0a9e-4572-95f1-a7111af86967}REG_BINARY	Binary Data

	{64e55933-15a5-495d-a928-ccca43d44875}REG_BINARY	Binary Data

	{13bfd422-6f75-4408-8924-9400ec0cb19c}REG_BINARY	Binary Data

	{cbfb56db-3c85-4543-9bc2-76ea28cdd74e}REG_BINARY	Binary Data

	{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY	Binary Data

	{375fb39b-08c6-40f2-bdf2-08fa63f970a2}REG_BINARY	Binary Data

	{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY	Binary Data

	{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY	Binary Data

	{b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY	Binary Data

	{3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY	Binary Data

	{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY	Binary Data

	{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY	Binary Data

	{b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY	Binary Data

	{d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY	Binary Data

	{8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY	Binary Data

	{4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY	Binary Data

	{3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY	Binary Data

	{17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY	Binary Data

	{567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY	Binary Data

	{4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY	Binary Data

	{3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY	Binary Data

	{56b4fdc4-bb4e-4c42-a9d8-f627ee15ac21}REG_BINARY	Binary Data

	{1ba41ed8-151d-4577-9272-317856bc637c}REG_BINARY	Binary Data

	{9248d57e-f843-4159-807d-3813173e2096}REG_BINARY	Binary Data

	{4658cd86-525d-44ed-98a5-791a7b8655f1}REG_BINARY	Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
	{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY	Binary Data

	{4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY	Binary Data

	{1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY	Binary Data

	{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY	Binary Data

	{839cd73f-1907-49ea-9aa5-0e6be9048087}REG_BINARY	Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
	{b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY	Binary Data

	{b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY	Binary Data

	{b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY	Binary Data

	{9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY	Binary Data

	{8c36b346-4e0c-4049-8b55-5295ac35567c}REG_BINARY	Binary Data

--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
	AttachWhenLoaded              REG_DWORD		1
	DisplayName                   REG_SZ		@%SystemRoot%\system32\drivers\fltmgr.sys,-10001
	Group                         REG_SZ		FSFilter Infrastructure
	ImagePath                     REG_EXPAND_SZ	system32\drivers\fltmgr.sys
	Description                   REG_SZ		@%SystemRoot%\system32\drivers\fltmgr.sys,-10000
	ErrorControl                  REG_DWORD		3
	Start                         REG_DWORD		0
	Tag                           REG_DWORD		1
	Type                          REG_DWORD		2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
	0                             REG_SZ		Root\LEGACY_FLTMGR\0000
	Count                         REG_DWORD		1
	NextInstance                  REG_DWORD		1


C:\Windows\system32\drivers\fltmgr.sys
File Size: 289664    BYTES	FileVersion: 6.1.7601.17514	MD5: [da6b67270fd9db3697b20fce94950741]
C:\Windows\SysWOW64\comctl32.ocx
File Size: 608448    BYTES	FileVersion: 6.0.81.5	MD5: [eb5f811c1f78005b3c147599a0cccf51]
C:\Windows\SysWOW64\mscomctl.ocx
File Size: 1070232   BYTES	FileVersion: 6.1.98.39	MD5: [766f501b61c22723536af696a74133d4]
C:\Windows\SysWOW64\olepro32.dll
File Size: 90112     BYTES	FileVersion: 6.1.7601.17514	MD5: [703ffd301ab900b047337c5d40fd6f96]


MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced: 
    AutomaticQuarantine:                                       true 
    AutostartProtection:                                       true 
    LimitedMode:                                               false 
    StartSilentMode:                                           false 
    StartupDelay:                                              0 
ApplicationState: 
    First-Run-After-Installation:                              false 
General: 
    DaysUntilNotifyExpiration:                                 5 
    Language:                                                  en 
    RightClickAccess:                                          false 
    SilentErrors:                                              false 
Logging: 
    ExportLog:                                                 true 
Notification: 
ProtectionTray: 
    DisplayMilliseconds:                                       7000 
ScanHistory: 
    Duration_Complete:                                         833000 
    Duration_Driver:                                           0 
    Duration_Filesystem:                                       0 
    Duration_Heuristics:                                       1012000 
    Duration_Loading:                                          0 
    Duration_MasterBootRecord:                                 0 
    Duration_Memory:                                           40000 
    Duration_PreScan:                                          133000 
    Duration_Registry:                                         49000 
    Duration_Sector:                                           0 
    Duration_Startup:                                          66000 
    ItemCount_Complete:                                        254153 
    ItemCount_Driver:                                          0 
    ItemCount_Filesystem:                                      45148 
    ItemCount_Heuristics:                                      20179 
    ItemCount_Loading:                                         0 
    ItemCount_MasterBootRecord:                                0 
    ItemCount_Memory:                                          2797 
    ItemCount_PreScan:                                         0 
    ItemCount_Registry:                                        630 
    ItemCount_Sector:                                          0 
    ItemCount_Startup:                                         2075 
    LastScanDateEpoch:                                         1413223096886 
    LastScanType:                                              1 (Threat Scan)
Update: 
    LastUpdate:                                                2014-10-13T17:58:15 
    NotifyInstallReady:                                        true 
    NotifyOutdatedDatabase:                                    1 
    ProxyPassword:                                              
    ProxyPort:                                                 0 
    ProxyServer:                                                
    ProxyUsername:                                              
    UseProxy:                                                  false 
    UseProxyAuthentication:                                    false 
--------------Account:--------------
  Account Status:                                              Trial 
  Expiration Time:                                             2014/10/27 17:56:49 
  Activation Time:                                             2014/10/13 17:56:49 
  Trial Used:                                                  true 
--------------Access Policies:--------------

Scheduler Queue:
================

tasks: 
    6a8d4f92-db7e-4329-92e8-bb785157dab5:                       
      parameters:                                               
        NotifyWhenUpdateCompletes:                             true 
        TaskType:                                              3 
      triggers:                                                 
        8e202ff1-03b3-46d7-a842-1b5636fac966:                   
          dateinterval:                                        0:0:0 
          lastscheduled:                                       Mon, 13 Oct 2014 14:00:45.256717 -0400 
          lasttriggered:                                       Mon, 13 Oct 2014 14:00:45.256717 -0400 
          nextscheduled:                                       Mon, 13 Oct 2014 15:03:06.256717 -0400 
          recovery:                                            00:00:00 
          start:                                               Mon, 13 Oct 2014 14:13:59.236384 -0400 
          timeinterval:                                        01:00:00 
          type:                                                3 
          uuid:                                                8e202ff1-03b3-46d7-a842-1b5636fac966 
      type:                                                    update 
      uuid:                                                    6a8d4f92-db7e-4329-92e8-bb785157dab5 
    780c03d3-15c8-4ebc-b8ef-1e105ff102c7:                       
      parameters:                                               
        CheckForUpdatesBeforeScanStart:                        true 
        ScanConfig:                                             
          ExitWhenNoMalwareDetected:                           false 
          ExportLog:                                           true 
          FileSystemOption:                                    true 
          RebootSystemWhenMalwareDetected:                     false 
          RemoveMalwareAutomaticallyWhenScanEnds:              false 
          ScanArchives:                                        true 
          ScanExtra:                                           true 
          ScanHeuristic:                                       true 
          ScanMemoryObjects:                                   true 
          ScanPUM:                                             2 
          ScanPUP:                                             2 
          ScanRegistry:                                        true 
          ScanRootkits:                                        false 
          ScanStartup:                                         true 
          ScanTargets:                                          
          ScanType:                                            1 (Threat Scan)
          Silent:                                              true 
          TerminateExplorerWhenMalwareIsRemoved:               false 
        StartTaskFromSystemAccount:                            false 
        TaskType:                                              0 
      triggers:                                                 
        a65fe071-2290-4df7-b10b-98c5acd8659a:                   
          dateinterval:                                        1:0:0 
          lastscheduled:                                        
          lasttriggered:                                        
          nextscheduled:                                       Tue, 14 Oct 2014 03:53:31 -0400 
          recovery:                                            23:00:00 
          start:                                               Tue, 14 Oct 2014 03:46:29 -0400 
          timeinterval:                                        00:00:00 
          type:                                                4 
          uuid:                                                a65fe071-2290-4df7-b10b-98c5acd8659a 
      type:                                                    scan 
      uuid:                                                    780c03d3-15c8-4ebc-b8ef-1e105ff102c7 

Pending File Rename Operations: 
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
Pending File Rename Operations: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
	PendingFileRenameOperations	REG_MULTI_SZ	\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\cleanup.old



MBAMProtector Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
	Type                          REG_DWORD		2
	Start                         REG_DWORD		3
	ErrorControl                  REG_DWORD		1
	ImagePath                     REG_EXPAND_SZ	\??\C:\Windows\system32\drivers\mbam.sys
	Group                         REG_SZ		FSFilter Anti-Virus
	DependOnService               REG_MULTI_SZ	FltMgr

	WOW64                         REG_DWORD		1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
	DefaultInstance               REG_SZ		MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
	Altitude                      REG_SZ		328800
	Flags                         REG_DWORD		0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters
	PassThruFile                  REG_SZ		mbampt.exe
	ProductPath                   REG_SZ		C:\Program Files (x86)\Malwarebytes Anti-Malware
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum
	0                             REG_SZ		Root\LEGACY_MBAMPROTECTOR\0000
	Count                         REG_DWORD		1
	NextInstance                  REG_DWORD		1

MBAMService Registry Values:
============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
	Type                          REG_DWORD		16
	Start                         REG_DWORD		2
	ErrorControl                  REG_DWORD		1
	ImagePath                     REG_EXPAND_SZ	"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
	DependOnService               REG_MULTI_SZ	MBAMProtector

	WOW64                         REG_DWORD		1
	ObjectName                    REG_SZ		LocalSystem
	Description                   REG_SZ		Malwarebytes Anti-Malware service
	DelayedAutostart              REG_DWORD		0

MBAMScheduler Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler
	Type                          REG_DWORD		16
	Start                         REG_DWORD		2
	ErrorControl                  REG_DWORD		1
	ImagePath                     REG_EXPAND_SZ	"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
	WOW64                         REG_DWORD		1
	ObjectName                    REG_SZ		LocalSystem
	Description                   REG_SZ		Malwarebytes Anti-Malware scheduler

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


TermService Start is set to: 3 (Manual Startup)

Proxy Status: No proxy is Set

Proxy Override: 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
	ProxyOverride	REG_SZ		<local>;*.local

LAN Settings:
=============

only 'Automatically detect settings' is selected

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
	SystemPartition	REG_SZ		\Device\HarddiskVolume1

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
		h:mm:ss tt
		AM 
		PM 
		:

Currently:
REG_SZ		h:mm:ss tt
REG_SZ		AM
REG_SZ		PM
REG_SZ		:

Language and Regional Settings:
===============================

ACP: 	Language is English (United States)
MACCP: 	Language is English (United States)
OEMCP: 	Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's Startup Folder Exists.


Context Menu Entries:
=====================
















List of MBAM Related Directories:
=================================

C:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll                                  	File Size: 920888    BYTES	FileVersion:  9.20.0.0       MD5: [9f522b2708cab181c0f137abbcd1de2e]
changes.txt                             	File Size: 2261      BYTES	FileVersion:  N/A            MD5: [af70267bdf9a37a96f1a79a5c3720ae6]
license.rtf                             	File Size: 39478     BYTES	FileVersion:  N/A            MD5: [8627b31943a534aad30d154c2b2c1aaf]
master.conf                             	File Size: 1258      BYTES	FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                	File Size: 579896    BYTES	FileVersion:  1.0.7.0        MD5: [d32c2a98859cb22d57a665f15f351e7d]
mbam.exe                                	File Size: 6970168   BYTES	FileVersion:  1.0.0.532      MD5: [4fbc630768570e6ac35c3de8f6ec79f5]
mbamcore.dll                            	File Size: 1680696   BYTES	FileVersion:  1.0.11.0       MD5: [f722fa26739eafcbd8d5f3829b632cd7]
mbamdor.exe                             	File Size: 54072     BYTES	FileVersion:  1.0.1.0        MD5: [4da2f2da54a92850f56c0db712058188]
mbamext.dll                             	File Size: 184632    BYTES	FileVersion:  3.0.4.0        MD5: [945bb364b09f3a8e998dbff02a0a5a58]
mbampt.exe                              	File Size: 39736     BYTES	FileVersion:  1.0.0.0        MD5: [9acd7583584c93ee542c273df8e91dc1]
mbamscheduler.exe                       	File Size: 1809720   BYTES	FileVersion:  3.0.2.0        MD5: [d84aea3f3329d622dfc1297dddf6163b]
mbamservice.exe                         	File Size: 860472    BYTES	FileVersion:  3.0.2.0        MD5: [4f45ed469906494f9bf754e476390dbd]
mbamsrv.dll                             	File Size: 4437816   BYTES	FileVersion:  1.1.0.0        MD5: [9b48e38c35f08fa831b387a0b27c40aa]
msvcp100.dll                            	File Size: 421688    BYTES	FileVersion:  10.0.40219.325 MD5: [e4b829081e639e42985853bae754a53d]
msvcr100.dll                            	File Size: 774456    BYTES	FileVersion:  10.0.40219.325 MD5: [80fcedbe920e9cbe30d9d3665bd6efed]
QtCore4.dll                             	File Size: 2732856   BYTES	FileVersion:  4.8.4.0        MD5: [30490eed6a1e20e8259c0b9c58f488fe]
QtGui4.dll                              	File Size: 8575288   BYTES	FileVersion:  4.8.4.0        MD5: [15e21aa7d0c0c994cd565eeb96d13c20]
QtNetwork4.dll                          	File Size: 909112    BYTES	FileVersion:  4.8.4.0        MD5: [d7588d42e29080c32a003bee465160d8]
unins000.dat                            	File Size: 23377     BYTES	FileVersion:  N/A            MD5: [e065b125b807f977de275d65ed8563a7]
unins000.exe                            	File Size: 718037    BYTES	FileVersion:  51.52.0.0      MD5: [d2796ecf50731e696f0c065d24c0827a]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                           	File Size: 235882    BYTES	FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                             	File Size: 750392    BYTES	FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
firefox.exe                             	File Size: 750392    BYTES	FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
firefox.pif                             	File Size: 750392    BYTES	FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
firefox.scr                             	File Size: 750392    BYTES	FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
iexplore.exe                            	File Size: 750392    BYTES	FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.com                      	File Size: 750392    BYTES	FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.exe                      	File Size: 750392    BYTES	FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.pif                      	File Size: 750392    BYTES	FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.scr                      	File Size: 750392    BYTES	FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-killer.exe                         	File Size: 1181496   BYTES	FileVersion:  N/A            MD5: [c6927fd8f7e9105b64db5d5a08b53731]
rundll32.exe                            	File Size: 750392    BYTES	FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
svchost.exe                             	File Size: 750392    BYTES	FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
windows.exe                             	File Size: 750392    BYTES	FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
winlogon.exe                            	File Size: 750392    BYTES	FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
qgif4.dll                               	File Size: 32568     BYTES	FileVersion:  4.8.4.0        MD5: [e59f533c26c8375cd120b4791482217e]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_bg.qm                              	File Size: 144048    BYTES	FileVersion:  N/A            MD5: [9ccb79999432d56b9843a3e2b2c90325]
lang_bs.qm                              	File Size: 145523    BYTES	FileVersion:  N/A            MD5: [6ab7a6274d4f9f7553c944f5c66201ba]
lang_ca.qm                              	File Size: 132254    BYTES	FileVersion:  N/A            MD5: [68a83ec63b6e7bc5dbdd412bcc49c6ce]
lang_cs.qm                              	File Size: 141243    BYTES	FileVersion:  N/A            MD5: [6b8acee7f461fa69b83d2c45c3725427]
lang_da.qm                              	File Size: 130101    BYTES	FileVersion:  N/A            MD5: [8539796784746218b229419e99ab308d]
lang_de.qm                              	File Size: 149462    BYTES	FileVersion:  N/A            MD5: [fcd3bc376ad219396e8c7d3c87cd8864]
lang_el.qm                              	File Size: 149912    BYTES	FileVersion:  N/A            MD5: [74f13f95f63fe96c08e571598df052d6]
lang_en.qm                              	File Size: 115961    BYTES	FileVersion:  N/A            MD5: [8c9da1c0ce06b89f8d323bf948bfba4e]
lang_es.qm                              	File Size: 130487    BYTES	FileVersion:  N/A            MD5: [33e1c6d40b841cc2e783ec8d8102e66f]
lang_et.qm                              	File Size: 138126    BYTES	FileVersion:  N/A            MD5: [aa215b5f37a72a69854c9163ac543b51]
lang_fi.qm                              	File Size: 144256    BYTES	FileVersion:  N/A            MD5: [18912c339939c3a6629004ec900f4fe4]
lang_fr.qm                              	File Size: 149253    BYTES	FileVersion:  N/A            MD5: [ec2bf2f431c4273f151b8c8a7b84c387]
lang_he.qm                              	File Size: 116101    BYTES	FileVersion:  N/A            MD5: [9e692744e77051c6ce14df32f9b71920]
lang_hr.qm                              	File Size: 139841    BYTES	FileVersion:  N/A            MD5: [3e3737fe86eb595c5f6817eebf731aa7]
lang_hu.qm                              	File Size: 145621    BYTES	FileVersion:  N/A            MD5: [52d3d7fcf8c8db071ef0573a1357c2fd]
lang_id.qm                              	File Size: 143102    BYTES	FileVersion:  N/A            MD5: [80473d2c73d2f54f2b23c9316f2d0ceb]
lang_it.qm                              	File Size: 146851    BYTES	FileVersion:  N/A            MD5: [7e7aea7d0b433d7e912ed9f0887684a7]
lang_ja.qm                              	File Size: 121282    BYTES	FileVersion:  N/A            MD5: [19ac79b7a5e05d665e417c2dd75afc94]
lang_ko.qm                              	File Size: 118033    BYTES	FileVersion:  N/A            MD5: [de213178c14490bf452ea45278d3442d]
lang_nl.qm                              	File Size: 146325    BYTES	FileVersion:  N/A            MD5: [5aec6f6bdc5e6c28744e6ef374709eeb]
lang_no.qm                              	File Size: 142918    BYTES	FileVersion:  N/A            MD5: [4388c08217618af2e24173af6f5d3f97]
lang_pl.qm                              	File Size: 145434    BYTES	FileVersion:  N/A            MD5: [699700c889447d1f9b607c04f07fff67]
lang_pt_BR.qm                           	File Size: 131739    BYTES	FileVersion:  N/A            MD5: [a3430222223d59da8ec6ea1edae5ee2f]
lang_pt_PT.qm                           	File Size: 149128    BYTES	FileVersion:  N/A            MD5: [afdf1907af4c95f9af510d5fc1bb9067]
lang_ro.qm                              	File Size: 121166    BYTES	FileVersion:  N/A            MD5: [1672a2b3a9807a1497fe43824c0026c0]
lang_ru.qm                              	File Size: 122186    BYTES	FileVersion:  N/A            MD5: [d4dd1eea2b0f52aba2fca4d159c387f7]
lang_sk.qm                              	File Size: 119827    BYTES	FileVersion:  N/A            MD5: [8b200d162e8028843e41aa1a927cfd84]
lang_sl.qm                              	File Size: 143191    BYTES	FileVersion:  N/A            MD5: [1760a6aa6990b2f0c4c71ec04b25ac9c]
lang_sr.qm                              	File Size: 143261    BYTES	FileVersion:  N/A            MD5: [377d15c0da0249f4a7a58978b6307d81]
lang_sv.qm                              	File Size: 142525    BYTES	FileVersion:  N/A            MD5: [2587ead21967296fefdd0ee0684fe8b4]
lang_tr.qm                              	File Size: 142194    BYTES	FileVersion:  N/A            MD5: [880fcbe97ec6f13ec094f7371b5b295f]
lang_vi.qm                              	File Size: 126874    BYTES	FileVersion:  N/A            MD5: [c61281786b5bfec68afc742a19f6abd9]
lang_zh_tr.qm                           	File Size: 110870    BYTES	FileVersion:  N/A            MD5: [f223d83580b1ee35edea13293cb2c80d]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                           	File Size: 821560    BYTES	FileVersion:  1.1.0.1010     MD5: [3a4dcd021d9f3a5305a22e5e309da305]

C:\Users\Ash\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                             	File Size: 314       BYTES	FileVersion:  N/A            MD5: [b26a36c0696e299fdfebe180c09c2737]
cleanup.old                             	File Size: 1680696   BYTES	FileVersion:  1.0.11.0       MD5: [f722fa26739eafcbd8d5f3829b632cd7]
domains.ref                             	File Size: 38        BYTES	FileVersion:  N/A            MD5: [8c30b536b67543eb68e68b9640d4d498]
exclusions.dat                          	File Size: 0         BYTES	FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref                                 	File Size: 33        BYTES	FileVersion:  N/A            MD5: [8a1c580788ea8de3f32862c2c1cf373c]
mbamdor.old                             	File Size: 54072     BYTES	FileVersion:  1.0.1.0        MD5: [4da2f2da54a92850f56c0db712058188]
rules.ref                               	File Size: 9821486   BYTES	FileVersion:  N/A            MD5: [92dab5b324751f2f5618f40cc7253874]
swissarmy.ref                           	File Size: 22527     BYTES	FileVersion:  N/A            MD5: [f95b1930014d83458a071a8aec121841]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                              	File Size: 4491      BYTES	FileVersion:  N/A            MD5: [12a68513497270394c9ebcdf5f6747a4]
database.conf                           	File Size: 4         BYTES	FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                         	File Size: 4         BYTES	FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                            	File Size: 460       BYTES	FileVersion:  N/A            MD5: [493df14062f2077eaefd66eace8ed14f]
manifest.conf                           	File Size: 2133      BYTES	FileVersion:  N/A            MD5: [a0605c6a3bbbaf12bf06c1a42829113e]
marketing.conf                          	File Size: 1434      BYTES	FileVersion:  N/A            MD5: [19533c40d9c9778b2ab423dbcf063d80]
net.conf                                	File Size: 6101      BYTES	FileVersion:  N/A            MD5: [dc66f2d497612647acbb978c70d7f241]
notifications.conf                      	File Size: 4         BYTES	FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                          	File Size: 2121      BYTES	FileVersion:  N/A            MD5: [41f82f24c0c2c7d1d6c266e572666b44]
settings.conf                           	File Size: 1994      BYTES	FileVersion:  N/A            MD5: [279ce6a892fcd3cd5e4d6d289c3516d1]
statistics.conf                         	File Size: 597       BYTES	FileVersion:  N/A            MD5: [65c639577f0789dba4283156ee62e5d4]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
mbam-log-2014-10-13 (13-58-05).xml      	File Size: 13260     BYTES	FileVersion:  N/A            MD5: [7651b1c32969fa78375842575d79ca64]
protection-log-2014-10-13.xml           	File Size: 7071      BYTES	FileVersion:  N/A            MD5: [fa60debab74a4f88e1a2ac3c8c02a3ea]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
0169703106.data                         	File Size: 709       BYTES	FileVersion:  N/A            MD5: [4b62e23a57093b997ebad66b6dab171c]
1172264985.data                         	File Size: 747       BYTES	FileVersion:  N/A            MD5: [3acf01fceba749b951e8cdc9fb334738]
1172264985.quar                         	File Size: 133632    BYTES	FileVersion:  N/A            MD5: [c96326d27506bc0443c68eae023436bd]
1461660123.data                         	File Size: 703       BYTES	FileVersion:  N/A            MD5: [5d1ea97b493b5e110757b0bb308992a9]
2438778072.data                         	File Size: 708       BYTES	FileVersion:  N/A            MD5: [a549386b976e23e4742005606b1a9237]
2438778072.quar                         	File Size: 1283584   BYTES	FileVersion:  N/A            MD5: [760c9067bcee1c61e748998c0d87f2e2]
2670281166.data                         	File Size: 754       BYTES	FileVersion:  N/A            MD5: [5211e99ce8be1119e39ba918fc035106]
2670281166.quar                         	File Size: 91648     BYTES	FileVersion:  N/A            MD5: [6b31a93830432ab1bb03530f4a6554dd]
3066496402.data                         	File Size: 808       BYTES	FileVersion:  N/A            MD5: [8e63319820476d8bdd6a063fca1e6722]
3367015944.data                         	File Size: 718       BYTES	FileVersion:  N/A            MD5: [68475d9ab441e2f235dbab419a3b46d5]
3367015944.quar                         	File Size: 3072      BYTES	FileVersion:  N/A            MD5: [8fc786a53fc095f8424a26d22801fd63]
3458526453.data                         	File Size: 788       BYTES	FileVersion:  N/A            MD5: [89fa224231d67558acd6d04d0a625642]
3458526453.quar                         	File Size: 366       BYTES	FileVersion:  N/A            MD5: [47535acc8902bd609ef1399b877e0d1d]
3835388838.data                         	File Size: 779       BYTES	FileVersion:  N/A            MD5: [5695f326ac2166aa016ea3d6bc01eda5]
3835388838.quar                         	File Size: 3000      BYTES	FileVersion:  N/A            MD5: [9c0f8878461db86c6119826a63f80a02]
4116663821.data                         	File Size: 744       BYTES	FileVersion:  N/A            MD5: [e499133e217382f709816b7749fb04b7]
4116663821.quar                         	File Size: 19212408  BYTES	FileVersion:  N/A            MD5: [acfac31b8d3433e981b5cf9992168cd3]
4663464088.data                         	File Size: 747       BYTES	FileVersion:  N/A            MD5: [0c4c2f05b799ca37769f9866b5aba2c5]
4663464088.quar                         	File Size: 133632    BYTES	FileVersion:  N/A            MD5: [c96326d27506bc0443c68eae023436bd]
5971249328.data                         	File Size: 719       BYTES	FileVersion:  N/A            MD5: [f99b98f1cdff68d7a221c939771e2366]
5971249328.quar                         	File Size: 649       BYTES	FileVersion:  N/A            MD5: [1dc124669f510873a44ecaa7c8a7e7ec]
6178507613.data                         	File Size: 700       BYTES	FileVersion:  N/A            MD5: [b4092e9f79f220e09d56dadb91354b9a]
6178507613.quar                         	File Size: 133632    BYTES	FileVersion:  N/A            MD5: [c96326d27506bc0443c68eae023436bd]
6702165161.data                         	File Size: 738       BYTES	FileVersion:  N/A            MD5: [eae73327c60e47d9835b17cd9dc3ff61]
6702165161.quar                         	File Size: 40960     BYTES	FileVersion:  N/A            MD5: [648eadb4722a48bf7c260a3b236d66d8]
6783178694.data                         	File Size: 887       BYTES	FileVersion:  N/A            MD5: [a2c3b422f660ab163ce21a547a262406]
8589940640.data                         	File Size: 840       BYTES	FileVersion:  N/A            MD5: [454e6d9db3c1a4fa6fbbdb8d327cd269]
8667860469.data                         	File Size: 739       BYTES	FileVersion:  N/A            MD5: [17730cd6a7eb455927a0289dd865093e]
8667860469.quar                         	File Size: 231976    BYTES	FileVersion:  N/A            MD5: [e5f7dfe218cd89338f5f85fb40199226]
9502023615.data                         	File Size: 731       BYTES	FileVersion:  N/A            MD5: [ee5a0b9cc9a405556fe712a171d91a53]
9502023615.quar                         	File Size: 449216    BYTES	FileVersion:  N/A            MD5: [4387e3d236d27046f8d4d7969f92355b]
9541583418.data                         	File Size: 712       BYTES	FileVersion:  N/A            MD5: [cd185a06ba7bd0b6e7865c174a397b9f]
9541583418.quar                         	File Size: 1283584   BYTES	FileVersion:  N/A            MD5: [760c9067bcee1c61e748998c0d87f2e2]
9562787165.data                         	File Size: 715       BYTES	FileVersion:  N/A            MD5: [ff7fabb91912760141d11cf3167baf75]
9562787165.quar                         	File Size: 1283584   BYTES	FileVersion:  N/A            MD5: [760c9067bcee1c61e748998c0d87f2e2]
9599603896.data                         	File Size: 820       BYTES	FileVersion:  N/A            MD5: [fb81a9c98118067e04c50fc74e6911b7]

Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
Vendor: PUP.Optional.NextLive.A, Date: 2014/10/13 17:59:33, Type: Folder, Location: C:\Users\Ash\AppData\Roaming\newnext.me\cache
Vendor: Spyware.Zbot.ED, Date: 2014/10/13 17:59:33, Type: File, Location: C:\ProgramData\Windows Genuine Advantage\{3B453477-BC36-42D2-86D8-DF4E0E40757F}\msiexec.exe
Vendor: PUP.Optional.NextLive.A, Date: 2014/10/13 17:59:33, Type: Folder, Location: C:\Users\Ash\AppData\Roaming\newnext.me
Vendor: PUP.Optional.NextLive.A, Date: 2014/10/13 17:59:33, Type: File, Location: C:\Program Files (x86)\Mobogenie\nengine.dll
Vendor: Trojan.MalPack.BunZmot, Date: 2014/10/13 17:59:33, Type: File, Location: C:\ProgramData\Windows Genuine Advantage\{27FFE3F5-779B-441C-A97F-65740729C5EA}\msiexec.exe
Vendor: Windows.Tool.Disabled, Date: 2014/10/13 17:59:33, Type: Registry Value, Location: HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig
Vendor: PUP.Optional.NextLive.A, Date: 2014/10/13 17:59:33, Type: File, Location: C:\Users\Ash\AppData\Roaming\newnext.me\nengine.cookie
Vendor: PUP.Optional.InstallCore.A, Date: 2014/10/13 17:59:33, Type: Registry Key, Location: HKU\S-1-5-21-2911839999-2061350444-2249455251-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S
Vendor: PUP.Optional.InstallCore.A, Date: 2014/10/13 17:59:33, Type: Registry Key, Location: HKU\S-1-5-21-2911839999-2061350444-2249455251-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE
Vendor: PUP.Optional.NextLive.A, Date: 2014/10/13 17:59:33, Type: File, Location: C:\Users\Ash\AppData\Local\Temp\is1233253943\13891348_stp\Mobogenie_Setup_UN.exe
Vendor: Spyware.Zbot.ED, Date: 2014/10/13 17:59:33, Type: File, Location: C:\ProgramData\Windows Genuine Advantage\{51EC10C7-D6EA-49D5-9E1E-1470343A74D7}\msiexec.exe
Vendor: PUP.Optional.NextLive.A, Date: 2014/10/13 17:59:33, Type: File, Location: C:\Users\Ash\AppData\Roaming\newnext.me\cache\spark.bin
Vendor: Spyware.Zbot.ED, Date: 2014/10/13 17:59:33, Type: File, Location: C:\Users\Ash\AppData\Local\Osics\msiexec.exe
Vendor: PUP.Optional.Installcore, Date: 2014/10/13 17:59:33, Type: File, Location: C:\Users\Ash\AppData\Local\Temp\is1233253943\13891036_stp\HomePageDLL.dll
Vendor: Spyware.Zbot.ED, Date: 2014/10/13 17:59:33, Type: Registry Value, Location: HKU\S-1-5-21-2911839999-2061350444-2249455251-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Osics
Vendor: PUP.Optional.InstallCore.A, Date: 2014/10/13 17:59:33, Type: Registry Value, Location: HKU\S-1-5-21-2911839999-2061350444-2249455251-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb
Vendor: PUP.Optional.JumpFlip.A, Date: 2014/10/13 17:59:33, Type: File, Location: C:\Users\Ash\AppData\Local\Temp\is1233253943\13891170_stp\JumpFlipSetup.exe
Vendor: PUP.Optional.Amonetize, Date: 2014/10/13 17:59:33, Type: File, Location: C:\Users\Ash\Downloads\FlashPlayersetup__3720_i1208494481_il3318.exe
Vendor: PUP.Optional.NextLive.A, Date: 2014/10/13 17:59:33, Type: File, Location: C:\Users\Ash\AppData\Local\genienext\nengine.dll
Vendor: PUP.Optional.NextLive.A, Date: 2014/10/13 17:59:33, Type: File, Location: C:\Users\Ash\AppData\Roaming\newnext.me\nengine.dll
Vendor: Windows.Tool.Disabled, Date: 2014/10/13 17:59:33, Type: Registry Value, Location: HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig
===============================================================
END OF FILE


#4 ashthebrit3

ashthebrit3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 13 October 2014 - 02:07 PM

# AdwCleaner v4.000 - Report created 13/10/2014 at 15:02:56
# DB v2014-10-13.5
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Ash - ASH-PC
# Running from : C:\Users\Ash\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1OJ55N0\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\FileAssociationManager
Folder Deleted : C:\Users\Ash\AppData\Roaming\FileAssociationManager
Folder Deleted : C:\Users\Ash\AppData\Local\genienext
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Users\Ash\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Ash\Documents\Optimizer Pro
File Deleted : C:\Users\Ash\daemonprocess.txt

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\.bdc
Key Deleted : HKLM\SOFTWARE\Classes\.bgl
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateJumpFlip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateJumpFlip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

*************************

AdwCleaner[R0].txt - [1805 octets] - [13/10/2014 14:59:29]
AdwCleaner[S0].txt - [1753 octets] - [13/10/2014 15:02:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1813 octets] ##########



#5 ashthebrit3

ashthebrit3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 14 October 2014 - 07:21 AM

C:\Users\Ash\AppData\Local\Adobe\vwfvvsagb.dll a variant of Win32/Kryptik.CLKM trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Ash\AppData\Local\Osics\ASMofst216A.dll a variant of Win32/Packed.Themida potentially unwanted application deleted (after the next restart) - quarantined
C:\Users\Ash\AppData\Local\Temp\rtisirx.dll a variant of Win32/Kryptik.CLKM trojan cleaned by deleting - quarantined
C:\Users\Ash\AppData\Local\Temp\tkwdxgb.dll Win32/TrojanDownloader.Tracur.AL trojan cleaned by deleting - quarantined
C:\Users\Ash\AppData\Local\Temp\is-IUA41.tmp\OptProCrash.dll a variant of Win32/SProtector.E potentially unwanted application deleted - quarantined
C:\Users\Ash\AppData\Local\Temp\is1233253943\13891287_stp\OptimizerPro.exe a variant of Win32/AdWare.SpeedingUpMyPC.E application cleaned by deleting - quarantined
C:\Users\Ash\AppData\Local\YnhPack\qqnmuhdzmuvj.dll a variant of Win32/Packed.Themida potentially unwanted application deleted (after the next restart) - quarantined
Operating memory multiple threats 
 


Those are the three pieces of information you asked for in order. Thank you



#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 29,991 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:21 AM

Posted 14 October 2014 - 09:31 AM

Did you restart the computer after running these scans?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 ashthebrit3

ashthebrit3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 14 October 2014 - 09:33 AM

The first two I did but not the EXM Scan.



#8 ashthebrit3

ashthebrit3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 14 October 2014 - 09:42 AM

Okay, I restarted my computer just now. The google chrome process seems to be gone for the moment. When my PC started up however, on the main screen it came up with two errors both coming from AppData. Don't know if that means anything to you.

 

Thanks



#9 dc3

dc3

    Bleeping Treehugger


  • Members
  • 29,991 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:21 AM

Posted 14 October 2014 - 09:56 AM

In the instructions for the Malwarebytes, step 5 instructs you to click on Yes when you are asked if you want to restart the computer.  Did you?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#10 ashthebrit3

ashthebrit3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 14 October 2014 - 09:57 AM

Yes, I did.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users