Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with a few viruses!


  • Please log in to reply
15 replies to this topic

#1 KyserSozae

KyserSozae

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:50 AM

Posted 21 October 2014 - 09:26 AM

Hello, I recently noticed on my girlfriends laptop that she has some malware. Her laptop is running extremely slow. I'm seeing the fff5ee.com website being blocked via Malware Bytes program. I saw the Fake App Attack a few times, I see in Norton that there's a Trojan infecting her laptop called Trojan.AdClicker.Activity and f0fff0.com. I also see that there are attempts being made from IP 95.215.1.57 to intrude. I've tried now for about 18 hours to disinfect her laptop on my own as well as through some posts here on our Forums, but I've been unsuccessful, so I'd really appreciate any help.

 

Her laptop is running Windows 7. I have installed Norton 360, AVG Antivirus, CCleaner and Malware adware removal.

 

Thank you in advance for your help!

 

~Kyser 


Edited by Queen-Evie, 21 October 2014 - 11:18 AM.
moved from Windows 7 to the appropriate forum


BC AdBot (Login to Remove)

 


#2 syrius01

syrius01

  • Banned Spammer
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 21 October 2014 - 12:16 PM

Hi KyserSozae,

 

Give a try to Malwarebytes Anti-Malware available at https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

 

If you see that the system is still infected, you might want to do a system restore to a date when the computer was virus/spyware free.



#3 KyserSozae

KyserSozae
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:50 AM

Posted 21 October 2014 - 01:12 PM

Thank you for your response, but thats something I've already tried. Malwarebytes detected nothing during a scan, yet it keeps blocking the programs. Norton detected it also, but when I run a scan, it shows that my system is clean. False positive. 



#4 samsonbiatch

samsonbiatch

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 21 October 2014 - 02:50 PM

Try running RKILL first to kill any known viruses from running: 

http://www.bleepingcomputer.com/download/rkill/dl/10/

 

Then try running MalwareBytes again or try AdwCleaner: http://www.bleepingcomputer.com/download/adwcleaner/dl/125/

 

you can block that IP address in your router's firewall if it has the capability.


Edited by samsonbiatch, 21 October 2014 - 02:50 PM.


#5 KyserSozae

KyserSozae
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:50 AM

Posted 21 October 2014 - 05:25 PM

Ran RKILL, found no malware and as I ran RKILL, Norton 360 Detected 2 more Trojans. Trojan.Adclicker and Trojan.Powerlik. IDK why I cannot find these viruses but its really getting frustrating. 

 

I know I can block the IP address, but I want to stop the root cause of the attempts because this shouldn't even be happening. 

Thanks for at least trying to help, samsonbiatch. I appreciate it.

 

~Kyser



#6 samsonbiatch

samsonbiatch

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 21 October 2014 - 06:46 PM

Give AdwCleaner a try. It's very good. RKILL is hit or miss.

Does Nortan quarantine the virus? Give it's location?

#7 KyserSozae

KyserSozae
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:50 AM

Posted 22 October 2014 - 04:39 AM

I've also tried AdwCleaner, no luck there either. Norton does not quarantine it at all. I think this is an outbound type attack, which Im not too familiar with. Norton tells me that "An intrusion attempt by localhost was blocked" and lists this as 'High' severity. Under 'Recommended Actions' is says "No Action Required" but in the IPS Alert Name it says "System Infected; Trojan.Powelik.Activity" Its the exact same thing with the Trojan.AdClicker Activity. Although this intrusion attempt is made from 95.215.1.57, 80.

 

Malwarebytes keeps blocking all these outbound websites, xmlka.com, searchnet.blinkxcore.com, fff5ee.com and 95.215.1.57.

 

Again, these blocks are all Outbound types. Malwarebytes lists the process, but when I go into Task Manager, they're nowhere to be found. 

 

Is there someone who can help me clean my system if I post all the logs?



#8 samsonbiatch

samsonbiatch

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 22 October 2014 - 12:24 PM

Try downloading process explorer, it can help identify which process if triggering the trojan activity:

 

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx



#9 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,406 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:50 AM

Posted 22 October 2014 - 12:51 PM

Please run the following scans in the order they are requested.

 

Please download and run RKill
 
RKill is an easy to use tool that kills known processes and removes Windows Registry entries that stop a user from using their normal security applications.  These settings will remain until the computer is rebooted, for this reason you must run the security application before the computer is rebooted.  
 
Please download RKill and install it.
 
When RKill is run it will display a console screen similar to the one below:
 
RKill_zps2e34d4b8.png
 
When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.
 
Attention:  At this time you need to run your security applications listed below.
 
While RKill is running you may see a message from the malware stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:
 
1)  Rename Rkill so that it has a .com extension.
 
2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  
 
After the application has run successfully you should reboot the computer to restore the processes and Windows Registry entries. 
 
 
Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
malwarerun_zps9abd4ef1.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.
 
 
 
Please run TDSSKiller.
 
Please download TDSSKiller from here and save it to your Desktop.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
tdss1_zps90132559.png
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
tdsskillermultiple_zps472c18eb.png
 
3.  Click Start Scan and allow the scan process to run.
 
tdss4_zps6792a13c.png
 
4.  If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!
 
Click on Continue.
 
tdss5_zps98fc5887.png
 
5.  Click on Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.

 

 

 

 

Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to have the time to allow this to run till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

  • Click on this link to open ESET OnlineScan in a new window.
  • The ESET Online Scanner page will open, click on Yes, I agree to the trems of use, then click on Start, the scan will now begine.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#10 KyserSozae

KyserSozae
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:50 AM

Posted 28 October 2014 - 12:29 PM

Hello and thank you, Arachibutyrophobia. ESET is scanning now, its almost 2 hours in. Here are my logs thus far,

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 10/28/2014
Scan Time: 10:31:36 AM
Logfile: malwaredetected.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.10.28.03
Rootkit Database: v2014.10.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jen
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 317511
Time Elapsed: 25 min, 47 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.SearchProtection.A, C:\ProgramData\Search Protection\SearchProtection.exe, 2344, , [b3601307f58762d4fe3bcf8d9f64c13f]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, , [e92a1cfe6e0e979ff4febbf1b84a817f], 
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, , [e92a1cfe6e0e979ff4febbf1b84a817f], 
 
Registry Values: 1
PUP.Optional.SearchProtection.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Search Protection, C:\ProgramData\Search Protection\SearchProtection.exe, , [b3601307f58762d4fe3bcf8d9f64c13f]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.DownloadAdmin, C:\Users\Jen\Downloads\multiplyroi_activex-download-control (1).exe, , [f0231406067634029acc8bcd60a06997], 
PUP.Optional.DownloadAdmin, C:\Users\Jen\Downloads\multiplyroi_activex-download-control.exe, , [6aa967b3364673c393d3005850b0cb35], 
PUP.Optional.SearchProtection.A, C:\ProgramData\Search Protection\SearchProtection.exe, , [b3601307f58762d4fe3bcf8d9f64c13f], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Rkill 2.6.8 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 10/28/2014 09:11:45 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\SysWOW64\ACEngSvr.exe (PID: 1644) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 10/28/2014 09:14:24 AM
Execution time: 0 hours(s), 2 minute(s), and 39 seconds(s)

mbam-check result log version:     2.1.1.1001
========================================
 
User Account type:                 Administrator
OS:                                Windows 7 Service Pack 1 Service Pack 1 64 bit Operating System
Current Version and Build:         6.1.7601.0 
Malwarebytes Anti-Malware:         2.0.3.1025
Installed On:                      2014/10/28
Malware Database:                  0000.00.00.00
Rootkit Database:                  0000.00.00.00
Remediation Database:              0000.00.00.00
IP Database:                       0000.00.00.00
Domain Database:                   0000.00.00.00
License:                           Trial
Malware Protection:                4 (The service is running.)
Malicious Website Protection:      1 (The service is not running.)
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2014/10/28 11:06:47
Compatibility Flag Settings:
=================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
 
 
Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:
 
MBAM Startup Entries: 
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
 
Malwarebytes Anti-Malware Service and Driver Status:
=======================================================
 
--------------Driver File Info:--------------
C:\Windows\system32\drivers\mbam.sys
File Size:     25816 BYTES FileVersion: 0.1.15.0 MD5: [5c3669b71657f22e67a1d4bd49d2cbe7]
C:\Windows\system32\drivers\mwac.sys
File Size:     63704 BYTES FileVersion: 1.0.6.0 MD5: [95ef63a7827d4e3a229cbbcb42619e93]
C:\Windows\system32\drivers\mbamswissarmy.sys
File Size:    129752 BYTES FileVersion: 0.2.13.0 MD5: [26c43960c99ee861a5d0edc4dcf3b1c3]
C:\Windows\system32\drivers\mbamchameleon.sys
File Size:     93400 BYTES FileVersion: 1.1.4.0 MD5: [d3311b31c470e7681b14d9b014cbf9ed]
 
--------------MBAMProtector:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
--------------MBAMService:--------------
Type:                   16
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
--------------MBAMScheduler:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMWebAccessControl:--------------
Type:                   2
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
Required Dependencies:
======================
 
--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
DisplayName                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1001
Group                         REG_SZ NetworkProvider
ImagePath                     REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Description                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1002
ObjectName                    REG_SZ NT AUTHORITY\LocalService
ErrorControl                  REG_DWORD 1
Start                         REG_DWORD 2
Type                          REG_DWORD 32
DependOnService               REG_MULTI_SZ RpcSs
 
ServiceSidType                REG_DWORD 3
RequiredPrivileges            REG_MULTI_SZ SeAuditPrivilege
 
FailureActions                REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
ServiceDll                    REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
ServiceDllUnloadOnStop        REG_DWORD 1
ServiceMain                   REG_SZ BfeServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
{8c300c03-7d30-1b44-8a83-dcc8c09cfa85}REG_BINARY Binary Data
 
{e88282c2-f90f-ef54-1a60-13cbe22eceaa}REG_BINARY Binary Data
 
{e1739739-ee27-4492-b61b-b1fd907d9e88}REG_BINARY Binary Data
 
{0f14dd31-cf58-4fab-9127-e085c7547d7a}REG_BINARY Binary Data
 
{034c737b-f629-a1b4-6afb-1a2f44a1a1d7}REG_BINARY Binary Data
 
{cfb4c757-0bff-94e4-7801-a2b2f62f35ce}REG_BINARY Binary Data
 
{47a3a498-021c-7304-b85a-6bb5e43ade96}REG_BINARY Binary Data
 
{5bb9675e-0064-2cb4-d89d-bcd4e20e11c8}REG_BINARY Binary Data
 
{ca70ae30-59e8-46ef-b483-c22ee366ab29}REG_BINARY Binary Data
 
{b18f04c9-f2e9-4d39-9510-b9265a6b071d}REG_BINARY Binary Data
 
{430f2767-3528-2784-289e-b0860d99a608}REG_BINARY Binary Data
 
{a06ae492-b0c1-1f94-caa4-bb9b226ca22d}REG_BINARY Binary Data
 
{c540d974-3c6c-be64-5bff-3db65b322a1d}REG_BINARY Binary Data
 
{3e3f092e-1288-a8c4-28bf-2b4ef96df312}REG_BINARY Binary Data
 
{e20f0605-5735-38d4-6aea-19d1b15c7868}REG_BINARY Binary Data
 
{2dc4271a-246e-a1a4-3a70-4c8f14fd7ba0}REG_BINARY Binary Data
 
{638ffdf7-a3ff-66c4-7b65-4f406b0da651}REG_BINARY Binary Data
 
{f9bc3444-96d0-0ca4-8920-5425ed611a9e}REG_BINARY Binary Data
 
{0ff1f959-c0d4-3ca4-a8a5-cb469d318b39}REG_BINARY Binary Data
 
{1dd94704-a218-0d34-18d3-1ba50d201728}REG_BINARY Binary Data
 
{39f29298-8fa5-0144-fab3-bcd9ad227c3b}REG_BINARY Binary Data
 
{f154d790-c121-3a84-7824-f7ff97bea29e}REG_BINARY Binary Data
 
{a708428d-50f4-9d44-aa15-fd48988b7d66}REG_BINARY Binary Data
 
{98b0b712-aa06-f734-0bec-c14f445161c4}REG_BINARY Binary Data
 
{70e10304-e806-1af4-4a65-791688215398}REG_BINARY Binary Data
 
{fb588d62-f991-4044-bba6-5e96cf3939df}REG_BINARY Binary Data
 
{64f39050-d77f-7a74-8a07-2a7c2dd7802d}REG_BINARY Binary Data
 
{e69be8e1-869d-0e34-99f6-f82ea91df33d}REG_BINARY Binary Data
 
{dcae098a-dff1-ffe4-9b22-0bb2738885db}REG_BINARY Binary Data
 
{113ba551-0a01-aa84-1944-25df351f74ab}REG_BINARY Binary Data
 
{ef11fc1e-9d20-ff14-3b74-55b7e55eeb97}REG_BINARY Binary Data
 
{b457115e-0fc4-89f4-2b7d-85e7d94efcaa}REG_BINARY Binary Data
 
{2265f512-4d6b-8484-fbf8-7d6ec7579b67}REG_BINARY Binary Data
 
{1b0fa1a4-5e46-8cc4-18c0-f5ff3dd69546}REG_BINARY Binary Data
 
{d663476c-94a3-c5e4-db44-7aa6c8fabd83}REG_BINARY Binary Data
 
{d4de1868-54d9-b4e4-ab30-b9c378cb4b18}REG_BINARY Binary Data
 
{c8e26ddd-a426-73e4-b848-a5c31a087eca}REG_BINARY Binary Data
 
{f67c8b29-2d24-0a74-fbd7-a5cbbe16f710}REG_BINARY Binary Data
 
{fbe3d017-fb99-8c14-aad9-631321b22614}REG_BINARY Binary Data
 
{b47f0b6a-3185-6434-c8b0-e1e69c18eb94}REG_BINARY Binary Data
 
{68487fdc-3301-cef4-ea7a-583c54b3069c}REG_BINARY Binary Data
 
{21e3a753-0ccf-f284-abd6-7221adbd9311}REG_BINARY Binary Data
 
{ffb717c4-ecc7-8b14-3978-dca6602db705}REG_BINARY Binary Data
 
{c40bc20f-87a8-8e24-e824-38f14fb83d7e}REG_BINARY Binary Data
 
{9cd26f24-b76d-2e14-ca19-d17d552bb424}REG_BINARY Binary Data
 
{3bbaa68c-b062-66a4-8a85-648680f757ca}REG_BINARY Binary Data
 
{cd1b16b0-cc00-0be4-79f2-7b4ae69a2037}REG_BINARY Binary Data
 
{511094b4-6ffd-e2e4-0bcf-9794e77d95ae}REG_BINARY Binary Data
 
{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data
 
{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data
 
{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data
 
{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data
 
{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data
 
{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data
 
{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data
 
{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data
 
{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data
 
{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data
 
{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data
 
{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data
 
{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data
 
{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout
{288d1fdb-0317-7e44-cb75-83debf2aebf5}REG_BINARY Binary Data
 
{43ebc567-3739-d724-e89c-cd57f7f662be}REG_BINARY Binary Data
 
{e07dc617-78d7-4317-8d98-1de4a06a7447}REG_BINARY Binary Data
 
{fa50a7a7-58aa-48cc-b795-039f0519e05d}REG_BINARY Binary Data
 
{83b672f1-37df-f3d4-c8be-2d0ed09451ed}REG_BINARY Binary Data
 
{1938590a-37c1-4754-e9ee-c9198f101b57}REG_BINARY Binary Data
 
{63ceb950-c8c2-62c4-197a-70815d052de9}REG_BINARY Binary Data
 
{7f44d536-a1d5-04b4-5821-f9d3f05e7b77}REG_BINARY Binary Data
 
{0c1ac9f9-08e1-4a93-b969-f2cc78ab71da}REG_BINARY Binary Data
 
{ba7a59eb-6441-4b0a-8867-5e8b896c2786}REG_BINARY Binary Data
 
{822c8b33-e507-cad4-ab50-e06d74102386}REG_BINARY Binary Data
 
{ce939e38-be51-53f4-d98e-c7905ea7af84}REG_BINARY Binary Data
 
{b787f560-894f-8db4-1bd5-ea38d2f4006a}REG_BINARY Binary Data
 
{5040b65d-0ecd-5fc4-99ee-7bccd3941b13}REG_BINARY Binary Data
 
{e53d1460-4afc-e1e4-8a2e-e210cc564688}REG_BINARY Binary Data
 
{2e971130-3bf4-ea64-9ab5-cb9c3a0cad57}REG_BINARY Binary Data
 
{bff0c14d-5646-7644-3a01-f0344e4cb231}REG_BINARY Binary Data
 
{3ce1de5f-d7ef-e064-1991-abe3beefda33}REG_BINARY Binary Data
 
{d384de9c-320b-7564-788b-7e17bd4f3e06}REG_BINARY Binary Data
 
{b6fe0628-75e9-41d4-c85b-106b79a9605c}REG_BINARY Binary Data
 
{6db2047b-4844-4a34-c9f7-612acd816b15}REG_BINARY Binary Data
 
{7dbcb70a-fa99-76c4-2bb7-44e9545c290b}REG_BINARY Binary Data
 
{f0888ff5-e13d-e844-1b13-64f885451c9e}REG_BINARY Binary Data
 
{1e6f2082-dc1c-e774-9889-d77bc276de17}REG_BINARY Binary Data
 
{34392ca1-05dd-d324-d886-a1db63fd0a1c}REG_BINARY Binary Data
 
{2c8aea04-7f81-44e4-380a-4f1f1fd3ec8b}REG_BINARY Binary Data
 
{4d6ff4f5-33fc-04a4-5a43-580d83238c1f}REG_BINARY Binary Data
 
{056d0c54-b875-6b54-3b6b-85fb20ef945b}REG_BINARY Binary Data
 
{d9bf7a23-80e2-16f4-4916-10b6881da7f4}REG_BINARY Binary Data
 
{3b15de27-387f-0b04-b8fd-9cfec1fc2b53}REG_BINARY Binary Data
 
{ff60487c-9b38-8b74-eaad-a723fe2920f3}REG_BINARY Binary Data
 
{e113abe3-c2c2-e7d4-981a-1d81cef728cd}REG_BINARY Binary Data
 
{f9c69fee-fab9-4d14-7bf0-4150924172c3}REG_BINARY Binary Data
 
{013bfb29-c999-4f74-e91a-163592356489}REG_BINARY Binary Data
 
{a1f52b10-d3a0-5584-db3f-4fbff5ee691e}REG_BINARY Binary Data
 
{a66e372d-6ad2-32b4-fa7a-9e5406a06efb}REG_BINARY Binary Data
 
{25452abe-22c4-46e4-4b43-4e63c44ff052}REG_BINARY Binary Data
 
{d2186677-8f09-80c4-9a3c-fb95a7cafe47}REG_BINARY Binary Data
 
{13d22885-8869-6194-8a68-eabf78dc7b1d}REG_BINARY Binary Data
 
{85d443eb-d02f-35b4-09b6-17a55933e9a9}REG_BINARY Binary Data
 
{468aa82e-7c0b-3484-f976-c96cac54f548}REG_BINARY Binary Data
 
{d7167dab-073c-70f4-eaa7-27a7f9058100}REG_BINARY Binary Data
 
{aa75c41d-0567-9754-fbb4-98314d2e1025}REG_BINARY Binary Data
 
{72d8a0b2-f9e8-3a14-5947-53b26053e2cc}REG_BINARY Binary Data
 
{1e83b45d-73c2-3c74-69ca-ca49a21a9471}REG_BINARY Binary Data
 
{124cd831-d190-26d4-1912-9d66a2f87850}REG_BINARY Binary Data
 
{f4965f1d-9b1d-c1b4-a9bf-7f14d9558673}REG_BINARY Binary Data
 
{d9fbf698-6e04-4044-e834-05a80e2c7216}REG_BINARY Binary Data
 
{3c565f9a-e9d1-52d4-280a-204519ae9b74}REG_BINARY Binary Data
 
{cae4853d-d48a-5094-9998-a654d8a1f201}REG_BINARY Binary Data
 
{c195d6cb-28ba-0244-f9ea-d52c30774a2f}REG_BINARY Binary Data
 
{945df99a-f3cd-63b4-1925-816ce9429e3b}REG_BINARY Binary Data
 
{323a84ef-da67-4c44-3940-200827d6c044}REG_BINARY Binary Data
 
{379a9aa8-6286-9274-6a9a-1b9f9fef5ea2}REG_BINARY Binary Data
 
{3162ae5d-fd53-7894-badc-9910318def3f}REG_BINARY Binary Data
 
{83ad9a09-ff8f-4a54-d99a-cec7b98984ff}REG_BINARY Binary Data
 
{2de5159c-7a8e-f814-58c2-236f884dbb18}REG_BINARY Binary Data
 
{539b7c6d-8ad7-ea54-cbba-f028c6a88719}REG_BINARY Binary Data
 
{6329feaf-fae0-51e4-aba7-9107bc00d060}REG_BINARY Binary Data
 
{b99aa75f-8721-98a4-e952-f03e1e644994}REG_BINARY Binary Data
 
{a49c4ab8-c054-9914-2b9c-7d0ae48d8505}REG_BINARY Binary Data
 
{7df4b338-f782-f0f4-9bed-e9b45deb580e}REG_BINARY Binary Data
 
{f319fd16-192f-13a4-ea06-180e16c755f9}REG_BINARY Binary Data
 
{3cc23cb2-30bd-6674-3bf9-81d622fde73d}REG_BINARY Binary Data
 
{4053bd41-f27e-8bc4-39d8-4420fc25b014}REG_BINARY Binary Data
 
{92517201-7702-8bf4-dbea-9fdfe8a32410}REG_BINARY Binary Data
 
{1d0f6316-1e62-7cb4-b908-aebc52d7af48}REG_BINARY Binary Data
 
{c28099d7-7ef3-3f64-785c-9e82ff2678a9}REG_BINARY Binary Data
 
{9a81b08a-d239-9f14-ea63-fa043703c04b}REG_BINARY Binary Data
 
{a739d627-00a3-9634-ebf2-0b0c7977fea1}REG_BINARY Binary Data
 
{bd54f486-7316-ae84-bad6-efec4ca12d63}REG_BINARY Binary Data
 
{9d16cb2a-7eb4-db64-5980-d989275b5c6a}REG_BINARY Binary Data
 
{b95281e9-0df5-3664-289a-2cda6a45f97d}REG_BINARY Binary Data
 
{ca4cad28-4dd9-6034-69c5-d5362f3cc1cb}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
{8c300c03-7d30-1b44-8a83-dcc8c09cfa85}REG_BINARY Binary Data
 
{e311ae9f-e0fb-7f04-7b55-8a257506650f}REG_BINARY Binary Data
 
{e88282c2-f90f-ef54-1a60-13cbe22eceaa}REG_BINARY Binary Data
 
{4ef2b2de-4b97-0234-3bbf-eaa6719814d6}REG_BINARY Binary Data
 
{e1739739-ee27-4492-b61b-b1fd907d9e88}REG_BINARY Binary Data
 
{e7609227-f261-4b39-a7f5-64e338ade472}REG_BINARY Binary Data
 
{0f14dd31-cf58-4fab-9127-e085c7547d7a}REG_BINARY Binary Data
 
{f3009b7d-992b-4cce-b65a-2792465c6ea4}REG_BINARY Binary Data
 
{034c737b-f629-a1b4-6afb-1a2f44a1a1d7}REG_BINARY Binary Data
 
{dcbbcd6b-37fe-0914-2b3e-a5a15ed83c24}REG_BINARY Binary Data
 
{cfb4c757-0bff-94e4-7801-a2b2f62f35ce}REG_BINARY Binary Data
 
{a5f90f38-2ba6-0c84-3a97-906cc41a4860}REG_BINARY Binary Data
 
{47a3a498-021c-7304-b85a-6bb5e43ade96}REG_BINARY Binary Data
 
{3bb6a48a-db01-da24-6b94-b0890b8da96f}REG_BINARY Binary Data
 
{5bb9675e-0064-2cb4-d89d-bcd4e20e11c8}REG_BINARY Binary Data
 
{642969df-6023-55a4-384d-a00571e7a98a}REG_BINARY Binary Data
 
{ca70ae30-59e8-46ef-b483-c22ee366ab29}REG_BINARY Binary Data
 
{c91d1d66-421c-4b87-ac5b-a18193abbd64}REG_BINARY Binary Data
 
{b18f04c9-f2e9-4d39-9510-b9265a6b071d}REG_BINARY Binary Data
 
{bb623a72-5252-4284-a365-1cd0f83e55ce}REG_BINARY Binary Data
 
{430f2767-3528-2784-289e-b0860d99a608}REG_BINARY Binary Data
 
{3ba7deb2-a886-ae74-f87a-72194738a423}REG_BINARY Binary Data
 
{a06ae492-b0c1-1f94-caa4-bb9b226ca22d}REG_BINARY Binary Data
 
{11cc978e-2782-1724-79bf-9a7edca87fae}REG_BINARY Binary Data
 
{c540d974-3c6c-be64-5bff-3db65b322a1d}REG_BINARY Binary Data
 
{9de53702-392d-8044-2953-fc2bc7af47ad}REG_BINARY Binary Data
 
{3e3f092e-1288-a8c4-28bf-2b4ef96df312}REG_BINARY Binary Data
 
{d96b0bca-4c17-2b34-48b1-60566dd3e999}REG_BINARY Binary Data
 
{e20f0605-5735-38d4-6aea-19d1b15c7868}REG_BINARY Binary Data
 
{e448f4a4-8392-a954-699a-41c712f4a5d3}REG_BINARY Binary Data
 
{2dc4271a-246e-a1a4-3a70-4c8f14fd7ba0}REG_BINARY Binary Data
 
{e1de2d9d-2a11-f554-0acf-db826b0f4bd6}REG_BINARY Binary Data
 
{638ffdf7-a3ff-66c4-7b65-4f406b0da651}REG_BINARY Binary Data
 
{5342d19f-180e-3124-b95c-cc8d73fef5b1}REG_BINARY Binary Data
 
{f9bc3444-96d0-0ca4-8920-5425ed611a9e}REG_BINARY Binary Data
 
{1c5aab44-1a9b-9c04-9a1d-f9f85ec51e98}REG_BINARY Binary Data
 
{0ff1f959-c0d4-3ca4-a8a5-cb469d318b39}REG_BINARY Binary Data
 
{b5db1d35-04c6-07f4-3912-a48d9266dc36}REG_BINARY Binary Data
 
{1dd94704-a218-0d34-18d3-1ba50d201728}REG_BINARY Binary Data
 
{a95b3da7-c453-a294-cacb-b5065e5a9dd0}REG_BINARY Binary Data
 
{39f29298-8fa5-0144-fab3-bcd9ad227c3b}REG_BINARY Binary Data
 
{4dbfdcf1-8cd6-79a4-1b57-d3ce0245e8ed}REG_BINARY Binary Data
 
{f154d790-c121-3a84-7824-f7ff97bea29e}REG_BINARY Binary Data
 
{b00673e4-f4be-01d4-cab1-cab8f7f217a8}REG_BINARY Binary Data
 
{a708428d-50f4-9d44-aa15-fd48988b7d66}REG_BINARY Binary Data
 
{ad3611e0-f9e2-ebf4-49e1-59361a5ffbea}REG_BINARY Binary Data
 
{98b0b712-aa06-f734-0bec-c14f445161c4}REG_BINARY Binary Data
 
{605a11a1-39e0-8eb4-2850-e2b24f317d76}REG_BINARY Binary Data
 
{70e10304-e806-1af4-4a65-791688215398}REG_BINARY Binary Data
 
{883a9337-5ef5-f4c4-5b87-239da3ee190f}REG_BINARY Binary Data
 
{fb588d62-f991-4044-bba6-5e96cf3939df}REG_BINARY Binary Data
 
{b14c171c-cba7-ebd4-fbb8-ce1071abca6d}REG_BINARY Binary Data
 
{64f39050-d77f-7a74-8a07-2a7c2dd7802d}REG_BINARY Binary Data
 
{24c60015-9c25-3f34-cacf-92da9840e906}REG_BINARY Binary Data
 
{e69be8e1-869d-0e34-99f6-f82ea91df33d}REG_BINARY Binary Data
 
{6d7c050d-a47a-9914-9b9c-3ec20b9d7698}REG_BINARY Binary Data
 
{dcae098a-dff1-ffe4-9b22-0bb2738885db}REG_BINARY Binary Data
 
{2efb3fad-ff4c-e684-5b3c-af1df1bf1ca9}REG_BINARY Binary Data
 
{113ba551-0a01-aa84-1944-25df351f74ab}REG_BINARY Binary Data
 
{125c4673-2cbe-b8d4-8aee-faf905c18997}REG_BINARY Binary Data
 
{ef11fc1e-9d20-ff14-3b74-55b7e55eeb97}REG_BINARY Binary Data
 
{49339bce-1676-b564-79f0-9dedba6ac5a0}REG_BINARY Binary Data
 
{b457115e-0fc4-89f4-2b7d-85e7d94efcaa}REG_BINARY Binary Data
 
{d167b2f1-e18b-4644-2b1f-c8c84095db6b}REG_BINARY Binary Data
 
{2265f512-4d6b-8484-fbf8-7d6ec7579b67}REG_BINARY Binary Data
 
{65bd1b95-7c25-1cb4-e8cf-5f77cf66fc7e}REG_BINARY Binary Data
 
{1b0fa1a4-5e46-8cc4-18c0-f5ff3dd69546}REG_BINARY Binary Data
 
{aea589d8-0f00-bc04-0a41-f96b266d758d}REG_BINARY Binary Data
 
{d663476c-94a3-c5e4-db44-7aa6c8fabd83}REG_BINARY Binary Data
 
{db7b7458-6817-ce44-0abe-440eae0c2b57}REG_BINARY Binary Data
 
{d4de1868-54d9-b4e4-ab30-b9c378cb4b18}REG_BINARY Binary Data
 
{60268e51-b7fd-c1e4-6b82-638aa19227bd}REG_BINARY Binary Data
 
{c8e26ddd-a426-73e4-b848-a5c31a087eca}REG_BINARY Binary Data
 
{1ad00215-eb30-eda4-69bd-346d8371787a}REG_BINARY Binary Data
 
{f67c8b29-2d24-0a74-fbd7-a5cbbe16f710}REG_BINARY Binary Data
 
{60286bb2-acca-67d4-58d8-3610a6618e15}REG_BINARY Binary Data
 
{fbe3d017-fb99-8c14-aad9-631321b22614}REG_BINARY Binary Data
 
{169d6be1-b993-6af4-c9f7-74f6946781e4}REG_BINARY Binary Data
 
{b47f0b6a-3185-6434-c8b0-e1e69c18eb94}REG_BINARY Binary Data
 
{30146aff-3c2c-0aa4-3905-894aa433e953}REG_BINARY Binary Data
 
{7587f941-cafe-99d4-fb05-f470e11db9d0}REG_BINARY Binary Data
 
{a3d09149-cc40-6854-f9b2-5a83e63b5aa9}REG_BINARY Binary Data
 
{08851390-28f1-d024-0a30-96424e7f2a8c}REG_BINARY Binary Data
 
{e00fb75c-bfb8-a0b4-ea1a-aad548b5cb38}REG_BINARY Binary Data
 
{d1d8fe07-0f6f-3bb4-8b2d-ac54185b9ea4}REG_BINARY Binary Data
 
{07a51945-f0a0-a984-19dd-a2fa6df50ca1}REG_BINARY Binary Data
 
{aa959992-13eb-eab4-c8c3-344b164dedc0}REG_BINARY Binary Data
 
{e124c736-1dd5-f034-181e-202a6f0d45e3}REG_BINARY Binary Data
 
{45b3b6b8-08a0-0eb4-2b3f-7cba6fcff68a}REG_BINARY Binary Data
 
{63f3d0c3-b230-3384-a9a0-05fe70c051a9}REG_BINARY Binary Data
 
{7d972967-373f-53c4-c822-6d9b98040aac}REG_BINARY Binary Data
 
{8b0216d4-8c51-5674-d977-0d4c5873c41f}REG_BINARY Binary Data
 
{68487fdc-3301-cef4-ea7a-583c54b3069c}REG_BINARY Binary Data
 
{63421a09-1e6b-1724-88be-ac3012cda100}REG_BINARY Binary Data
 
{21e3a753-0ccf-f284-abd6-7221adbd9311}REG_BINARY Binary Data
 
{d0bbb240-772e-3144-4bcd-ef6b426e90ba}REG_BINARY Binary Data
 
{0259c1da-7cce-f914-7a21-487e1e084a28}REG_BINARY Binary Data
 
{1dd6069a-5a11-49c4-ba9a-67c6a44f5b4c}REG_BINARY Binary Data
 
{104e67d6-ec8f-28b4-bb61-00fde33ab1eb}REG_BINARY Binary Data
 
{b4251f4a-2d5a-b014-0a4a-ed36b5e10ea0}REG_BINARY Binary Data
 
{ffb717c4-ecc7-8b14-3978-dca6602db705}REG_BINARY Binary Data
 
{4f8e204e-5624-9234-8a78-8f16aae3ef20}REG_BINARY Binary Data
 
{c40bc20f-87a8-8e24-e824-38f14fb83d7e}REG_BINARY Binary Data
 
{c55f646a-7d0e-5ff4-9b56-abc231ba1bef}REG_BINARY Binary Data
 
{4776b92a-fed9-d8e4-9a0e-f85cf5865d35}REG_BINARY Binary Data
 
{9f3078ed-3bb3-2e24-ab4a-71722a21fd64}REG_BINARY Binary Data
 
{92ac1647-5cd5-a1d4-0bc1-5fd3213c8c4b}REG_BINARY Binary Data
 
{02cca994-9a30-25a4-3b7c-bd328cba6209}REG_BINARY Binary Data
 
{a64e2fd7-fb02-4674-8819-10780570e8b7}REG_BINARY Binary Data
 
{8daa920a-dfd9-7844-5bf9-ab95051685aa}REG_BINARY Binary Data
 
{9cd26f24-b76d-2e14-ca19-d17d552bb424}REG_BINARY Binary Data
 
{9c8380e5-0d81-eef4-a88b-21dd395c25fa}REG_BINARY Binary Data
 
{3bbaa68c-b062-66a4-8a85-648680f757ca}REG_BINARY Binary Data
 
{22482d59-35d6-1f44-3b51-19ad61d3114c}REG_BINARY Binary Data
 
{cd1b16b0-cc00-0be4-79f2-7b4ae69a2037}REG_BINARY Binary Data
 
{87dc86f5-72ee-2fc4-8a83-0363327f1b96}REG_BINARY Binary Data
 
{511094b4-6ffd-e2e4-0bcf-9794e77d95ae}REG_BINARY Binary Data
 
{d7429422-150f-0c74-3bba-dc048e9baf3d}REG_BINARY Binary Data
 
{bf1b654b-5339-2a44-1923-64119b05b796}REG_BINARY Binary Data
 
{36ed884e-2b1f-e2d4-5b52-d7b9371a4b93}REG_BINARY Binary Data
 
{f0b80ade-0944-73b4-09cc-ba867baba6d6}REG_BINARY Binary Data
 
{3627ecb2-b18b-74a4-7b8a-4dc864cfe05e}REG_BINARY Binary Data
 
{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data
 
{f444c576-6e60-4ea2-9faa-80d57ed12cd2}REG_BINARY Binary Data
 
{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data
 
{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data
 
{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data
 
{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data
 
{4d9581d2-aef8-4993-84cd-b986ced80d42}REG_BINARY Binary Data
 
{be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}REG_BINARY Binary Data
 
{716b48eb-0a35-4a76-92ab-1d987230d288}REG_BINARY Binary Data
 
{1165065e-4996-4338-abaf-4b8556b4d431}REG_BINARY Binary Data
 
{07a24961-a760-4e80-b263-6d275e1b09cb}REG_BINARY Binary Data
 
{5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}REG_BINARY Binary Data
 
{b6b2ca61-fb98-4422-adc2-e7cf56b3680c}REG_BINARY Binary Data
 
{0aa7fff8-919f-453c-928c-28a12122ba38}REG_BINARY Binary Data
 
{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data
 
{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data
 
{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data
 
{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data
 
{91ffecf0-0a9e-4572-95f1-a7111af86967}REG_BINARY Binary Data
 
{64e55933-15a5-495d-a928-ccca43d44875}REG_BINARY Binary Data
 
{13bfd422-6f75-4408-8924-9400ec0cb19c}REG_BINARY Binary Data
 
{cbfb56db-3c85-4543-9bc2-76ea28cdd74e}REG_BINARY Binary Data
 
{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data
 
{375fb39b-08c6-40f2-bdf2-08fa63f970a2}REG_BINARY Binary Data
 
{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data
 
{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data
 
{b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY Binary Data
 
{3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY Binary Data
 
{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data
 
{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data
 
{b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY Binary Data
 
{d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY Binary Data
 
{8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY Binary Data
 
{4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY Binary Data
 
{3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY Binary Data
 
{17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY Binary Data
 
{567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY Binary Data
 
{4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY Binary Data
 
{3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data
 
{4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data
 
{1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data
 
{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data
 
{06e9d64c-15e9-4615-a862-1f0dc2674c6a}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
{b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data
 
{9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data
 
{138d8cf9-63ce-0264-2a6a-82012a3041e9}REG_BINARY Binary Data
 
{e104491e-e3ff-5884-297d-4a606059202a}REG_BINARY Binary Data
 
{944c7c85-2d3e-3ca4-b96c-45f1fbacf534}REG_BINARY Binary Data
 
{7ad177f7-b8b6-f044-982b-02fba7bb5a4b}REG_BINARY Binary Data
 
{982a8b99-8fda-5af4-394e-b3a86eeae3a2}REG_BINARY Binary Data
 
{716551c6-d81c-c314-8b60-8e802d17af65}REG_BINARY Binary Data
 
{fa440e9d-3210-9e34-0941-9e24589c14a7}REG_BINARY Binary Data
 
{3659e00e-8c62-9174-8be9-e4e562795f04}REG_BINARY Binary Data
 
{a98edafe-8f64-8144-fa1b-ba21cc1c77dd}REG_BINARY Binary Data
 
{7e0920ad-bcec-bb94-f850-b022eac09779}REG_BINARY Binary Data
 
--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
AttachWhenLoaded              REG_DWORD 1
DisplayName                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
Group                         REG_SZ FSFilter Infrastructure
ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys
Description                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
ErrorControl                  REG_DWORD 3
Start                         REG_DWORD 0
Tag                           REG_DWORD 1
Type                          REG_DWORD 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
0                             REG_SZ Root\LEGACY_FLTMGR\0000
Count                         REG_DWORD 1
NextInstance                  REG_DWORD 1
 
 
C:\Windows\system32\drivers\fltmgr.sys
File Size: 289664    BYTES FileVersion: 6.1.7601.17514 MD5: [da6b67270fd9db3697b20fce94950741]
C:\Windows\SysWOW64\mscomctl.ocx
File Size: 1070232   BYTES FileVersion: 6.1.98.39 MD5: [766f501b61c22723536af696a74133d4]
C:\Windows\SysWOW64\olepro32.dll
File Size: 90112     BYTES FileVersion: 6.1.7601.17514 MD5: [703ffd301ab900b047337c5d40fd6f96]
 
 
MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced: 
    AutomaticQuarantine:                                       true 
    AutostartProtection:                                       false 
    LimitedMode:                                               false 
    StartSilentMode:                                           false 
    StartupDelay:                                              0 
ApplicationState: 
    First-Run-After-Installation:                              false 
General: 
    DaysUntilNotifyExpiration:                                 5 
    Language:                                                  en 
    RightClickAccess:                                          false 
    SilentErrors:                                              false 
Logging: 
    ExportLog:                                                 true 
Notification: 
ProtectionTray: 
    DisplayMilliseconds:                                       7000 
ScanHistory: 
    Duration_Complete:                                         864624 
    Duration_Driver:                                           0 
    Duration_Filesystem:                                       1827 
    Duration_Heuristics:                                       599937 
    Duration_Loading:                                          0 
    Duration_MasterBootRecord:                                 0 
    Duration_Memory:                                           40000 
    Duration_PreScan:                                          25153 
    Duration_Registry:                                         21613 
    Duration_Sector:                                           0 
    Duration_Startup:                                          28775 
    ItemCount_Complete:                                        256928 
    ItemCount_Driver:                                          0 
    ItemCount_Filesystem:                                      48782 
    ItemCount_Heuristics:                                      9414 
    ItemCount_Loading:                                         0 
    ItemCount_MasterBootRecord:                                0 
    ItemCount_Memory:                                          2797 
    ItemCount_PreScan:                                         0 
    ItemCount_Registry:                                        602 
    ItemCount_Sector:                                          0 
    ItemCount_Startup:                                         1722 
    LastScanDateEpoch:                                         1414506696064 
    LastScanType:                                              1 (Threat Scan)
Update: 
    LastUpdate:                                                2014-10-28T14:31:35 
    NotifyInstallReady:                                        true 
    NotifyOutdatedDatabase:                                    7 
    ProxyPassword:                                              
    ProxyPort:                                                 0 
    ProxyServer:                                                
    ProxyUsername:                                              
    UseProxy:                                                  false 
    UseProxyAuthentication:                                    false 
--------------Account:--------------
  Account Status:                                              Trial 
  Expiration Time:                                             2014/11/04 03:46:22 
  Activation Time:                                             2014/10/21 03:46:22 
  Trial Used:                                                  true 
--------------Access Policies:--------------
 
Scheduler Queue:
================
 
tasks: 
    c9583154-00a3-4bbf-8528-13ffe0fc3eca:                       
      parameters:                                               
        NotifyWhenUpdateCompletes:                             true 
        ProcessLaunchedFromScheduler:                          true 
        TaskType:                                              3 
      triggers:                                                 
        7521ca42-d480-4ae6-9174-3c23c5e31c59:                   
          dateinterval:                                        0:0:0 
          lastscheduled:                                       Tue, 28 Oct 2014 10:15:27.270408 -0400 
          lasttriggered:                                       Wed, 22 Oct 2014 09:15:37.313808 -0400 
          nextscheduled:                                       Tue, 28 Oct 2014 11:15:27.270408 -0400 
          recovery:                                            00:00:00 
          start:                                               Tue, 21 Oct 2014 00:15:27.270408 -0400 
          timeinterval:                                        01:00:00 
          type:                                                3 
          uuid:                                                7521ca42-d480-4ae6-9174-3c23c5e31c59 
      type:                                                    update 
      uuid:                                                    c9583154-00a3-4bbf-8528-13ffe0fc3eca 
    ea1ff0d9-0282-4d78-8cd7-67c9cb576b94:                       
      parameters:                                               
        AutoDelete:                                            false 
        CheckForUpdatesBeforeScanStart:                        true 
        ProcessLaunchedFromScheduler:                          true 
        ScanConfig:                                             
          ExitWhenQuarantineCompletes:                         false 
          ExportLog:                                           true 
          FileSystemOption:                                    true 
          Quarantine:                                          Prompt 
          RebootSystemWhenMalwareDetected:                     false 
          ScanArchives:                                        true 
          ScanExtra:                                           true 
          ScanHeuristic:                                       true 
          ScanMemoryObjects:                                   true 
          ScanPUM:                                             2 
          ScanPUP:                                             2 
          ScanRegistry:                                        true 
          ScanRootkits:                                        false 
          ScanStartup:                                         true 
          ScanTargets:                                          
          ScanType:                                            1 (Threat Scan)
          Silent:                                              true 
        StartTaskFromSystemAccount:                            false 
        TaskType:                                              0 
      triggers:                                                 
        6fd08455-be18-4e8e-813d-127393a5d506:                   
          dateinterval:                                        1:0:0 
          lastscheduled:                                       Tue, 28 Oct 2014 10:31:26.070453 -0400 
          lasttriggered:                                       Tue, 28 Oct 2014 10:31:26.070453 -0400 
          nextscheduled:                                       Wed, 29 Oct 2014 03:38:04 -0400 
          recovery:                                            23:00:00 
          start:                                               Tue, 21 Oct 2014 03:25:32 -0400 
          timeinterval:                                        00:00:00 
          type:                                                4 
          uuid:                                                6fd08455-be18-4e8e-813d-127393a5d506 
      type:                                                    scan 
      uuid:                                                    ea1ff0d9-0282-4d78-8cd7-67c9cb576b94 
 
Pending File Rename Operations: 
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
Pending File Rename Operations: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
PendingFileRenameOperations REG_MULTI_SZ \??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\cleanup.old
 
 
 
MBAMProtector Registry Values:
==============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
Type                          REG_DWORD 2
Start                         REG_DWORD 3
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ \??\C:\Windows\system32\drivers\mbam.sys
Group                         REG_SZ FSFilter Anti-Virus
DependOnService               REG_MULTI_SZ FltMgr
 
WOW64                         REG_DWORD 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
DefaultInstance               REG_SZ MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
Altitude                      REG_SZ 328800
Flags                         REG_DWORD 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters
PassThruFile                  REG_SZ mbampt.exe
ProductPath                   REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum
0                             REG_SZ Root\LEGACY_MBAMPROTECTOR\0000
Count                         REG_DWORD 1
NextInstance                  REG_DWORD 1
 
MBAMService Registry Values:
============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
Type                          REG_DWORD 16
Start                         REG_DWORD 2
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
DependOnService               REG_MULTI_SZ MBAMProtector
 
WOW64                         REG_DWORD 1
ObjectName                    REG_SZ LocalSystem
Description                   REG_SZ Malwarebytes Anti-Malware service
DelayedAutostart              REG_DWORD 0
 
MBAMScheduler Registry Values:
==============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler
Type                          REG_DWORD 16
Start                         REG_DWORD 2
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
WOW64                         REG_DWORD 1
ObjectName                    REG_SZ LocalSystem
Description                   REG_SZ Malwarebytes Anti-Malware scheduler
 
Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================
 
--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
TermService Start is set to: 3 (Manual Startup)
 
Proxy Status: No proxy is Set
 
Proxy Override: 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
ProxyOverride REG_SZ *.local
 
LAN Settings:
=============
 
only 'Automatically detect settings' is selected
 
SystemPartition:
================
 
HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SystemPartition REG_SZ \Device\HarddiskVolume2
 
Balloon Tips Status:
====================
 
Enabled
 
Time Format Settings:
=====================
 
Should be:
h:mm:ss tt
AM 
PM 
:
 
Currently:
REG_SZ h:mm:ss tt
REG_SZ AM
REG_SZ PM
REG_SZ :
 
Language and Regional Settings:
===============================
 
ACP: Language is English (United States)
MACCP: Language is English (United States)
OEMCP: Language is English (United States)
 
Startup Folders for Error_Expanding_Variables Check:
====================================================
 
All Users Startup Folder Exists.
Current User's Startup Folder Exists.
 
 
Context Menu Entries:
=====================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
List of MBAM Related Directories:
=================================
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll                                   File Size: 920888    BYTES FileVersion:  9.20.0.0       MD5: [ce5bab535bfa98530ddac4661a751dfe]
changes.txt                             File Size: 3104      BYTES FileVersion:  N/A            MD5: [3ac874d1e1bfd50e4ceb220f5dd73f67]
license.rtf                             File Size: 39478     BYTES FileVersion:  N/A            MD5: [8627b31943a534aad30d154c2b2c1aaf]
master.conf                             File Size: 1258      BYTES FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                 File Size: 579896    BYTES FileVersion:  1.0.16.0       MD5: [59569d4be0d79a2b8c3241c6dcea0034]
mbam.exe                                 File Size: 7229752   BYTES FileVersion:  1.0.1.711      MD5: [f89773dfa9b8c95a3ac2af1e7d99e483]
mbamcore.dll                             File Size: 1829176   BYTES FileVersion:  1.1.20.0       MD5: [a8d4b1d04a5fcd862321ce106da7ce4e]
mbamdor.exe                             File Size: 54072     BYTES FileVersion:  1.0.1.0        MD5: [842c198bb5fb3a051c34d493f3a7dff4]
mbamext.dll                             File Size: 310584    BYTES FileVersion:  3.0.6.0        MD5: [c49fe57cfa679dc1427fd6737bdce551]
mbampt.exe                               File Size: 39736     BYTES FileVersion:  1.0.0.0        MD5: [03cfd2a07ddf755aafac6e459d2d855a]
mbamscheduler.exe                       File Size: 1871160   BYTES FileVersion:  3.1.1.0        MD5: [6d8a2ee4244630b290a837e79c0f37a1]
mbamservice.exe                         File Size: 968504    BYTES FileVersion:  3.0.8.0        MD5: [09d4503cbb6adb3a54e7c7a75090b728]
mbamsrv.dll                             File Size: 4463928   BYTES FileVersion:  1.2.0.0        MD5: [a422816a15cfac50567fd0f6582fd2cf]
msvcp100.dll                             File Size: 421688    BYTES FileVersion:  10.0.40219.325 MD5: [ca55500e2e0515fcc888c4a5e01e64b7]
msvcr100.dll                             File Size: 774456    BYTES FileVersion:  10.0.40219.325 MD5: [4c539e592e50633b21ab1e1fda40a32a]
QtCore4.dll                             File Size: 2732856   BYTES FileVersion:  4.8.4.0        MD5: [61af7614418ba5b9e8b4eb82e459be53]
QtGui4.dll                               File Size: 8575288   BYTES FileVersion:  4.8.4.0        MD5: [2954dc080087cf73818f959cb3ed9c13]
QtNetwork4.dll                           File Size: 909112    BYTES FileVersion:  4.8.4.0        MD5: [d36b759179ddd214743dcfb8ed791fa2]
unins000.dat                             File Size: 25910     BYTES FileVersion:  N/A            MD5: [1e480240922cb2c6e4bc19be74e4cd89]
unins000.exe                             File Size: 718037    BYTES FileVersion:  51.52.0.0      MD5: [d2796ecf50731e696f0c065d24c0827a]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\accessible
qtaccessiblewidgets4.dll                 File Size: 198968    BYTES FileVersion:  4.8.4.0        MD5: [ac1481e30e75034928f50923c42a530d]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                           File Size: 235882    BYTES FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
firefox.exe                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
firefox.pif                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
firefox.scr                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
iexplore.exe                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
mbam-chameleon.com                       File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
mbam-chameleon.exe                       File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
mbam-chameleon.pif                       File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
mbam-chameleon.scr                       File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
mbam-killer.exe                         File Size: 1188664   BYTES FileVersion:  3.0.2.0        MD5: [311251e69b0db0562be1a2d6b556e552]
rundll32.exe                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
svchost.exe                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
windows.exe                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
winlogon.exe                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
qgif4.dll                               File Size: 32568     BYTES FileVersion:  4.8.4.0        MD5: [ff014ac49ac32e5f1c7d6e271b320893]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_ar.qm                               File Size: 139423    BYTES FileVersion:  N/A            MD5: [9771d098e918204a99fa0068f431e6ba]
lang_bg.qm                               File Size: 147865    BYTES FileVersion:  N/A            MD5: [d250b37179f313e58267f7946e0522d4]
lang_ca.qm                               File Size: 149256    BYTES FileVersion:  N/A            MD5: [0cc2735ee2f231ea5d964c323ca73e08]
lang_cs.qm                               File Size: 142601    BYTES FileVersion:  N/A            MD5: [8426f7126d2851a1e6ca1f1f7e45d2ec]
lang_da.qm                               File Size: 143131    BYTES FileVersion:  N/A            MD5: [6fe13d4a5a44a3390bf9940404eeb6c7]
lang_de.qm                               File Size: 151959    BYTES FileVersion:  N/A            MD5: [9517c7c9865b5641c5c250c84b51a6d1]
lang_el.qm                               File Size: 152327    BYTES FileVersion:  N/A            MD5: [4cd483236d99cf40e9d8cf534bac05e7]
lang_en.qm                               File Size: 137689    BYTES FileVersion:  N/A            MD5: [d34a8afc30bb472c443f7f088513ff04]
lang_es.qm                               File Size: 149211    BYTES FileVersion:  N/A            MD5: [1ee5f6535d02c94812e54e3ed65de6ac]
lang_et.qm                               File Size: 141939    BYTES FileVersion:  N/A            MD5: [f6faee4a33654bb27dcf2f9d4cf955ef]
lang_fi.qm                               File Size: 145730    BYTES FileVersion:  N/A            MD5: [9f4ff431ec70747591ef0e0eaf3ed2cb]
lang_fr.qm                               File Size: 153965    BYTES FileVersion:  N/A            MD5: [8dd69dd62ee617dc3ca4f25ab2c70af8]
lang_he.qm                               File Size: 134117    BYTES FileVersion:  N/A            MD5: [3ad149f1778e6e8f8f89ecfe67a1e62e]
lang_hu.qm                               File Size: 147806    BYTES FileVersion:  N/A            MD5: [7c3ae4dde80fa8759968b218a03a7a73]
lang_id.qm                               File Size: 145710    BYTES FileVersion:  N/A            MD5: [c2a0325d9dfb5c5fce7a4832837896e7]
lang_it.qm                               File Size: 148249    BYTES FileVersion:  N/A            MD5: [4766a519a653d8e6f6ad32094a2a059b]
lang_ja.qm                               File Size: 122782    BYTES FileVersion:  N/A            MD5: [339134f906b770b833653682264bdc23]
lang_ko.qm                               File Size: 119240    BYTES FileVersion:  N/A            MD5: [5042df441910dfe9f6a55d3c005b00c7]
lang_lt.qm                               File Size: 146950    BYTES FileVersion:  N/A            MD5: [5c0fca31ff0a6d2b3f6d1722940a2dc6]
lang_lv.qm                               File Size: 146072    BYTES FileVersion:  N/A            MD5: [8623ed6977cd81c0d520f5fd84788d93]
lang_nl.qm                               File Size: 147725    BYTES FileVersion:  N/A            MD5: [1b391d5599be4724018624a27014eb75]
lang_no.qm                               File Size: 144153    BYTES FileVersion:  N/A            MD5: [2d53348f8e74f26f065e0c83e8fff7fe]
lang_pl.qm                               File Size: 147483    BYTES FileVersion:  N/A            MD5: [ce39bae20f8a2b42f93f2f5a5c6dd63e]
lang_pt_BR.qm                           File Size: 146906    BYTES FileVersion:  N/A            MD5: [b337c75fa23ba36176719d54c0269560]
lang_pt_PT.qm                           File Size: 144956    BYTES FileVersion:  N/A            MD5: [b41016907930a96a11aadb348fd9a1b6]
lang_ro.qm                               File Size: 146821    BYTES FileVersion:  N/A            MD5: [69c447559268a873808d5ae48b425ad9]
lang_ru.qm                               File Size: 148179    BYTES FileVersion:  N/A            MD5: [51d4d0c155de54f24b09be7040a7ff15]
lang_sk.qm                               File Size: 144330    BYTES FileVersion:  N/A            MD5: [3a00a97315c24e6820f8939920ef14b4]
lang_sl.qm                               File Size: 144582    BYTES FileVersion:  N/A            MD5: [47db99ccdd98936e6a38957321c71317]
lang_sv.qm                               File Size: 145435    BYTES FileVersion:  N/A            MD5: [a2b33c0364aad3e9d7daafdd4f286ee1]
lang_th.qm                               File Size: 137957    BYTES FileVersion:  N/A            MD5: [6a24ece552172d805cd428853255d294]
lang_tr.qm                               File Size: 144262    BYTES FileVersion:  N/A            MD5: [18b7fec7611c038780ee77044e523f70]
lang_vi.qm                               File Size: 144480    BYTES FileVersion:  N/A            MD5: [708062759498e791186bbe64b7246d0c]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                           File Size: 821560    BYTES FileVersion:  1.1.0.1010     MD5: [0d7dd0e7f98a4f414fed44af0b50128b]
 
C:\Users\Jen\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                             File Size: 314       BYTES FileVersion:  N/A            MD5: [b26a36c0696e299fdfebe180c09c2737]
cleanup.old                             File Size: 1829176   BYTES FileVersion:  1.1.20.0       MD5: [a8d4b1d04a5fcd862321ce106da7ce4e]
domains.ref                             File Size: 38        BYTES FileVersion:  N/A            MD5: [8c30b536b67543eb68e68b9640d4d498]
exclusions.dat                           File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref                                 File Size: 33        BYTES FileVersion:  N/A            MD5: [8a1c580788ea8de3f32862c2c1cf373c]
mbamdor.old                             File Size: 54072     BYTES FileVersion:  1.0.1.0        MD5: [842c198bb5fb3a051c34d493f3a7dff4]
rules.ref                               File Size: 9973840   BYTES FileVersion:  N/A            MD5: [f6685403b9dfded38e154cd2733e50ae]
swissarmy.ref                           File Size: 23014     BYTES FileVersion:  N/A            MD5: [f2ab0b4219d81b2b4b7102e062c39503]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                               File Size: 4597      BYTES FileVersion:  N/A            MD5: [93980d0395e8f38aa2a0207d3f712b41]
database.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 458       BYTES FileVersion:  N/A            MD5: [7a002d989b91e12ea56ac72b7590e365]
manifest.conf                           File Size: 1707      BYTES FileVersion:  N/A            MD5: [4425b75dc8a354dc622f1fc81b0a72e5]
marketing.conf                           File Size: 1434      BYTES FileVersion:  N/A            MD5: [19533c40d9c9778b2ab423dbcf063d80]
net.conf                                 File Size: 6094      BYTES FileVersion:  N/A            MD5: [9223a827f192310360ab74b2ba7de306]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 2221      BYTES FileVersion:  N/A            MD5: [4ce5532b53d16399b86e3a1ee7f81a9c]
settings.conf                           File Size: 1995      BYTES FileVersion:  N/A            MD5: [6d3e20218ce579a25f2b869df6e129c9]
statistics.conf                         File Size: 513       BYTES FileVersion:  N/A            MD5: [0dff7f56fb461c5acdeaa6dac126409f]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore
build.conf                               File Size: 4155      BYTES FileVersion:  N/A            MD5: [287475cbeda24d01fe8d34660bc35e1c]
database.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 23        BYTES FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                           File Size: 1566      BYTES FileVersion:  N/A            MD5: [29b928c33aec22293649d003ea4ef224]
marketing.conf                           File Size: 1434      BYTES FileVersion:  N/A            MD5: [19533c40d9c9778b2ab423dbcf063d80]
net.conf                                 File Size: 5344      BYTES FileVersion:  N/A            MD5: [973e9c5714cc0c56a7b9c83d876754dd]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                           File Size: 1725      BYTES FileVersion:  N/A            MD5: [06c52d7137dac16e1661f7cf004f2e4d]
statistics.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
mbam-log-2014-10-20 (23-47-28).xml       File Size: 2494      BYTES FileVersion:  N/A            MD5: [90f1a49858cf62ff82a9f99d8bb9c9ec]
mbam-log-2014-10-21 (06-00-45).xml       File Size: 2494      BYTES FileVersion:  N/A            MD5: [27c92729979989257c77791630bdfee6]
mbam-log-2014-10-21 (14-28-17).xml       File Size: 2494      BYTES FileVersion:  N/A            MD5: [31f0a874323819cd5bcc422f6de125d5]
mbam-log-2014-10-28 (10-31-27).xml       File Size: 5674      BYTES FileVersion:  N/A            MD5: [053aba29ff9c5911b41c07fc1e98a069]
protection-log-2014-10-20.xml           File Size: 62246     BYTES FileVersion:  N/A            MD5: [a369f3527a654d0d5d057dca4e51b186]
protection-log-2014-10-21.xml           File Size: 1682249   BYTES FileVersion:  N/A            MD5: [1ae4d15abe29ebd7de6d372afc355281]
protection-log-2014-10-22.xml           File Size: 6377      BYTES FileVersion:  N/A            MD5: [f64058e23bc47717cca0184090d86b47]
protection-log-2014-10-28.xml           File Size: 3883      BYTES FileVersion:  N/A            MD5: [d9fac95a4e2e7abf340583a3c309504e]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
1666352145.data                         File Size: 745       BYTES FileVersion:  N/A            MD5: [2ac00a86e30c8a10ddb22bc79f2088ed]
1666352145.quar                         File Size: 386       BYTES FileVersion:  N/A            MD5: [061135dc798ca88ab25673d447443024]
1730926346.data                         File Size: 849       BYTES FileVersion:  N/A            MD5: [b998eb3e1c8a644ea4e9111659e915d3]
5146038155.data                         File Size: 725       BYTES FileVersion:  N/A            MD5: [666e8040d781c3c62207b3214f44e709]
5146038155.quar                         File Size: 949512    BYTES FileVersion:  N/A            MD5: [c7fdcd73173cb3a91ba5e7590f70e268]
6553383087.data                         File Size: 734       BYTES FileVersion:  N/A            MD5: [44ec66b15326b1f64fce0e5e51a15d61]
6553383087.quar                         File Size: 844256    BYTES FileVersion:  N/A            MD5: [afa541edaa38d70660a4a10d219de540]
9958284155.data                         File Size: 733       BYTES FileVersion:  N/A            MD5: [a47350b38c44a38303832edf08c71853]
9958284155.quar                         File Size: 362       BYTES FileVersion:  N/A            MD5: [ffa6e87145ba63ada1bcdcaba660c5c5]
9990582011.data                         File Size: 730       BYTES FileVersion:  N/A            MD5: [352d686439c33f8f2486476b4d9c39ad]
9990582011.quar                         File Size: 844256    BYTES FileVersion:  N/A            MD5: [afa541edaa38d70660a4a10d219de540]
 
Malware Exclusions:
===================
Unable to access exclusion information: Error code 20001Web Exclusions:
================
Unable to access exclusion information: Error code 20001Quarantined Items:
===================
Unable to access quarantine information: Error code 20001===============================================================
END OF FILE


#11 KyserSozae

KyserSozae
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:50 AM

Posted 28 October 2014 - 12:31 PM

11:19:10.0767 0x0ce4  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
11:19:19.0267 0x0ce4  ============================================================
11:19:19.0267 0x0ce4  Current date / time: 2014/10/28 11:19:19.0267
11:19:19.0267 0x0ce4  SystemInfo:
11:19:19.0267 0x0ce4  
11:19:19.0267 0x0ce4  OS Version: 6.1.7601 ServicePack: 1.0
11:19:19.0267 0x0ce4  Product type: Workstation
11:19:19.0267 0x0ce4  ComputerName: JENS
11:19:19.0267 0x0ce4  UserName: Jen
11:19:19.0267 0x0ce4  Windows directory: C:\Windows
11:19:19.0267 0x0ce4  System windows directory: C:\Windows
11:19:19.0267 0x0ce4  Running under WOW64
11:19:19.0267 0x0ce4  Processor architecture: Intel x64
11:19:19.0267 0x0ce4  Number of processors: 4
11:19:19.0267 0x0ce4  Page size: 0x1000
11:19:19.0267 0x0ce4  Boot type: Normal boot
11:19:19.0267 0x0ce4  ============================================================
11:19:19.0673 0x0ce4  KLMD registered as C:\Windows\system32\drivers\13386798.sys
11:19:20.0328 0x0ce4  System UUID: {F3356C9D-7D8C-BDB2-01C2-F04B2480F9E1}
11:19:21.0264 0x0ce4  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:19:21.0264 0x0ce4  ============================================================
11:19:21.0264 0x0ce4  \Device\Harddisk0\DR0:
11:19:21.0280 0x0ce4  MBR partitions:
11:19:21.0280 0x0ce4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0xFA0E000
11:19:21.0280 0x0ce4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12C0E800, BlocksNum 0x1281F800
11:19:21.0280 0x0ce4  ============================================================
11:19:21.0311 0x0ce4  C: <-> \Device\Harddisk0\DR0\Partition1
11:19:21.0358 0x0ce4  D: <-> \Device\Harddisk0\DR0\Partition2
11:19:21.0358 0x0ce4  ============================================================
11:19:21.0358 0x0ce4  Initialize success
11:19:21.0358 0x0ce4  ============================================================
11:20:34.0325 0x0db8  KLMD registered as C:\Windows\system32\drivers\04252035.sys
11:20:34.0949 0x0db8  Deinitialize success


#12 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,406 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:50 AM

Posted 28 October 2014 - 12:49 PM

At the top of post #9 I posted "Please run the following scans in the order they are requested."

 

You ran the Malwarebytes Antimalware before running RKill.

 

Please read and follow the instructions.

 

With RKill running, rescan with Malwarebytes and post the log.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#13 KyserSozae

KyserSozae
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:50 AM

Posted 28 October 2014 - 01:32 PM

I did run Rkill first, THEN Malware. If you check the log, you'll see the time stamps. I followed your instructions to a "T"



#14 KyserSozae

KyserSozae
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:50 AM

Posted 28 October 2014 - 01:39 PM

I just posted the Malware logs first, by mistake. I ran RKill at 9:11:45 AM, then Malware at 10:38 am. ESET is still scanning, 3 hours in, and only 49%.



#15 KyserSozae

KyserSozae
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:50 AM

Posted 28 October 2014 - 01:48 PM

ESET Finished, here is the log;
 
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application deleted - quarantined
C:\Users\Jen\Downloads\dfsetup218.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jen\Downloads\DownloadXPro.exe a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users