Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Second explorer.exe taking up lots of RAM, most likely a virus.


  • Please log in to reply
8 replies to this topic

#1 Cyrax

Cyrax

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 22 November 2014 - 09:06 AM

It's basically taking up all my RAM and CPU in less than half an hour and I am forced to constantly end the process, only for it to appear 1-10 minutes later.

I tried scanning with TDSS Killer, nothing.

I tried Norton Power Eraser, nothing.

I've also read other posts having similar problems and I don't have utorrent or Firefox and the other solutions didn't help me at all.

These are all my processes:

 

Attached File  PC.png   68.94KB   0 downloads

Attached File  PC2.png   87.97KB   0 downloads

Attached File  PC3.png   69.3KB   0 downloads


Edited by hamluis, 22 November 2014 - 10:06 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Cyrax

Cyrax
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 22 November 2014 - 09:13 AM

I have figured out how to suspend the process, leaving it at 2,868 K, but the process is still there.



#3 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:56 PM

Posted 22 November 2014 - 12:05 PM

Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
malwarerun_zps9abd4ef1.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.

 

 
Please run AdwCleaner
 
Please download AdwCleaner and install it.
 
When AdwCleaner opens you will see an image like the one below.
 
adwcleaner11_zps48314883.png
 
Click on Scan to start the scan.
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.
 

 

Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to have the time to allow this to run till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

  • Click on this link to open ESET OnlineScan in a new window.
  • The ESET Online Scanner page will open, click on Yes, I agree to the trems of use, then click on Start, the scan will now begine.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 Cyrax

Cyrax
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 23 November 2014 - 11:17 PM

Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
malwarerun_zps9abd4ef1.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.
 
 

Please run AdwCleaner
 
Please download AdwCleaner and install it.
 
When AdwCleaner opens you will see an image like the one below.
 
adwcleaner11_zps48314883.png
 
Click on Scan to start the scan.
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.

 
 
Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to have the time to allow this to run till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

  • Click on this link to open ESET OnlineScan in a new window.
  • The ESET Online Scanner page will open, click on Yes, I agree to the trems of use, then click on Start, the scan will now begine.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Alright I have done everything except the ESET scan because of the link not working (I'm using IE)
Strangely it seems Malwarebytes instantly got rid of it. I will post back tomorrow if it comes back.
Thank you.
Here are the log files:

 

Malwarebytes Quarantine:

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
0152638093.data                          File Size: 737       BYTES FileVersion:  N/A            MD5: [65d89c151c1b340093b454261018b595]
0152638093.quar                          File Size: 1352      BYTES FileVersion:  N/A            MD5: [16b7c13f8968b84dbb4be2f2afb73de7]
0848344118.data                          File Size: 838       BYTES FileVersion:  N/A            MD5: [58665506f4f548d8e1f8ab655f839cf3]
0848344118.quar                          File Size: 1018      BYTES FileVersion:  N/A            MD5: [446c06eeb8e39d1dee7a4fad97431edd]
1852273748.data                          File Size: 804       BYTES FileVersion:  N/A            MD5: [6927fa968fe83255f079580696c22429]
2156789438.data                          File Size: 788       BYTES FileVersion:  N/A            MD5: [cd96879ec712506fa291a35b8312dadd]
2156789438.quar                          File Size: 492       BYTES FileVersion:  N/A            MD5: [89cb86189918400150fd7794a7dd8a13]
2833419398.data                          File Size: 740       BYTES FileVersion:  N/A            MD5: [124e97f8803fb5918217ba4f9e87c499]
2833419398.quar                          File Size: 520       BYTES FileVersion:  N/A            MD5: [c1cdd82a9f0679bb9998e50c70b581e8]
5064661762.data                          File Size: 732       BYTES FileVersion:  N/A            MD5: [22c897a73e9fe4a971c1c9c76b8c46cb]
5064661762.quar                          File Size: 13720     BYTES FileVersion:  N/A            MD5: [f37b0a8e036b1c1d756ffe596196c9e0]
6960572547.data                          File Size: 776       BYTES FileVersion:  N/A            MD5: [0ba119e0889d6ec866a8730c0b29a3fa]
6960572547.quar                          File Size: 468       BYTES FileVersion:  N/A            MD5: [c2490bb8d7ab90002fc20a670f400db0]
7150433084.data                          File Size: 792       BYTES FileVersion:  N/A            MD5: [79361a31a30c762b72b1a9c5e2d9142e]
7701917093.data                          File Size: 814       BYTES FileVersion:  N/A            MD5: [498b12e81afbc7a83deb3a4d448cd278]
8019331107.data                          File Size: 725       BYTES FileVersion:  N/A            MD5: [9ed5421ba70a42abc620afaca53825e2]
8019331107.quar                          File Size: 1264      BYTES FileVersion:  N/A            MD5: [0b4dd4e5e0404b81f3e0e6c68e6f80ad]
8616863299.data                          File Size: 801       BYTES FileVersion:  N/A            MD5: [ca64167f445c041dfc74c4bf6620a03b]
9021354519.data                          File Size: 841       BYTES FileVersion:  N/A            MD5: [51f90dbdf485b8ebb028ee25ab4c7481]
9021354519.quar                          File Size: 744       BYTES FileVersion:  N/A            MD5: [4f2ea745085abfd78004ab19e31464ea]
9945631254.data                          File Size: 728       BYTES FileVersion:  N/A            MD5: [78e0b4737cc59b3b0465aa425ef5bfb1]
9945631254.quar                          File Size: 12184     BYTES FileVersion:  N/A            MD5: [4618cd71858f5fc2284f047985435ebd]

 

ADWCleaner Logs:

 

# AdwCleaner v4.102 - Report created 23/11/2014 at 23:06:26
# Updated 23/11/2014 by Xplode
# Database : 2014-11-23.7 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Gary - GARY-PC
# Running from : C:\Users\Gary\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Gary\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Gary\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Gary\AppData\Roaming\NCH Software

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F5677E4-E677-4464-930D-3FFEF0C74265}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

-\\ Google Chrome v39.0.2171.65

[C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.gamesfree.ca/search-results/1/search-results.html?s={searchTerms}&c=&ob=&plus=

*************************

AdwCleaner[R0].txt - [3211 octets] - [23/11/2014 23:01:41]
AdwCleaner[S0].txt - [3012 octets] - [23/11/2014 23:06:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3072 octets] ##########



#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:56 PM

Posted 24 November 2014 - 09:47 AM

The Malwarebytes log is incomplete, please post the whole log.

 

You do not need to quote my posts, it isn't needed.

 

 
Please download and install Emsisoft.
 
1.  When Emsisoft opens click on Update.
 
emsisoft6_zpsace019ac.png
 
2.  Click on Full Scan.
 
emsisoft7_zps9186dacd.png
 
3.  After the scan has completed the results will be displayed.  Make sure there is a check in the box of each item found, then click on Quarantine.
 
emsisoft9_zpsf493a30a.png
 
4.  After the items have been quarantined click on OK.
 
emsisoft10_zpscd89d5de.png
 
5.  After the quarantine has been completed click on Logs.
 
emsisoft11_zps7f976399.png
 
6.  Click on Export and save the log to a location which you will be able to find and open.  Open the log, copy and then paste the log in your topic.
 
emsisoft12_zpsb7365391.png

Edited by dc3, 24 November 2014 - 09:48 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 Cyrax

Cyrax
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 24 November 2014 - 09:44 PM

Full Malwarebytes Log:

 

mbam-check result log version:     2.1.1.1001
========================================

User Account type:                 Administrator
OS:                                Windows 7 Service Pack 1 Service Pack 1 64 bit Operating System
Current Version and Build:         6.1.7601.0
Malwarebytes Anti-Malware:         2.0.3.1025
Installed On:                      2014/11/23
Malware Database:                  0000.00.00.00
Rootkit Database:                  0000.00.00.00
Remediation Database:              0000.00.00.00
IP Database:                       0000.00.00.00
Domain Database:                   0000.00.00.00
License:                           Free
Malware Protection:                0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
Malicious Website Protection:      0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMWebAccessControl
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2014/11/23 22:58:47
Compatibility Flag Settings:
=================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
 SIGN.MEDIA=76B073C SETUP.EXE  REG_SZ  WINXPSP2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
 C:\Users\Gary\Downloads\UnityWebPlayer.exeREG_SZ  WIN7RTM RUNASADMIN
 C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exeREG_SZ  RUNASADMIN
 C:\Program Files (x86)\BlueStacks\HD-Agent.exeREG_SZ  RUNASADMIN
 C:\Program Files (x86)\BlueStacks\HD-Frontend.exeREG_SZ  RUNASADMIN
 C:\Program Files (x86)\BlueStacks\HD-RunApp.exeREG_SZ  RUNASADMIN
 C:\Program Files (x86)\BlueStacks\HD-ApkHandler.exeREG_SZ  RUNASADMIN
 C:\Users\Gary\Downloads\BlueStacks-SplitInstaller_native.exeREG_SZ  RUNASADMIN

Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:

MBAM Startup Entries:
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Malwarebytes Anti-Malware Service and Driver Status:
=======================================================

--------------Driver File Info:--------------
C:\Windows\system32\drivers\mbam.sys
File Size: 25816     BYTES FileVersion: 0.1.15.0 MD5: [5c3669b71657f22e67a1d4bd49d2cbe7]
C:\Windows\system32\drivers\mwac.sys
File Size: 63704     BYTES FileVersion: 1.0.6.0 MD5: [95ef63a7827d4e3a229cbbcb42619e93]
C:\Windows\system32\drivers\mbamswissarmy.sys
File Size: 129752    BYTES FileVersion: 0.2.13.0 MD5: [26c43960c99ee861a5d0edc4dcf3b1c3]
C:\Windows\system32\drivers\mbamchameleon.sys
File Size: 93400     BYTES FileVersion: 1.1.4.0 MD5: [d3311b31c470e7681b14d9b014cbf9ed]

--------------MBAMProtector:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A

--------------MBAMService:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A

--------------MBAMScheduler:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A

--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A

--------------MBAMWebAccessControl:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControl
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A

Required Dependencies:
======================

--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
 DisplayName                   REG_SZ  @%SystemRoot%\system32\bfe.dll,-1001
 Group                         REG_SZ  NetworkProvider
 ImagePath                     REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
 Description                   REG_SZ  @%SystemRoot%\system32\bfe.dll,-1002
 ObjectName                    REG_SZ  NT AUTHORITY\LocalService
 ErrorControl                  REG_DWORD  1
 Start                         REG_DWORD  2
 Type                          REG_DWORD  32
 DependOnService               REG_MULTI_SZ RpcSs

 ServiceSidType                REG_DWORD  3
 RequiredPrivileges            REG_MULTI_SZ SeAuditPrivilege

 FailureActions                REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
 ServiceDll                    REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
 ServiceDllUnloadOnStop        REG_DWORD  1
 ServiceMain                   REG_SZ  BfeServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
 {8c300c03-7d30-1b44-8a83-dcc8c09cfa85}REG_BINARY Binary Data

 {e88282c2-f90f-ef54-1a60-13cbe22eceaa}REG_BINARY Binary Data

 {e1739739-ee27-4492-b61b-b1fd907d9e88}REG_BINARY Binary Data

 {0f14dd31-cf58-4fab-9127-e085c7547d7a}REG_BINARY Binary Data

 {034c737b-f629-a1b4-6afb-1a2f44a1a1d7}REG_BINARY Binary Data

 {cfb4c757-0bff-94e4-7801-a2b2f62f35ce}REG_BINARY Binary Data

 {47a3a498-021c-7304-b85a-6bb5e43ade96}REG_BINARY Binary Data

 {5bb9675e-0064-2cb4-d89d-bcd4e20e11c8}REG_BINARY Binary Data

 {ca70ae30-59e8-46ef-b483-c22ee366ab29}REG_BINARY Binary Data

 {b18f04c9-f2e9-4d39-9510-b9265a6b071d}REG_BINARY Binary Data

 {430f2767-3528-2784-289e-b0860d99a608}REG_BINARY Binary Data

 {a06ae492-b0c1-1f94-caa4-bb9b226ca22d}REG_BINARY Binary Data

 {c540d974-3c6c-be64-5bff-3db65b322a1d}REG_BINARY Binary Data

 {3e3f092e-1288-a8c4-28bf-2b4ef96df312}REG_BINARY Binary Data

 {e20f0605-5735-38d4-6aea-19d1b15c7868}REG_BINARY Binary Data

 {2dc4271a-246e-a1a4-3a70-4c8f14fd7ba0}REG_BINARY Binary Data

 {638ffdf7-a3ff-66c4-7b65-4f406b0da651}REG_BINARY Binary Data

 {f9bc3444-96d0-0ca4-8920-5425ed611a9e}REG_BINARY Binary Data

 {0ff1f959-c0d4-3ca4-a8a5-cb469d318b39}REG_BINARY Binary Data

 {1dd94704-a218-0d34-18d3-1ba50d201728}REG_BINARY Binary Data

 {39f29298-8fa5-0144-fab3-bcd9ad227c3b}REG_BINARY Binary Data

 {f154d790-c121-3a84-7824-f7ff97bea29e}REG_BINARY Binary Data

 {a708428d-50f4-9d44-aa15-fd48988b7d66}REG_BINARY Binary Data

 {98b0b712-aa06-f734-0bec-c14f445161c4}REG_BINARY Binary Data

 {70e10304-e806-1af4-4a65-791688215398}REG_BINARY Binary Data

 {fb588d62-f991-4044-bba6-5e96cf3939df}REG_BINARY Binary Data

 {64f39050-d77f-7a74-8a07-2a7c2dd7802d}REG_BINARY Binary Data

 {e69be8e1-869d-0e34-99f6-f82ea91df33d}REG_BINARY Binary Data

 {dcae098a-dff1-ffe4-9b22-0bb2738885db}REG_BINARY Binary Data

 {113ba551-0a01-aa84-1944-25df351f74ab}REG_BINARY Binary Data

 {ef11fc1e-9d20-ff14-3b74-55b7e55eeb97}REG_BINARY Binary Data

 {b457115e-0fc4-89f4-2b7d-85e7d94efcaa}REG_BINARY Binary Data

 {2265f512-4d6b-8484-fbf8-7d6ec7579b67}REG_BINARY Binary Data

 {1b0fa1a4-5e46-8cc4-18c0-f5ff3dd69546}REG_BINARY Binary Data

 {d663476c-94a3-c5e4-db44-7aa6c8fabd83}REG_BINARY Binary Data

 {d4de1868-54d9-b4e4-ab30-b9c378cb4b18}REG_BINARY Binary Data

 {c8e26ddd-a426-73e4-b848-a5c31a087eca}REG_BINARY Binary Data

 {f67c8b29-2d24-0a74-fbd7-a5cbbe16f710}REG_BINARY Binary Data

 {fbe3d017-fb99-8c14-aad9-631321b22614}REG_BINARY Binary Data

 {b47f0b6a-3185-6434-c8b0-e1e69c18eb94}REG_BINARY Binary Data

 {68487fdc-3301-cef4-ea7a-583c54b3069c}REG_BINARY Binary Data

 {21e3a753-0ccf-f284-abd6-7221adbd9311}REG_BINARY Binary Data

 {ffb717c4-ecc7-8b14-3978-dca6602db705}REG_BINARY Binary Data

 {c40bc20f-87a8-8e24-e824-38f14fb83d7e}REG_BINARY Binary Data

 {9cd26f24-b76d-2e14-ca19-d17d552bb424}REG_BINARY Binary Data

 {3bbaa68c-b062-66a4-8a85-648680f757ca}REG_BINARY Binary Data

 {cd1b16b0-cc00-0be4-79f2-7b4ae69a2037}REG_BINARY Binary Data

 {511094b4-6ffd-e2e4-0bcf-9794e77d95ae}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout
 {288d1fdb-0317-7e44-cb75-83debf2aebf5}REG_BINARY Binary Data

 {43ebc567-3739-d724-e89c-cd57f7f662be}REG_BINARY Binary Data

 {e07dc617-78d7-4317-8d98-1de4a06a7447}REG_BINARY Binary Data

 {fa50a7a7-58aa-48cc-b795-039f0519e05d}REG_BINARY Binary Data

 {83b672f1-37df-f3d4-c8be-2d0ed09451ed}REG_BINARY Binary Data

 {1938590a-37c1-4754-e9ee-c9198f101b57}REG_BINARY Binary Data

 {63ceb950-c8c2-62c4-197a-70815d052de9}REG_BINARY Binary Data

 {7f44d536-a1d5-04b4-5821-f9d3f05e7b77}REG_BINARY Binary Data

 {0c1ac9f9-08e1-4a93-b969-f2cc78ab71da}REG_BINARY Binary Data

 {ba7a59eb-6441-4b0a-8867-5e8b896c2786}REG_BINARY Binary Data

 {822c8b33-e507-cad4-ab50-e06d74102386}REG_BINARY Binary Data

 {ce939e38-be51-53f4-d98e-c7905ea7af84}REG_BINARY Binary Data

 {b787f560-894f-8db4-1bd5-ea38d2f4006a}REG_BINARY Binary Data

 {5040b65d-0ecd-5fc4-99ee-7bccd3941b13}REG_BINARY Binary Data

 {e53d1460-4afc-e1e4-8a2e-e210cc564688}REG_BINARY Binary Data

 {2e971130-3bf4-ea64-9ab5-cb9c3a0cad57}REG_BINARY Binary Data

 {bff0c14d-5646-7644-3a01-f0344e4cb231}REG_BINARY Binary Data

 {3ce1de5f-d7ef-e064-1991-abe3beefda33}REG_BINARY Binary Data

 {d384de9c-320b-7564-788b-7e17bd4f3e06}REG_BINARY Binary Data

 {b6fe0628-75e9-41d4-c85b-106b79a9605c}REG_BINARY Binary Data

 {6db2047b-4844-4a34-c9f7-612acd816b15}REG_BINARY Binary Data

 {7dbcb70a-fa99-76c4-2bb7-44e9545c290b}REG_BINARY Binary Data

 {f0888ff5-e13d-e844-1b13-64f885451c9e}REG_BINARY Binary Data

 {1e6f2082-dc1c-e774-9889-d77bc276de17}REG_BINARY Binary Data

 {34392ca1-05dd-d324-d886-a1db63fd0a1c}REG_BINARY Binary Data

 {2c8aea04-7f81-44e4-380a-4f1f1fd3ec8b}REG_BINARY Binary Data

 {4d6ff4f5-33fc-04a4-5a43-580d83238c1f}REG_BINARY Binary Data

 {056d0c54-b875-6b54-3b6b-85fb20ef945b}REG_BINARY Binary Data

 {d9bf7a23-80e2-16f4-4916-10b6881da7f4}REG_BINARY Binary Data

 {3b15de27-387f-0b04-b8fd-9cfec1fc2b53}REG_BINARY Binary Data

 {ff60487c-9b38-8b74-eaad-a723fe2920f3}REG_BINARY Binary Data

 {e113abe3-c2c2-e7d4-981a-1d81cef728cd}REG_BINARY Binary Data

 {f9c69fee-fab9-4d14-7bf0-4150924172c3}REG_BINARY Binary Data

 {013bfb29-c999-4f74-e91a-163592356489}REG_BINARY Binary Data

 {a1f52b10-d3a0-5584-db3f-4fbff5ee691e}REG_BINARY Binary Data

 {a66e372d-6ad2-32b4-fa7a-9e5406a06efb}REG_BINARY Binary Data

 {25452abe-22c4-46e4-4b43-4e63c44ff052}REG_BINARY Binary Data

 {d2186677-8f09-80c4-9a3c-fb95a7cafe47}REG_BINARY Binary Data

 {13d22885-8869-6194-8a68-eabf78dc7b1d}REG_BINARY Binary Data

 {85d443eb-d02f-35b4-09b6-17a55933e9a9}REG_BINARY Binary Data

 {468aa82e-7c0b-3484-f976-c96cac54f548}REG_BINARY Binary Data

 {d7167dab-073c-70f4-eaa7-27a7f9058100}REG_BINARY Binary Data

 {aa75c41d-0567-9754-fbb4-98314d2e1025}REG_BINARY Binary Data

 {72d8a0b2-f9e8-3a14-5947-53b26053e2cc}REG_BINARY Binary Data

 {1e83b45d-73c2-3c74-69ca-ca49a21a9471}REG_BINARY Binary Data

 {124cd831-d190-26d4-1912-9d66a2f87850}REG_BINARY Binary Data

 {f4965f1d-9b1d-c1b4-a9bf-7f14d9558673}REG_BINARY Binary Data

 {d9fbf698-6e04-4044-e834-05a80e2c7216}REG_BINARY Binary Data

 {3c565f9a-e9d1-52d4-280a-204519ae9b74}REG_BINARY Binary Data

 {cae4853d-d48a-5094-9998-a654d8a1f201}REG_BINARY Binary Data

 {c195d6cb-28ba-0244-f9ea-d52c30774a2f}REG_BINARY Binary Data

 {945df99a-f3cd-63b4-1925-816ce9429e3b}REG_BINARY Binary Data

 {323a84ef-da67-4c44-3940-200827d6c044}REG_BINARY Binary Data

 {379a9aa8-6286-9274-6a9a-1b9f9fef5ea2}REG_BINARY Binary Data

 {3162ae5d-fd53-7894-badc-9910318def3f}REG_BINARY Binary Data

 {83ad9a09-ff8f-4a54-d99a-cec7b98984ff}REG_BINARY Binary Data

 {2de5159c-7a8e-f814-58c2-236f884dbb18}REG_BINARY Binary Data

 {539b7c6d-8ad7-ea54-cbba-f028c6a88719}REG_BINARY Binary Data

 {6329feaf-fae0-51e4-aba7-9107bc00d060}REG_BINARY Binary Data

 {b99aa75f-8721-98a4-e952-f03e1e644994}REG_BINARY Binary Data

 {a49c4ab8-c054-9914-2b9c-7d0ae48d8505}REG_BINARY Binary Data

 {7df4b338-f782-f0f4-9bed-e9b45deb580e}REG_BINARY Binary Data

 {f319fd16-192f-13a4-ea06-180e16c755f9}REG_BINARY Binary Data

 {3cc23cb2-30bd-6674-3bf9-81d622fde73d}REG_BINARY Binary Data

 {4053bd41-f27e-8bc4-39d8-4420fc25b014}REG_BINARY Binary Data

 {92517201-7702-8bf4-dbea-9fdfe8a32410}REG_BINARY Binary Data

 {1d0f6316-1e62-7cb4-b908-aebc52d7af48}REG_BINARY Binary Data

 {c28099d7-7ef3-3f64-785c-9e82ff2678a9}REG_BINARY Binary Data

 {9a81b08a-d239-9f14-ea63-fa043703c04b}REG_BINARY Binary Data

 {a739d627-00a3-9634-ebf2-0b0c7977fea1}REG_BINARY Binary Data

 {bd54f486-7316-ae84-bad6-efec4ca12d63}REG_BINARY Binary Data

 {9d16cb2a-7eb4-db64-5980-d989275b5c6a}REG_BINARY Binary Data

 {b95281e9-0df5-3664-289a-2cda6a45f97d}REG_BINARY Binary Data

 {ca4cad28-4dd9-6034-69c5-d5362f3cc1cb}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
 {8c300c03-7d30-1b44-8a83-dcc8c09cfa85}REG_BINARY Binary Data

 {e311ae9f-e0fb-7f04-7b55-8a257506650f}REG_BINARY Binary Data

 {e88282c2-f90f-ef54-1a60-13cbe22eceaa}REG_BINARY Binary Data

 {4ef2b2de-4b97-0234-3bbf-eaa6719814d6}REG_BINARY Binary Data

 {e1739739-ee27-4492-b61b-b1fd907d9e88}REG_BINARY Binary Data

 {e7609227-f261-4b39-a7f5-64e338ade472}REG_BINARY Binary Data

 {0f14dd31-cf58-4fab-9127-e085c7547d7a}REG_BINARY Binary Data

 {f3009b7d-992b-4cce-b65a-2792465c6ea4}REG_BINARY Binary Data

 {034c737b-f629-a1b4-6afb-1a2f44a1a1d7}REG_BINARY Binary Data

 {dcbbcd6b-37fe-0914-2b3e-a5a15ed83c24}REG_BINARY Binary Data

 {cfb4c757-0bff-94e4-7801-a2b2f62f35ce}REG_BINARY Binary Data

 {a5f90f38-2ba6-0c84-3a97-906cc41a4860}REG_BINARY Binary Data

 {47a3a498-021c-7304-b85a-6bb5e43ade96}REG_BINARY Binary Data

 {3bb6a48a-db01-da24-6b94-b0890b8da96f}REG_BINARY Binary Data

 {5bb9675e-0064-2cb4-d89d-bcd4e20e11c8}REG_BINARY Binary Data

 {642969df-6023-55a4-384d-a00571e7a98a}REG_BINARY Binary Data

 {ca70ae30-59e8-46ef-b483-c22ee366ab29}REG_BINARY Binary Data

 {c91d1d66-421c-4b87-ac5b-a18193abbd64}REG_BINARY Binary Data

 {b18f04c9-f2e9-4d39-9510-b9265a6b071d}REG_BINARY Binary Data

 {bb623a72-5252-4284-a365-1cd0f83e55ce}REG_BINARY Binary Data

 {430f2767-3528-2784-289e-b0860d99a608}REG_BINARY Binary Data

 {3ba7deb2-a886-ae74-f87a-72194738a423}REG_BINARY Binary Data

 {a06ae492-b0c1-1f94-caa4-bb9b226ca22d}REG_BINARY Binary Data

 {11cc978e-2782-1724-79bf-9a7edca87fae}REG_BINARY Binary Data

 {c540d974-3c6c-be64-5bff-3db65b322a1d}REG_BINARY Binary Data

 {9de53702-392d-8044-2953-fc2bc7af47ad}REG_BINARY Binary Data

 {3e3f092e-1288-a8c4-28bf-2b4ef96df312}REG_BINARY Binary Data

 {d96b0bca-4c17-2b34-48b1-60566dd3e999}REG_BINARY Binary Data

 {e20f0605-5735-38d4-6aea-19d1b15c7868}REG_BINARY Binary Data

 {e448f4a4-8392-a954-699a-41c712f4a5d3}REG_BINARY Binary Data

 {2dc4271a-246e-a1a4-3a70-4c8f14fd7ba0}REG_BINARY Binary Data

 {e1de2d9d-2a11-f554-0acf-db826b0f4bd6}REG_BINARY Binary Data

 {638ffdf7-a3ff-66c4-7b65-4f406b0da651}REG_BINARY Binary Data

 {5342d19f-180e-3124-b95c-cc8d73fef5b1}REG_BINARY Binary Data

 {f9bc3444-96d0-0ca4-8920-5425ed611a9e}REG_BINARY Binary Data

 {1c5aab44-1a9b-9c04-9a1d-f9f85ec51e98}REG_BINARY Binary Data

 {0ff1f959-c0d4-3ca4-a8a5-cb469d318b39}REG_BINARY Binary Data

 {b5db1d35-04c6-07f4-3912-a48d9266dc36}REG_BINARY Binary Data

 {1dd94704-a218-0d34-18d3-1ba50d201728}REG_BINARY Binary Data

 {a95b3da7-c453-a294-cacb-b5065e5a9dd0}REG_BINARY Binary Data

 {39f29298-8fa5-0144-fab3-bcd9ad227c3b}REG_BINARY Binary Data

 {4dbfdcf1-8cd6-79a4-1b57-d3ce0245e8ed}REG_BINARY Binary Data

 {f154d790-c121-3a84-7824-f7ff97bea29e}REG_BINARY Binary Data

 {b00673e4-f4be-01d4-cab1-cab8f7f217a8}REG_BINARY Binary Data

 {a708428d-50f4-9d44-aa15-fd48988b7d66}REG_BINARY Binary Data

 {ad3611e0-f9e2-ebf4-49e1-59361a5ffbea}REG_BINARY Binary Data

 {98b0b712-aa06-f734-0bec-c14f445161c4}REG_BINARY Binary Data

 {605a11a1-39e0-8eb4-2850-e2b24f317d76}REG_BINARY Binary Data

 {70e10304-e806-1af4-4a65-791688215398}REG_BINARY Binary Data

 {883a9337-5ef5-f4c4-5b87-239da3ee190f}REG_BINARY Binary Data

 {fb588d62-f991-4044-bba6-5e96cf3939df}REG_BINARY Binary Data

 {b14c171c-cba7-ebd4-fbb8-ce1071abca6d}REG_BINARY Binary Data

 {64f39050-d77f-7a74-8a07-2a7c2dd7802d}REG_BINARY Binary Data

 {24c60015-9c25-3f34-cacf-92da9840e906}REG_BINARY Binary Data

 {e69be8e1-869d-0e34-99f6-f82ea91df33d}REG_BINARY Binary Data

 {6d7c050d-a47a-9914-9b9c-3ec20b9d7698}REG_BINARY Binary Data

 {dcae098a-dff1-ffe4-9b22-0bb2738885db}REG_BINARY Binary Data

 {2efb3fad-ff4c-e684-5b3c-af1df1bf1ca9}REG_BINARY Binary Data

 {113ba551-0a01-aa84-1944-25df351f74ab}REG_BINARY Binary Data

 {125c4673-2cbe-b8d4-8aee-faf905c18997}REG_BINARY Binary Data

 {ef11fc1e-9d20-ff14-3b74-55b7e55eeb97}REG_BINARY Binary Data

 {49339bce-1676-b564-79f0-9dedba6ac5a0}REG_BINARY Binary Data

 {b457115e-0fc4-89f4-2b7d-85e7d94efcaa}REG_BINARY Binary Data

 {d167b2f1-e18b-4644-2b1f-c8c84095db6b}REG_BINARY Binary Data

 {2265f512-4d6b-8484-fbf8-7d6ec7579b67}REG_BINARY Binary Data

 {65bd1b95-7c25-1cb4-e8cf-5f77cf66fc7e}REG_BINARY Binary Data

 {1b0fa1a4-5e46-8cc4-18c0-f5ff3dd69546}REG_BINARY Binary Data

 {aea589d8-0f00-bc04-0a41-f96b266d758d}REG_BINARY Binary Data

 {d663476c-94a3-c5e4-db44-7aa6c8fabd83}REG_BINARY Binary Data

 {db7b7458-6817-ce44-0abe-440eae0c2b57}REG_BINARY Binary Data

 {d4de1868-54d9-b4e4-ab30-b9c378cb4b18}REG_BINARY Binary Data

 {60268e51-b7fd-c1e4-6b82-638aa19227bd}REG_BINARY Binary Data

 {c8e26ddd-a426-73e4-b848-a5c31a087eca}REG_BINARY Binary Data

 {1ad00215-eb30-eda4-69bd-346d8371787a}REG_BINARY Binary Data

 {f67c8b29-2d24-0a74-fbd7-a5cbbe16f710}REG_BINARY Binary Data

 {60286bb2-acca-67d4-58d8-3610a6618e15}REG_BINARY Binary Data

 {fbe3d017-fb99-8c14-aad9-631321b22614}REG_BINARY Binary Data

 {169d6be1-b993-6af4-c9f7-74f6946781e4}REG_BINARY Binary Data

 {b47f0b6a-3185-6434-c8b0-e1e69c18eb94}REG_BINARY Binary Data

 {30146aff-3c2c-0aa4-3905-894aa433e953}REG_BINARY Binary Data

 {7587f941-cafe-99d4-fb05-f470e11db9d0}REG_BINARY Binary Data

 {a3d09149-cc40-6854-f9b2-5a83e63b5aa9}REG_BINARY Binary Data

 {08851390-28f1-d024-0a30-96424e7f2a8c}REG_BINARY Binary Data

 {e00fb75c-bfb8-a0b4-ea1a-aad548b5cb38}REG_BINARY Binary Data

 {d1d8fe07-0f6f-3bb4-8b2d-ac54185b9ea4}REG_BINARY Binary Data

 {07a51945-f0a0-a984-19dd-a2fa6df50ca1}REG_BINARY Binary Data

 {aa959992-13eb-eab4-c8c3-344b164dedc0}REG_BINARY Binary Data

 {e124c736-1dd5-f034-181e-202a6f0d45e3}REG_BINARY Binary Data

 {45b3b6b8-08a0-0eb4-2b3f-7cba6fcff68a}REG_BINARY Binary Data

 {63f3d0c3-b230-3384-a9a0-05fe70c051a9}REG_BINARY Binary Data

 {7d972967-373f-53c4-c822-6d9b98040aac}REG_BINARY Binary Data

 {8b0216d4-8c51-5674-d977-0d4c5873c41f}REG_BINARY Binary Data

 {68487fdc-3301-cef4-ea7a-583c54b3069c}REG_BINARY Binary Data

 {63421a09-1e6b-1724-88be-ac3012cda100}REG_BINARY Binary Data

 {21e3a753-0ccf-f284-abd6-7221adbd9311}REG_BINARY Binary Data

 {d0bbb240-772e-3144-4bcd-ef6b426e90ba}REG_BINARY Binary Data

 {0259c1da-7cce-f914-7a21-487e1e084a28}REG_BINARY Binary Data

 {1dd6069a-5a11-49c4-ba9a-67c6a44f5b4c}REG_BINARY Binary Data

 {104e67d6-ec8f-28b4-bb61-00fde33ab1eb}REG_BINARY Binary Data

 {b4251f4a-2d5a-b014-0a4a-ed36b5e10ea0}REG_BINARY Binary Data

 {ffb717c4-ecc7-8b14-3978-dca6602db705}REG_BINARY Binary Data

 {4f8e204e-5624-9234-8a78-8f16aae3ef20}REG_BINARY Binary Data

 {c40bc20f-87a8-8e24-e824-38f14fb83d7e}REG_BINARY Binary Data

 {c55f646a-7d0e-5ff4-9b56-abc231ba1bef}REG_BINARY Binary Data

 {4776b92a-fed9-d8e4-9a0e-f85cf5865d35}REG_BINARY Binary Data

 {9f3078ed-3bb3-2e24-ab4a-71722a21fd64}REG_BINARY Binary Data

 {92ac1647-5cd5-a1d4-0bc1-5fd3213c8c4b}REG_BINARY Binary Data

 {02cca994-9a30-25a4-3b7c-bd328cba6209}REG_BINARY Binary Data

 {a64e2fd7-fb02-4674-8819-10780570e8b7}REG_BINARY Binary Data

 {8daa920a-dfd9-7844-5bf9-ab95051685aa}REG_BINARY Binary Data

 {9cd26f24-b76d-2e14-ca19-d17d552bb424}REG_BINARY Binary Data

 {9c8380e5-0d81-eef4-a88b-21dd395c25fa}REG_BINARY Binary Data

 {3bbaa68c-b062-66a4-8a85-648680f757ca}REG_BINARY Binary Data

 {22482d59-35d6-1f44-3b51-19ad61d3114c}REG_BINARY Binary Data

 {cd1b16b0-cc00-0be4-79f2-7b4ae69a2037}REG_BINARY Binary Data

 {87dc86f5-72ee-2fc4-8a83-0363327f1b96}REG_BINARY Binary Data

 {511094b4-6ffd-e2e4-0bcf-9794e77d95ae}REG_BINARY Binary Data

 {d7429422-150f-0c74-3bba-dc048e9baf3d}REG_BINARY Binary Data

 {bf1b654b-5339-2a44-1923-64119b05b796}REG_BINARY Binary Data

 {36ed884e-2b1f-e2d4-5b52-d7b9371a4b93}REG_BINARY Binary Data

 {f0b80ade-0944-73b4-09cc-ba867baba6d6}REG_BINARY Binary Data

 {3627ecb2-b18b-74a4-7b8a-4dc864cfe05e}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
 {decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data

 {4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data

 {1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data

 {aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data

 {06e9d64c-15e9-4615-a862-1f0dc2674c6a}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
 {b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data

 {b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data

 {b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data

 {9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data

 {138d8cf9-63ce-0264-2a6a-82012a3041e9}REG_BINARY Binary Data

 {e104491e-e3ff-5884-297d-4a606059202a}REG_BINARY Binary Data

 {944c7c85-2d3e-3ca4-b96c-45f1fbacf534}REG_BINARY Binary Data

 {7ad177f7-b8b6-f044-982b-02fba7bb5a4b}REG_BINARY Binary Data

 {982a8b99-8fda-5af4-394e-b3a86eeae3a2}REG_BINARY Binary Data

 {716551c6-d81c-c314-8b60-8e802d17af65}REG_BINARY Binary Data

 {fa440e9d-3210-9e34-0941-9e24589c14a7}REG_BINARY Binary Data

 {3659e00e-8c62-9174-8be9-e4e562795f04}REG_BINARY Binary Data

 {a98edafe-8f64-8144-fa1b-ba21cc1c77dd}REG_BINARY Binary Data

 {7e0920ad-bcec-bb94-f850-b022eac09779}REG_BINARY Binary Data

--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
 AttachWhenLoaded              REG_DWORD  1
 DisplayName                   REG_SZ  @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
 Group                         REG_SZ  FSFilter Infrastructure
 ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys
 Description                   REG_SZ  @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
 ErrorControl                  REG_DWORD  3
 Start                         REG_DWORD  0
 Tag                           REG_DWORD  1
 Type                          REG_DWORD  2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
 0                             REG_SZ  Root\LEGACY_FLTMGR\0000
 Count                         REG_DWORD  1
 NextInstance                  REG_DWORD  1

C:\Windows\system32\drivers\fltmgr.sys
File Size: 289664    BYTES FileVersion: 6.1.7601.17514 MD5: [da6b67270fd9db3697b20fce94950741]
C:\Windows\SysWOW64\mscomctl.ocx
File Size: 1077336   BYTES FileVersion: 6.1.95.45 MD5: [f7bbb7d79adb9e3adc13f3b3c33d3d4d]
C:\Windows\SysWOW64\olepro32.dll
File Size: 90112     BYTES FileVersion: 6.1.7601.17514 MD5: [703ffd301ab900b047337c5d40fd6f96]

MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced:
    AutomaticQuarantine:                                       true
    AutostartProtection:                                       true
    LimitedMode:                                               false
    StartSilentMode:                                           false
    StartupDelay:                                              0
ApplicationState:
    First-Run-After-Installation:                              false
General:
    DaysUntilNotifyExpiration:                                 5
    Language:                                                  en
    RightClickAccess:                                          false
    SilentErrors:                                              false
Logging:
    ExportLog:                                                 true
Notification:
ProtectionTray:
    DisplayMilliseconds:                                       7000
ScanHistory:
    Duration_Complete:                                         549976
    Duration_Driver:                                           0
    Duration_Filesystem:                                       1604
    Duration_Heuristics:                                       346625
    Duration_Loading:                                          0
    Duration_MasterBootRecord:                                 0
    Duration_Memory:                                           40000
    Duration_PreScan:                                          32075
    Duration_Registry:                                         26646
    Duration_Sector:                                           0
    Duration_Startup:                                          25179
    ItemCount_Complete:                                        262227
    ItemCount_Driver:                                          0
    ItemCount_Filesystem:                                      42931
    ItemCount_Heuristics:                                      9175
    ItemCount_Loading:                                         0
    ItemCount_MasterBootRecord:                                0
    ItemCount_Memory:                                          2797
    ItemCount_PreScan:                                         32000
    ItemCount_Registry:                                        602
    ItemCount_Sector:                                          0
    ItemCount_Startup:                                         1393
    LastScanDateEpoch:                                         1416799263730
    LastScanType:                                              1 (Threat Scan)
Update:
    LastUpdate:                                                2014-11-24T03:20:49
    NotifyInstallReady:                                        true
    NotifyOutdatedDatabase:                                    7
    ProxyPassword:                                             
    ProxyPort:                                                 0
    ProxyServer:                                               
    ProxyUsername:                                             
    UseProxy:                                                  false
    UseProxyAuthentication:                                    false
--------------Account:--------------
  Account Status:                                              Free
  Expiration Time:                                             
  Activation Time:                                             
  Trial Used:                                                  false
--------------Access Policies:--------------

Scheduler Queue:
================

Pending File Rename Operations:
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
Pending File Rename Operations:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
 PendingFileRenameOperations REG_MULTI_SZ \??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\cleanup.old

 

MBAMProtector Registry Values:
==============================

 

MBAMService Registry Values:
============================

 

MBAMScheduler Registry Values:
==============================

 

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

TermService Start is set to: 3 (Manual Startup)

Proxy Status: No proxy is Set

Proxy Override:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
 ProxyOverride REG_SZ  *.local

LAN Settings:
=============

only 'Automatically detect settings' is selected

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
 SystemPartition REG_SZ  \Device\HarddiskVolume1

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
  h:mm:ss tt
  AM
  PM
  :

Currently:
REG_SZ  h:mm:ss tt
REG_SZ  AM
REG_SZ  PM
REG_SZ  :

Language and Regional Settings:
===============================

ACP:  Language is English (United States)
MACCP:  Language is English (United States)
OEMCP:  Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's Startup Folder Exists.

Context Menu Entries:
=====================

 

 

 

 

 

 

 

List of MBAM Related Directories:
=================================

C:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll                                   File Size: 920888    BYTES FileVersion:  9.20.0.0       MD5: [ce5bab535bfa98530ddac4661a751dfe]
changes.txt                              File Size: 3104      BYTES FileVersion:  N/A            MD5: [3ac874d1e1bfd50e4ceb220f5dd73f67]
license.rtf                              File Size: 39478     BYTES FileVersion:  N/A            MD5: [8627b31943a534aad30d154c2b2c1aaf]
master.conf                              File Size: 1258      BYTES FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                 File Size: 579896    BYTES FileVersion:  1.0.16.0       MD5: [59569d4be0d79a2b8c3241c6dcea0034]
mbam.exe                                 File Size: 7229752   BYTES FileVersion:  1.0.1.711      MD5: [f89773dfa9b8c95a3ac2af1e7d99e483]
mbamcore.dll                             File Size: 1829176   BYTES FileVersion:  1.1.20.0       MD5: [a8d4b1d04a5fcd862321ce106da7ce4e]
mbamdor.exe                              File Size: 54072     BYTES FileVersion:  1.0.1.0        MD5: [842c198bb5fb3a051c34d493f3a7dff4]
mbamext.dll                              File Size: 310584    BYTES FileVersion:  3.0.6.0        MD5: [c49fe57cfa679dc1427fd6737bdce551]
mbampt.exe                               File Size: 39736     BYTES FileVersion:  1.0.0.0        MD5: [03cfd2a07ddf755aafac6e459d2d855a]
mbamscheduler.exe                        File Size: 1871160   BYTES FileVersion:  3.1.1.0        MD5: [6d8a2ee4244630b290a837e79c0f37a1]
mbamservice.exe                          File Size: 968504    BYTES FileVersion:  3.0.8.0        MD5: [09d4503cbb6adb3a54e7c7a75090b728]
mbamsrv.dll                              File Size: 4463928   BYTES FileVersion:  1.2.0.0        MD5: [a422816a15cfac50567fd0f6582fd2cf]
msvcp100.dll                             File Size: 421688    BYTES FileVersion:  10.0.40219.325 MD5: [ca55500e2e0515fcc888c4a5e01e64b7]
msvcr100.dll                             File Size: 774456    BYTES FileVersion:  10.0.40219.325 MD5: [4c539e592e50633b21ab1e1fda40a32a]
QtCore4.dll                              File Size: 2732856   BYTES FileVersion:  4.8.4.0        MD5: [61af7614418ba5b9e8b4eb82e459be53]
QtGui4.dll                               File Size: 8575288   BYTES FileVersion:  4.8.4.0        MD5: [2954dc080087cf73818f959cb3ed9c13]
QtNetwork4.dll                           File Size: 909112    BYTES FileVersion:  4.8.4.0        MD5: [d36b759179ddd214743dcfb8ed791fa2]
unins000.dat                             File Size: 25993     BYTES FileVersion:  N/A            MD5: [925531711ac26166ba7253b9d366e683]
unins000.exe                             File Size: 718037    BYTES FileVersion:  51.52.0.0      MD5: [d2796ecf50731e696f0c065d24c0827a]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\accessible
qtaccessiblewidgets4.dll                 File Size: 198968    BYTES FileVersion:  4.8.4.0        MD5: [ac1481e30e75034928f50923c42a530d]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                            File Size: 235882    BYTES FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                              File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
firefox.exe                              File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
firefox.pif                              File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
firefox.scr                              File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
iexplore.exe                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
mbam-chameleon.com                       File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
mbam-chameleon.exe                       File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
mbam-chameleon.pif                       File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
mbam-chameleon.scr                       File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
mbam-killer.exe                          File Size: 1188664   BYTES FileVersion:  3.0.2.0        MD5: [311251e69b0db0562be1a2d6b556e552]
rundll32.exe                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
svchost.exe                              File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
windows.exe                              File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]
winlogon.exe                             File Size: 761656    BYTES FileVersion:  3.1.7.0        MD5: [c0afb3c7e6c7ca3f6e42ff242bbbcb1f]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
qgif4.dll                                File Size: 32568     BYTES FileVersion:  4.8.4.0        MD5: [ff014ac49ac32e5f1c7d6e271b320893]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_ar.qm                               File Size: 139423    BYTES FileVersion:  N/A            MD5: [9771d098e918204a99fa0068f431e6ba]
lang_bg.qm                               File Size: 147865    BYTES FileVersion:  N/A            MD5: [d250b37179f313e58267f7946e0522d4]
lang_ca.qm                               File Size: 149256    BYTES FileVersion:  N/A            MD5: [0cc2735ee2f231ea5d964c323ca73e08]
lang_cs.qm                               File Size: 142601    BYTES FileVersion:  N/A            MD5: [8426f7126d2851a1e6ca1f1f7e45d2ec]
lang_da.qm                               File Size: 143131    BYTES FileVersion:  N/A            MD5: [6fe13d4a5a44a3390bf9940404eeb6c7]
lang_de.qm                               File Size: 151959    BYTES FileVersion:  N/A            MD5: [9517c7c9865b5641c5c250c84b51a6d1]
lang_el.qm                               File Size: 152327    BYTES FileVersion:  N/A            MD5: [4cd483236d99cf40e9d8cf534bac05e7]
lang_en.qm                               File Size: 137689    BYTES FileVersion:  N/A            MD5: [d34a8afc30bb472c443f7f088513ff04]
lang_es.qm                               File Size: 149211    BYTES FileVersion:  N/A            MD5: [1ee5f6535d02c94812e54e3ed65de6ac]
lang_et.qm                               File Size: 141939    BYTES FileVersion:  N/A            MD5: [f6faee4a33654bb27dcf2f9d4cf955ef]
lang_fi.qm                               File Size: 145730    BYTES FileVersion:  N/A            MD5: [9f4ff431ec70747591ef0e0eaf3ed2cb]
lang_fr.qm                               File Size: 153965    BYTES FileVersion:  N/A            MD5: [8dd69dd62ee617dc3ca4f25ab2c70af8]
lang_he.qm                               File Size: 134117    BYTES FileVersion:  N/A            MD5: [3ad149f1778e6e8f8f89ecfe67a1e62e]
lang_hu.qm                               File Size: 147806    BYTES FileVersion:  N/A            MD5: [7c3ae4dde80fa8759968b218a03a7a73]
lang_id.qm                               File Size: 145710    BYTES FileVersion:  N/A            MD5: [c2a0325d9dfb5c5fce7a4832837896e7]
lang_it.qm                               File Size: 148249    BYTES FileVersion:  N/A            MD5: [4766a519a653d8e6f6ad32094a2a059b]
lang_ja.qm                               File Size: 122782    BYTES FileVersion:  N/A            MD5: [339134f906b770b833653682264bdc23]
lang_ko.qm                               File Size: 119240    BYTES FileVersion:  N/A            MD5: [5042df441910dfe9f6a55d3c005b00c7]
lang_lt.qm                               File Size: 146950    BYTES FileVersion:  N/A            MD5: [5c0fca31ff0a6d2b3f6d1722940a2dc6]
lang_lv.qm                               File Size: 146072    BYTES FileVersion:  N/A            MD5: [8623ed6977cd81c0d520f5fd84788d93]
lang_nl.qm                               File Size: 147725    BYTES FileVersion:  N/A            MD5: [1b391d5599be4724018624a27014eb75]
lang_no.qm                               File Size: 144153    BYTES FileVersion:  N/A            MD5: [2d53348f8e74f26f065e0c83e8fff7fe]
lang_pl.qm                               File Size: 147483    BYTES FileVersion:  N/A            MD5: [ce39bae20f8a2b42f93f2f5a5c6dd63e]
lang_pt_BR.qm                            File Size: 146906    BYTES FileVersion:  N/A            MD5: [b337c75fa23ba36176719d54c0269560]
lang_pt_PT.qm                            File Size: 144956    BYTES FileVersion:  N/A            MD5: [b41016907930a96a11aadb348fd9a1b6]
lang_ro.qm                               File Size: 146821    BYTES FileVersion:  N/A            MD5: [69c447559268a873808d5ae48b425ad9]
lang_ru.qm                               File Size: 148179    BYTES FileVersion:  N/A            MD5: [51d4d0c155de54f24b09be7040a7ff15]
lang_sk.qm                               File Size: 144330    BYTES FileVersion:  N/A            MD5: [3a00a97315c24e6820f8939920ef14b4]
lang_sl.qm                               File Size: 144582    BYTES FileVersion:  N/A            MD5: [47db99ccdd98936e6a38957321c71317]
lang_sv.qm                               File Size: 145435    BYTES FileVersion:  N/A            MD5: [a2b33c0364aad3e9d7daafdd4f286ee1]
lang_th.qm                               File Size: 137957    BYTES FileVersion:  N/A            MD5: [6a24ece552172d805cd428853255d294]
lang_tr.qm                               File Size: 144262    BYTES FileVersion:  N/A            MD5: [18b7fec7611c038780ee77044e523f70]
lang_vi.qm                               File Size: 144480    BYTES FileVersion:  N/A            MD5: [708062759498e791186bbe64b7246d0c]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                            File Size: 821560    BYTES FileVersion:  1.1.0.1010     MD5: [0d7dd0e7f98a4f414fed44af0b50128b]

C:\Users\Gary\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                              File Size: 314       BYTES FileVersion:  N/A            MD5: [b26a36c0696e299fdfebe180c09c2737]
cleanup.old                              File Size: 1829176   BYTES FileVersion:  1.1.20.0       MD5: [a8d4b1d04a5fcd862321ce106da7ce4e]
domains.ref                              File Size: 38        BYTES FileVersion:  N/A            MD5: [8c30b536b67543eb68e68b9640d4d498]
exclusions.dat                           File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref                                  File Size: 33        BYTES FileVersion:  N/A            MD5: [8a1c580788ea8de3f32862c2c1cf373c]
mbamdor.old                              File Size: 54072     BYTES FileVersion:  1.0.1.0        MD5: [842c198bb5fb3a051c34d493f3a7dff4]
rules.ref                                File Size: 10253626  BYTES FileVersion:  N/A            MD5: [5b9b84093d34a2414b355d69dbd8d767]
swissarmy.ref                            File Size: 24132     BYTES FileVersion:  N/A            MD5: [5441d75bac9a39c8dac2c1f691720f26]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                               File Size: 4570      BYTES FileVersion:  N/A            MD5: [1bc53e7363ff6482681d209ce7157942]
database.conf                            File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                          File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 23        BYTES FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                            File Size: 1709      BYTES FileVersion:  N/A            MD5: [d6a60d60b375a875946fc48a001ea3c9]
marketing.conf                           File Size: 1434      BYTES FileVersion:  N/A            MD5: [19533c40d9c9778b2ab423dbcf063d80]
net.conf                                 File Size: 6070      BYTES FileVersion:  N/A            MD5: [18207bcd10f1cb167509897341a8e01c]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                            File Size: 1998      BYTES FileVersion:  N/A            MD5: [1ac1eee06af99b36273bd17dc4d8cef0]
statistics.conf                          File Size: 513       BYTES FileVersion:  N/A            MD5: [cda4e16866335ae30a42955768d57478]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore
build.conf                               File Size: 4155      BYTES FileVersion:  N/A            MD5: [287475cbeda24d01fe8d34660bc35e1c]
database.conf                            File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                          File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 23        BYTES FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                            File Size: 1566      BYTES FileVersion:  N/A            MD5: [29b928c33aec22293649d003ea4ef224]
marketing.conf                           File Size: 1434      BYTES FileVersion:  N/A            MD5: [19533c40d9c9778b2ab423dbcf063d80]
net.conf                                 File Size: 5344      BYTES FileVersion:  N/A            MD5: [973e9c5714cc0c56a7b9c83d876754dd]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                            File Size: 1725      BYTES FileVersion:  N/A            MD5: [06c52d7137dac16e1661f7cf004f2e4d]
statistics.conf                          File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
mbam-log-2014-11-23 (22-21-02).xml       File Size: 8984      BYTES FileVersion:  N/A            MD5: [a158a5a46ec6d953223fe6d27edb7a5d]
protection-log-2014-11-23.xml            File Size: 1038      BYTES FileVersion:  N/A            MD5: [17702c4e5539f44205aa2ba0ab82cde0]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
0152638093.data                          File Size: 737       BYTES FileVersion:  N/A            MD5: [65d89c151c1b340093b454261018b595]
0152638093.quar                          File Size: 1352      BYTES FileVersion:  N/A            MD5: [16b7c13f8968b84dbb4be2f2afb73de7]
0848344118.data                          File Size: 838       BYTES FileVersion:  N/A            MD5: [58665506f4f548d8e1f8ab655f839cf3]
0848344118.quar                          File Size: 1018      BYTES FileVersion:  N/A            MD5: [446c06eeb8e39d1dee7a4fad97431edd]
1852273748.data                          File Size: 804       BYTES FileVersion:  N/A            MD5: [6927fa968fe83255f079580696c22429]
2156789438.data                          File Size: 788       BYTES FileVersion:  N/A            MD5: [cd96879ec712506fa291a35b8312dadd]
2156789438.quar                          File Size: 492       BYTES FileVersion:  N/A            MD5: [89cb86189918400150fd7794a7dd8a13]
2833419398.data                          File Size: 740       BYTES FileVersion:  N/A            MD5: [124e97f8803fb5918217ba4f9e87c499]
2833419398.quar                          File Size: 520       BYTES FileVersion:  N/A            MD5: [c1cdd82a9f0679bb9998e50c70b581e8]
5064661762.data                          File Size: 732       BYTES FileVersion:  N/A            MD5: [22c897a73e9fe4a971c1c9c76b8c46cb]
5064661762.quar                          File Size: 13720     BYTES FileVersion:  N/A            MD5: [f37b0a8e036b1c1d756ffe596196c9e0]
6960572547.data                          File Size: 776       BYTES FileVersion:  N/A            MD5: [0ba119e0889d6ec866a8730c0b29a3fa]
6960572547.quar                          File Size: 468       BYTES FileVersion:  N/A            MD5: [c2490bb8d7ab90002fc20a670f400db0]
7150433084.data                          File Size: 792       BYTES FileVersion:  N/A            MD5: [79361a31a30c762b72b1a9c5e2d9142e]
7701917093.data                          File Size: 814       BYTES FileVersion:  N/A            MD5: [498b12e81afbc7a83deb3a4d448cd278]
8019331107.data                          File Size: 725       BYTES FileVersion:  N/A            MD5: [9ed5421ba70a42abc620afaca53825e2]
8019331107.quar                          File Size: 1264      BYTES FileVersion:  N/A            MD5: [0b4dd4e5e0404b81f3e0e6c68e6f80ad]
8616863299.data                          File Size: 801       BYTES FileVersion:  N/A            MD5: [ca64167f445c041dfc74c4bf6620a03b]
9021354519.data                          File Size: 841       BYTES FileVersion:  N/A            MD5: [51f90dbdf485b8ebb028ee25ab4c7481]
9021354519.quar                          File Size: 744       BYTES FileVersion:  N/A            MD5: [4f2ea745085abfd78004ab19e31464ea]
9945631254.data                          File Size: 728       BYTES FileVersion:  N/A            MD5: [78e0b4737cc59b3b0465aa425ef5bfb1]
9945631254.quar                          File Size: 12184     BYTES FileVersion:  N/A            MD5: [4618cd71858f5fc2284f047985435ebd]

Malware Exclusions:
===================
Unable to access exclusion information: Error code 20001Web Exclusions:
================
Unable to access exclusion information: Error code 20001Quarantined Items:
===================
Unable to access quarantine information: Error code 20001===============================================================
END OF FILE

 

Emisoft Log: (Note: The second quarantined item: Steam Games Hacker, was downloaded a long time ago before the explorer.exe problem occurred)

Emsisoft Emergency Kit - Version 9.0
Quarantine log

 Date Source Event Infection/PUP 
11/24/2014 9:41:23 PM C:\Users\Gary\Downloads\Steam Games Hacker By F!$HEr.rar Moved to quarantine Gen:Variant.Kazy.189506 ( B) 1 
11/24/2014 9:41:23 PM C:\$Recycle.Bin\S-1-5-21-32726005-4140103562-797216495-1001\$RSQF330.exe Moved to quarantine Gen:Variant.Adware.Strictor.68509 ( B) 2 

 

 

I apologize for the very long reply. I'm very new to the forums and don't know how to simply attach the files.


Edited by Cyrax, 24 November 2014 - 09:45 PM.


#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:56 PM

Posted 25 November 2014 - 11:24 AM

The Emsisoft found a Trojan and quarantined it.

 

How is the computer running now?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 Cyrax

Cyrax
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 25 November 2014 - 04:51 PM

Perfectly fine now! Thanks for your help!



#9 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:56 PM

Posted 25 November 2014 - 04:56 PM

You are welcome.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users