Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A huge problem from a weird exe. Please help!!


  • Please log in to reply
6 replies to this topic

#1 hanzo99999

hanzo99999

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 05 June 2015 - 11:08 PM

Hi everyone, I really need your help. So yesterday I was trying to download a book online, apparently the exe that i accidently downloaded(which was my fault and mistake), has released a lot of weird application on my download files. I ran bitdefender, and found this: 
 
http://imgur.com/gc0qpBb
 
or here:
 Ill upload more later. But please help!! Its out of my idea. I have no idea how to get rid of it completely. 
 
 
I honestly have no idea how to get rid of it. I can't seem to identify the file folder anyways? And most importantly/ how is it possible that it is constantly sending files over? Its ridiculous. Please help! This is windows 7 and I appreciate if anyone is willing to respond. 
Thanks in advance for those who can help. I appreciate it.

Edit: Moved topic from Windows 7 to the more appropriate forum.~ Animal

BC AdBot (Login to Remove)

 


#2 hanzo99999

hanzo99999
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 06 June 2015 - 02:53 AM

alright Sorry about that ><. I thought this was the place where I can post windows 7 problems. First time here. I apologize.



#3 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:47 PM

Posted 06 June 2015 - 09:58 AM

Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
malwarerun_zps9abd4ef1.png
 
4)  When the scan is complete the results will be displayed.  Click on Delete All.
 
malwarenew_zps34b58fdc.png
 
5)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the log in your topic.
 
 
 

Please run AdwCleaner
 
Please download AdwCleaner and install it.
 
When AdwCleaner opens you will see an image like the one below.
 
adwcleaner11_zps48314883.png
 
Click on Scan to start the scan.
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 hanzo99999

hanzo99999
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 06 June 2015 - 03:17 PM

Got it. I will post the log soon after I finish scanning. I did all of the above, fortunately, for the last 12 hours there hasn't been any quarantined files. Which is a good sign. Just hope that keeps up.



#5 hanzo99999

hanzo99999
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 06 June 2015 - 03:22 PM

Its going through Heuristic Analysis. Will post results soon.



#6 hanzo99999

hanzo99999
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 06 June 2015 - 03:35 PM

Alright lets see here. The blog is as follows:

 

 

***** [ Services ] *****
 
[#] Service Deleted : BrsHelper
[#] Service Deleted : cherimoya
Service Deleted : netfilter64
[#] Service Deleted : qknfd
[#] Service Deleted : shopperz Updater
[#] Service Deleted : SMUpd
[#] Service Deleted : SMUpdd
[#] Service Deleted : PastaLUpdd
[#] Service Deleted : pastaleadsupd
[#] Service Deleted : CoupoonService64
[#] Service Deleted : innfd_1_10_0_14
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\DigiSaver
Folder Deleted : C:\ProgramData\SearchModule
Folder Deleted : C:\ProgramData\WebTect
Folder Deleted : C:\ProgramData\TakeTheCoupon
Folder Deleted : C:\ProgramData\Fun2Save
Folder Deleted : C:\ProgramData\PastaLeadsAgent
Folder Deleted : C:\ProgramData\AAddRemoverUaTube
Folder Deleted : C:\ProgramData\RandeomPrice
Folder Deleted : C:\ProgramData\4dcc8241d3e6cd68
Folder Deleted : C:\ProgramData\{196bcff6-a687-c085-196b-bcff6a683fda}
Folder Deleted : C:\ProgramData\{5f21cc36-3890-5b78-5f21-1cc3638930d8}
Folder Deleted : C:\ProgramData\{6fa664e0-b64a-9aac-6fa6-664e0b649382}
Folder Deleted : C:\ProgramData\{81c36d2b-3aae-fe4a-81c3-36d2b3aab4ac}
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hawker
Folder Deleted : C:\Program Files (x86)\GrabRez
Folder Deleted : C:\Program Files (x86)\TakeTheCoupon
Folder Deleted : C:\Program Files (x86)\Fun2Save
Folder Deleted : C:\Program Files (x86)\AAddRemoverUaTube
Folder Deleted : C:\Program Files (x86)\RandeomPrice
Folder Deleted : C:\Program Files (x86)\RiegularDeaLus
Folder Deleted : C:\Program Files (x86)\MediaViewV1
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DealPly
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\PackageAware
Folder Deleted : C:\Users\Guest\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Hack Station\AppData\Local\BoBrowser
Folder Deleted : C:\Users\Hack Station\AppData\Roaming\Nosibay
Folder Deleted : C:\Users\Hack Station\AppData\Roaming\Store
Folder Deleted : C:\Users\Hack Station\AppData\Roaming\WTools
Folder Deleted : C:\Users\Hack Station\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
Folder Deleted : C:\Users\Ipad Manual\AppData\Local\BreakingNewsAlert
Folder Deleted : C:\Users\Ipad Manual\AppData\Local\BrowserHelper
Folder Deleted : C:\Users\Ipad Manual\AppData\Local\gmsd_us_646
Folder Deleted : C:\Users\Ipad Manual\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Deleted : C:\Users\Nancy\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Nancy\AppData\Local\SmartWeb
Folder Deleted : C:\Users\Nancy\AppData\Local\BreakingNewsAlert
Folder Deleted : C:\Users\Nancy\AppData\Local\WebBar
Folder Deleted : C:\Users\Nancy\AppData\Local\BrowserHelper
Folder Deleted : C:\Users\Nancy\AppData\Local\Crossbrowse
Folder Deleted : C:\Users\Nancy\AppData\Local\gmsd_us_646
Folder Deleted : C:\Users\Nancy\AppData\Local\gmsd_us_657
Folder Deleted : C:\Users\Nancy\AppData\Local\8D7DE861-1433526291-11E1-B017-0A13A937A7A5
Folder Deleted : C:\Users\Nancy\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\Nancy\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Deleted : C:\Users\Nancy\AppData\Roaming\EZDownloader
Folder Deleted : C:\Users\Nancy\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Nancy\AppData\Roaming\ASPackage
Folder Deleted : C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer
Folder Deleted : C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\2niyeqlv.default\Extensions\bQR@N.net
Folder Deleted : C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\2niyeqlv.default\Extensions\Ml3y@ZmS.org
Folder Deleted : C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\2niyeqlv.default\Extensions\SP2iY@hWS.net
Folder Deleted : C:\Users\Ipad Manual\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaejaghnbcjilindpkgmcmdflpgjf
Folder Deleted : C:\Users\Ipad Manual\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bphkilcpnjgeegfnmifeifcmkgjngknk
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bphkilcpnjgeegfnmifeifcmkgjngknk
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkahgkblobiogkkeedfnjkldecloidi
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibpbofogepkkeoockhkfcgngjkimndlp
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilmdgdmjdkojpcchfiegejaihkopkhid
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeiijfgmbaopeehamdhiiepidbpfkcda
File Deleted : C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\papbadoldddalgcjcicnikcfenodpghp
File Deleted : C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ddkahgkblobiogkkeedfnjkldecloidi_0.localstorage
File Deleted : C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ddkahgkblobiogkkeedfnjkldecloidi_0.localstorage-journal
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\netfilter64.sys
File Deleted : C:\Users\Hack Station\AppData\Roaming\Bubble Dock.boostrap.log
File Deleted : C:\Users\Hack Station\AppData\Roaming\Bubble Dock.installation.log
File Deleted : C:\Users\Hack Station\AppData\Roaming\Selection Tools.installation.log
File Deleted : C:\Users\Hack Station\AppData\Roaming\WindApp.boostrap.log
File Deleted : C:\Users\Hack Station\AppData\Roaming\WindApp.installation.log
File Deleted : C:\Users\Nancy\AppData\Roaming\UyrB4oozpylHTalIPBLdY0UK
File Deleted : C:\Users\Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\crossbrowse.lnk
File Deleted : C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\2niyeqlv.default\invalidprefs.js
File Deleted : C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\2niyeqlv.default\searchplugins\WebSearch.xml
File Deleted : C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\2niyeqlv.default\user.js
File Deleted : C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\jebovzzf.default\user.js
File Deleted : C:\Users\Hack Station\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Hack Station\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Users\Hack Station\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : C:\Users\Hack Station\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Deleted : C:\Users\Ipad Manual\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Ipad Manual\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_searchy.easylifeapp.com_0.localstorage
File Deleted : C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_searchy.easylifeapp.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : Crossbrowse
Task Deleted : Dealply
Task Deleted : DealPlyUpdate
Task Deleted : Inst_Rep
Task Deleted : MySearchDial
Task Deleted : Run_Bobby_Browser
Task Deleted : SmartWeb Upgrade Trigger Task
Task Deleted : Smp
Task Deleted : WindApp Update
Task Deleted : Selection Tools Update
Task Deleted : LaunchPreSignup
Task Deleted : amiupdaterExd
Task Deleted : amiupdaterExi
Task Deleted : UyrB4oozpylHTalIPBLdY0UK
Task Deleted : 4b9a9c4f-237f-41ae-b0b0-d5ff9e69d118-1-6
Task Deleted : 4b9a9c4f-237f-41ae-b0b0-d5ff9e69d118-1-7
Task Deleted : 4b9a9c4f-237f-41ae-b0b0-d5ff9e69d118-10_user
Task Deleted : 4b9a9c4f-237f-41ae-b0b0-d5ff9e69d118-3
Task Deleted : 4b9a9c4f-237f-41ae-b0b0-d5ff9e69d118-4
Task Deleted : 4b9a9c4f-237f-41ae-b0b0-d5ff9e69d118-5
Task Deleted : 4b9a9c4f-237f-41ae-b0b0-d5ff9e69d118-5_user
Task Deleted : 4b9a9c4f-237f-41ae-b0b0-d5ff9e69d118-6
Task Deleted : 4b9a9c4f-237f-41ae-b0b0-d5ff9e69d118-7
Task Deleted : 55059c1b-32b4-4a1d-bbb1-d63bed6e71d5-10_user
Task Deleted : 55059c1b-32b4-4a1d-bbb1-d63bed6e71d5-3
Task Deleted : 55059c1b-32b4-4a1d-bbb1-d63bed6e71d5-4
Task Deleted : 55059c1b-32b4-4a1d-bbb1-d63bed6e71d5-5
Task Deleted : 55059c1b-32b4-4a1d-bbb1-d63bed6e71d5-6
Task Deleted : 55059c1b-32b4-4a1d-bbb1-d63bed6e71d5-7
Task Deleted : AVG-Secure-Search-Update_JUNE2013_TB_rmv
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quiknowledge@quiknowledge.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaejaghnbcjilindpkgmcmdflpgjf
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaejaghnbcjilindpkgmcmdflpgjf
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Mediaplayer\Shiminclusionlist\crossbrowse.exe
Key Deleted : HKLM\SOFTWARE\Classes\CRSBRWSHTML
Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\crossbrowse.exe
Key Deleted : HKCU\Software\Classes\PepperZip
Value Deleted : HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [CRSBRWSHTML]
Value Deleted : HKLM\SOFTWARE\Classes\.html\OpenWithProgids [CRSBRWSHTML]
Value Deleted : HKLM\SOFTWARE\RegisteredApplications [Crossbrowse]
Key Deleted : HKLM\SOFTWARE\4a8bec0f-f1d5-a54e-6d44-ddebc447a81d
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CF50C82-4C4B-43E9-B1B2-15CB1BD0C193}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22E9CC7A-04B2-4558-A993-763395274E42}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83C0E288-8FA0-43D3-ACC7-C1E839D85ABC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4A7E5278-786B-4D63-8819-CCEEEC483F19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C4CD5E3A-5EB1-40FD-9F1D-FDAAF8F22235}
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist []
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\CrossBrowser
Key Deleted : HKCU\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Key Deleted : HKCU\Software\Crossbrowse
Key Deleted : HKCU\Software\PastaLeadsAgent
Key Deleted : HKCU\Software\YorkNewCin
Key Deleted : HKCU\Software\HighDefAction
Key Deleted : HKCU\Software\ArenaHD
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\Search Protection
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Clara
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\shopperz
Key Deleted : HKLM\SOFTWARE\Quiknowledge
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\FlashBeat
Key Deleted : HKLM\SOFTWARE\SearchModule
Key Deleted : HKLM\SOFTWARE\Crossbrowse
Key Deleted : HKLM\SOFTWARE\coupoon
Key Deleted : HKLM\SOFTWARE\PastaLeadsAgent
Key Deleted : HKLM\SOFTWARE\YorkNewCin
Key Deleted : HKLM\SOFTWARE\HighDefAction
Key Deleted : HKLM\SOFTWARE\ArenaHD
Key Deleted : HKLM\SOFTWARE\Hawker
Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
Key Deleted : HKU\.DEFAULT\Software\DealPly
Key Deleted : HKU\.DEFAULT\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD55A6D5-24CD-6379-E828-CFEB9F240FE0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53B21E29-3967-C332-57EB-C02631658584}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader
Key Deleted : [x64] HKLM\SOFTWARE\shopperz
Key Deleted : [x64] HKLM\SOFTWARE\FlashBeat
Key Deleted : [x64] HKLM\SOFTWARE\SearchModule
Key Deleted : [x64] HKLM\SOFTWARE\WebBar
Key Deleted : [x64] HKLM\SOFTWARE\coupoon
Key Deleted : [x64] HKLM\SOFTWARE\PastaLeadsAgent
Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContinueToSave
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17801
 
 
-\\ Mozilla Firefox v
 
[2niyeqlv.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://www-searching.com/?site=shyosffdefault&s=F65ztutdksC0001,3e1e9367-2298-44f7-89c4-1f869a1d41e2");
[2niyeqlv.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
[2niyeqlv.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[2niyeqlv.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.goodforsearch.info/?pid=21095&r=2015/04/27&hid=1700950111159867610&lg=EN&cc=US&unqvl=86&l=1&q=");
[2niyeqlv.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
[2niyeqlv.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[2niyeqlv.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
[2niyeqlv.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[2niyeqlv.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www-searching.com/?site=shyosffdefault&s=F65ztutdksC0001,3e1e9367-2298-44f7-89c4-1f869a1d41e2");
[2niyeqlv.default\prefs.js] - Line Deleted : user_pref("extensions.C3bCLgmlmV7eSgoJ.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjCErdU8rdwFrjw8pjY7qHgFra\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\"[...]
[2niyeqlv.default\prefs.js] - Line Deleted : user_pref("extensions.CN78dISJ7fVWPjeh.scode", "(function(){try{if(window.location.href.indexOf(\"rjCErdU8rdwFrjw8pjY7qHgFra\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure.[...]
[2niyeqlv.default\prefs.js] - Line Deleted : user_pref("extensions.TrsoNSJgCQGAoWnC.scode", "(function(){try{if(window.location.href.indexOf(\"rjCErdU8rdwFrjw8pjY7qHgFra\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure.[...]
[2niyeqlv.default\prefs.js] - Line Deleted : user_pref("extensions.WFXE95rqCUtIofVe.scode", "(function(){try{if(window.location.href.indexOf(\"rjCErdU8rdwFrjw8pjY7qHgFra\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure.[...]
[2niyeqlv.default\prefs.js] - Line Deleted : user_pref("extensions.YmBzRhK0lCmyDloe.scode", "(function(){try{if(window.location.href.indexOf(\"rjCErdU8rdwFrjw8pjY7qHgFra\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure.[...]
[2niyeqlv.default\prefs.js] - Line Deleted : user_pref("extensions.aQ3C3VKpYFiJbZGS.scode", "(function(){try{if(window.location.href.indexOf(\"rjCErdU8rdwFrjw8pjY7qHgFra\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure.[...]
[2niyeqlv.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14dc69ff9c76e05c2a105b6a8d7fd0b9");
[2niyeqlv.default\prefs.js] - Line Deleted : user_pref("extensions.fvZliox2dMojudM5.scode", "(function(){try{if(window.location.href.indexOf(\"rjCErdU8rdwFrjw8pjY7qHgFra\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure.[...]
[2niyeqlv.default\prefs.js] - Line Deleted : user_pref("extensions.oj89OKF0Ygdk1jt2.scode", "(function(){try{if(window.location.href.indexOf(\"rjCErdU8rdwFrjw8pjY7qHgFra\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure.[...]
[2niyeqlv.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://websearch.goodforsearch.info/?pid=21095&r=2015/04/27&hid=1700950111159867610&lg=EN&cc=US&unqvl=86&l=1&q=");
[jebovzzf.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.goodforsearch.info/?pid=21095&r=2015/04/27&hid=1700950111159867610&lg=EN&cc=US&unqvl=86");
 
-\\ Google Chrome v
 
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : bphkilcpnjgeegfnmifeifcmkgjngknk
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : bphkilcpnjgeegfnmifeifcmkgjngknk
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : ddkahgkblobiogkkeedfnjkldecloidi
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : ibpbofogepkkeoockhkfcgngjkimndlp
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : ilmdgdmjdkojpcchfiegejaihkopkhid
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : oeiijfgmbaopeehamdhiiepidbpfkcda
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Homepage] : hxxp://searchy.easylifeapp.com/
[C:\Users\Hack Station\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Hack Station\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Hack Station\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : aaaaaejaghnbcjilindpkgmcmdflpgjf
[C:\Users\Hack Station\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Homepage] : hxxp://www.search.ask.com/?gct=hp
[C:\Users\Ipad Manual\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Ipad Manual\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Ipad Manual\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Homepage] : hxxp://www.search.ask.com/?gct=hp
[C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={AF53077D-6DC5-4F08-BDD6-8E023281E771}&mid=ce52c7a0e3d347d0bca9a9cd7a57f316-f3d07ce41eea2c3405b030cac897b4c8d867e6aa&lang=en&ds=ft011&pr=sa&d=2012-08-27%2017:46:06&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
[C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=109935&tt=060612_7_&babsrc=SP_ss&mntrId=5219151500000000000064d4da6c91ca
[C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3197087
[C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_11_ch&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AyC0CzytC0C0AtCyDtCyDtN0D0Tzu0SzztDtBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyCtCtAyBtA0F0DtGtD0CyEtDtG0AtByB0FtG0EtCzytCtGtC0D0Azz0B0ByC0B0AtDzy0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzyCtAyC0Fzz0EtGtDyB0D0DtG0D0DtByCtG0F0CyDtAtGyB0C0EyE0BzzyC0CtCyD0E0F2Q&cr=74943500&ir=
[C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.search.ask.com/web?tpid=ARSSP3-MED&o=APN11429&l=dis&pf=V7&p2=%5EBC8%5EYYYYYY%5EBO%5EUS&gct=&itbv=12.27.0.999&doi=2015-04-21&apn_uid=CC00C5BB-BB09-4E48-96FA-E2DCEE8D4739&apn_ptnrs=%5EBC8&apn_dtid=%5EYYYYYY%5EBO%5EUS&apn_dbr=ff_36.0&psv=&pt=tb&trgb=CR&q={searchTerms}
[C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.goodforsearch.info/?l=1&q={searchTerms}&pid=21095&r=2015/04/27&hid=1700950111159867610&lg=EN&cc=US&unqvl=86
[C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : management","nativeMessaging","searchProvider","startupPages","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":9,"disable_reasons":8192,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["homepage","management","nativeMessaging","searchProvider","startupPages","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13078035249167616","lastpingday":"13078033227363976","location":6,"manifest":{"background":{"scripts":["apnAPI.js","settings/assets.js","settings/redirect.js"]},"chrome_settings_overrides":{"homepage":"hxxp://www.search.ask.com/?gct=hp
 
*************************
 
AdwCleaner[R0].txt - [28112 bytes] - [19/03/2014 18:39:35]
AdwCleaner[R1].txt - [32060 bytes] - [07/06/2015 13:16:32]
AdwCleaner[S0].txt - [24915 bytes] - [19/03/2014 18:41:03]
AdwCleaner[S1].txt - [30765 bytes] - [07/06/2015 13:26:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [30825  bytes] ##########
 
 
 
 
This is the results from the adware cleaner after it deleted the unwanted files and rebooted it.


#7 hanzo99999

hanzo99999
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 06 June 2015 - 03:36 PM

Here is the Malware.exe that you mentioned:

 

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exeREG_SZ RUNASADMIN ELEVATECREATEPROCESS
C:\Program Files (x86)\Red Alert 2 Yuri's Revenge\RA2MD.exeREG_SZ WIN98
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
C:\Program Files (x86)\InstallShield Installation Information\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}\setup.exeREG_SZ WINXPSP2
 
Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:
 
MBAM Startup Entries: 
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
 
Malwarebytes Anti-Malware Service and Driver Status:
=======================================================
 
--------------Driver File Info:--------------
C:\Windows\system32\drivers\mbam.sys
File Size: 25816     BYTES FileVersion: 0.1.15.0 MD5: [1e9e32aec3e1eb1b31b8169f33168b56]
C:\Windows\system32\drivers\mwac.sys
File Size: 63704     BYTES FileVersion: 1.0.6.0 MD5: [f49fb3c88e263ae9a246593b0bb29294]
C:\Windows\system32\drivers\mbamswissarmy.sys
File Size: 136408    BYTES FileVersion: 0.2.21.0 MD5: [e9cd058c79ea15b4aa93e259fa713b07]
C:\Windows\system32\drivers\mbamchameleon.sys
File Size: 107736    BYTES FileVersion: 1.1.13.0 MD5: [54d70409de6932e9efa117779611e7a9]
 
--------------MBAMProtector:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
--------------MBAMService:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
--------------MBAMScheduler:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMWebAccessControl:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
Required Dependencies:
======================
 
--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
DisplayName                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1001
Group                         REG_SZ NetworkProvider
ImagePath                     REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Description                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1002
ObjectName                    REG_SZ NT AUTHORITY\LocalService
ErrorControl                  REG_DWORD 1
Start                         REG_DWORD 2
Type                          REG_DWORD 32
DependOnService               REG_MULTI_SZ RpcSs
 
ServiceSidType                REG_DWORD 3
RequiredPrivileges            REG_MULTI_SZ SeAuditPrivilege
 
FailureActions                REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
ServiceDll                    REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
ServiceDllUnloadOnStop        REG_DWORD 1
ServiceMain                   REG_SZ BfeServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data
 
{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data
 
{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data
 
{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data
 
{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data
 
{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data
 
{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data
 
{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data
 
{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data
 
{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data
 
{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data
 
{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data
 
{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data
 
{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data
 
{9db5e469-b3f9-47cd-89cb-8da4a2b41a36}REG_BINARY Binary Data
 
{6b53db2e-45ed-4aff-939d-031714733d82}REG_BINARY Binary Data
 
{ea19a789-4ee7-4112-869e-9ecb7abe12c1}REG_BINARY Binary Data
 
{98395d45-4563-4372-adf6-e4590a8e998b}REG_BINARY Binary Data
 
{440cc24d-d9dd-4c4a-8985-2662e3e9f58f}REG_BINARY Binary Data
 
{ed6afcce-ffdf-4c25-b8b5-0d0914226613}REG_BINARY Binary Data
 
{8c0b86f2-9252-4475-82b6-feb428802c51}REG_BINARY Binary Data
 
{fcc81bf5-5c83-4f71-843e-b00ee1b9483c}REG_BINARY Binary Data
 
{f94da470-0558-4a08-aeb2-20c327d4d6b6}REG_BINARY Binary Data
 
{4049000f-b01c-4950-a95f-ff0ca619abec}REG_BINARY Binary Data
 
{671a4cc2-a19f-49a7-a5a8-a20c4cc9affe}REG_BINARY Binary Data
 
{57fb7286-f5cc-4af2-9d67-cb4ed258bc11}REG_BINARY Binary Data
 
{e638b86c-ebee-42ae-b6db-2bc3fefb54ba}REG_BINARY Binary Data
 
{3dda1213-65cc-4d07-9f32-c574de510bf6}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout
{a9392630-de6d-4369-bd3f-b8949d318c4b}REG_BINARY Binary Data
 
{7715b875-ba2a-4965-974b-e289d9213ba8}REG_BINARY Binary Data
 
{971fe817-a416-4447-b577-1dd38109858e}REG_BINARY Binary Data
 
{982a0ed3-8535-4b32-8907-63780de8bb88}REG_BINARY Binary Data
 
{49bc316e-22f6-4ebf-ae58-75b3e49ec111}REG_BINARY Binary Data
 
{03288309-b852-4761-8181-d399cff7f23e}REG_BINARY Binary Data
 
{351f5661-b48e-465a-9f2b-c35915e41602}REG_BINARY Binary Data
 
{d83c4ddf-b5b4-44a3-9221-b4da15b2708f}REG_BINARY Binary Data
 
{1f03505a-2c31-4da5-b01e-f6ae6e6acf09}REG_BINARY Binary Data
 
{43c2cb5a-4daa-4461-9a1d-988c81896a4a}REG_BINARY Binary Data
 
{86002faf-e455-4493-a901-375a1045f74f}REG_BINARY Binary Data
 
{ecb859dd-8793-4556-ad85-4c1f8fff61d6}REG_BINARY Binary Data
 
{6ed7b0a9-ff49-4418-89e3-814735afc4ce}REG_BINARY Binary Data
 
{e33fb58c-a13c-4763-b08c-dd3fdd87418a}REG_BINARY Binary Data
 
{beb7d817-855c-4a44-90f5-11f95b2a6519}REG_BINARY Binary Data
 
{c2e7b6d5-4acf-4a81-b2ad-4343823c8d90}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
{b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY Binary Data
 
{d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY Binary Data
 
{8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY Binary Data
 
{4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY Binary Data
 
{3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY Binary Data
 
{17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY Binary Data
 
{567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY Binary Data
 
{4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY Binary Data
 
{3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY Binary Data
 
{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data
 
{f444c576-6e60-4ea2-9faa-80d57ed12cd2}REG_BINARY Binary Data
 
{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data
 
{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data
 
{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data
 
{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data
 
{4d9581d2-aef8-4993-84cd-b986ced80d42}REG_BINARY Binary Data
 
{be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}REG_BINARY Binary Data
 
{716b48eb-0a35-4a76-92ab-1d987230d288}REG_BINARY Binary Data
 
{1165065e-4996-4338-abaf-4b8556b4d431}REG_BINARY Binary Data
 
{07a24961-a760-4e80-b263-6d275e1b09cb}REG_BINARY Binary Data
 
{5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}REG_BINARY Binary Data
 
{b6b2ca61-fb98-4422-adc2-e7cf56b3680c}REG_BINARY Binary Data
 
{0aa7fff8-919f-453c-928c-28a12122ba38}REG_BINARY Binary Data
 
{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data
 
{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data
 
{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data
 
{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data
 
{91ffecf0-0a9e-4572-95f1-a7111af86967}REG_BINARY Binary Data
 
{64e55933-15a5-495d-a928-ccca43d44875}REG_BINARY Binary Data
 
{13bfd422-6f75-4408-8924-9400ec0cb19c}REG_BINARY Binary Data
 
{cbfb56db-3c85-4543-9bc2-76ea28cdd74e}REG_BINARY Binary Data
 
{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data
 
{375fb39b-08c6-40f2-bdf2-08fa63f970a2}REG_BINARY Binary Data
 
{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data
 
{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data
 
{b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY Binary Data
 
{3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY Binary Data
 
{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data
 
{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data
 
{9db5e469-b3f9-47cd-89cb-8da4a2b41a36}REG_BINARY Binary Data
 
{c0ec88f6-8f29-487f-b75f-9ec70244e72c}REG_BINARY Binary Data
 
{6b53db2e-45ed-4aff-939d-031714733d82}REG_BINARY Binary Data
 
{7f3d2317-8fa9-4733-82f1-16e199869978}REG_BINARY Binary Data
 
{ea19a789-4ee7-4112-869e-9ecb7abe12c1}REG_BINARY Binary Data
 
{c681227d-0b6f-4aa1-b3db-d629969608f1}REG_BINARY Binary Data
 
{98395d45-4563-4372-adf6-e4590a8e998b}REG_BINARY Binary Data
 
{308ff412-9eba-44d5-9cea-a9be44cfdb4b}REG_BINARY Binary Data
 
{440cc24d-d9dd-4c4a-8985-2662e3e9f58f}REG_BINARY Binary Data
 
{6f347775-aaec-49f5-8aae-813452bfc3d4}REG_BINARY Binary Data
 
{ed6afcce-ffdf-4c25-b8b5-0d0914226613}REG_BINARY Binary Data
 
{7e96a182-5655-4b32-9abb-53d86f946a27}REG_BINARY Binary Data
 
{8c0b86f2-9252-4475-82b6-feb428802c51}REG_BINARY Binary Data
 
{73402305-c771-421c-9a9e-676e632cd58d}REG_BINARY Binary Data
 
{fcc81bf5-5c83-4f71-843e-b00ee1b9483c}REG_BINARY Binary Data
 
{f7f1e7a9-2a28-4fd8-9257-37b661a77308}REG_BINARY Binary Data
 
{f94da470-0558-4a08-aeb2-20c327d4d6b6}REG_BINARY Binary Data
 
{44a6bed6-4a59-486a-8900-d496fc034712}REG_BINARY Binary Data
 
{4049000f-b01c-4950-a95f-ff0ca619abec}REG_BINARY Binary Data
 
{8fd772d5-328b-4ea3-9671-36427c79d37f}REG_BINARY Binary Data
 
{671a4cc2-a19f-49a7-a5a8-a20c4cc9affe}REG_BINARY Binary Data
 
{cc155c6c-d1f7-4775-b8ee-6ceff2bb16c2}REG_BINARY Binary Data
 
{57fb7286-f5cc-4af2-9d67-cb4ed258bc11}REG_BINARY Binary Data
 
{72513c0a-8dd8-44be-b3dd-a32818022fc5}REG_BINARY Binary Data
 
{e638b86c-ebee-42ae-b6db-2bc3fefb54ba}REG_BINARY Binary Data
 
{3c83dd70-7e3a-43f0-854f-4b770f01a148}REG_BINARY Binary Data
 
{3dda1213-65cc-4d07-9f32-c574de510bf6}REG_BINARY Binary Data
 
{127e6889-bf6e-4394-aab5-d204bcf00dc0}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data
 
{4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data
 
{1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data
 
{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data
 
{d4bd4a0f-7591-4da2-ae67-3aa97c3c34c2}REG_BINARY Binary Data
 
{e5e8c522-9d0e-48dc-b4fd-16789ad052e5}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
{b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data
 
{9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data
 
{ff2e84f6-a3b5-4993-a23c-03f63edf942f}REG_BINARY Binary Data
 
--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
AttachWhenLoaded              REG_DWORD 1
DisplayName                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
Group                         REG_SZ FSFilter Infrastructure
ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys
Description                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
ErrorControl                  REG_DWORD 3
Start                         REG_DWORD 0
Tag                           REG_DWORD 1
Type                          REG_DWORD 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
0                             REG_SZ Root\LEGACY_FLTMGR\0000
Count                         REG_DWORD 1
NextInstance                  REG_DWORD 1
 
 
C:\Windows\system32\drivers\fltmgr.sys
File Size: 289664    BYTES FileVersion: 6.1.7601.17514 MD5: [da6b67270fd9db3697b20fce94950741]
C:\Windows\SysWOW64\comctl32.ocx
File Size: 608448    BYTES FileVersion: 6.0.81.5 MD5: [eb5f811c1f78005b3c147599a0cccf51]
C:\Windows\SysWOW64\mscomctl.ocx
File Size: 1070232   BYTES FileVersion: 6.1.98.39 MD5: [766f501b61c22723536af696a74133d4]
C:\Windows\SysWOW64\olepro32.dll
File Size: 90112     BYTES FileVersion: 6.1.7601.17514 MD5: [703ffd301ab900b047337c5d40fd6f96]
 
 
MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced: 
    AutomaticQuarantine:                                       true 
    AutostartProtection:                                       true 
    LimitedMode:                                               false 
    StartSilentMode:                                           false 
    StartupDelay:                                              -15 
ApplicationState: 
    First-Run-After-Installation:                              false 
General: 
    DaysUntilNotifyExpiration:                                 5 
    Language:                                                  en 
    RightClickAccess:                                          false 
    SilentErrors:                                              false 
Logging: 
    ExportLog:                                                 true 
Notification: 
ProtectionTray: 
    DisplayMilliseconds:                                       3000 
ScanHistory: 
    Duration_Driver:                                           0 
    Duration_Filesystem:                                       1026 
    Duration_Heuristics:                                       6507586 
    Duration_Loading:                                          0 
    Duration_MasterBootRecord:                                 0 
    Duration_Memory:                                           40000 
    Duration_PreScan:                                          56350 
    Duration_Registry:                                         26258 
    Duration_Sector:                                           0 
    Duration_Startup:                                          22574 
    ItemCount_Driver:                                          0 
    ItemCount_Filesystem:                                      78962 
    ItemCount_Heuristics:                                      79023 
    ItemCount_Loading:                                         0 
    ItemCount_MasterBootRecord:                                0 
    ItemCount_Memory:                                          2797 
    ItemCount_PreScan:                                         0 
    ItemCount_Registry:                                        644 
    ItemCount_Sector:                                          0 
    ItemCount_Startup:                                         2100 
    LastScanDateEpoch:                                         1433690650925 
    LastScanType:                                              1 (Threat Scan)
Update: 
    LastUpdate:                                                2015-06-07T16:14:43 
    NotifyInstallReady:                                        true 
    NotifyOutdatedDatabase:                                    7 
    ProxyPassword:                                              
    ProxyPort:                                                 0 
    ProxyServer:                                                
    ProxyUsername:                                              
    UseProxy:                                                  false 
    UseProxyAuthentication:                                    false 
--------------Account:--------------
  Account Status:                                              Trial 
  Expiration Time:                                             2015/06/19 01:09:08 
  Activation Time:                                             2015/06/05 18:09:31 
  Trial Used:                                                  true 
--------------Access Policies:--------------
 
Scheduler Queue:
================
 
tasks: 
    1b0cfdd1-8fac-4dd0-aadc-8fe4fc62f02c:                       
      parameters:                                               
        AutoDelete:                                            false 
        CheckForUpdatesBeforeScanStart:                        true 
        ScanConfig:                                             
          ExitWhenQuarantineCompletes:                         false 
          ExportLog:                                           true 
          FileSystemOption:                                    true 
          Quarantine:                                          Prompt 
          RebootSystemWhenMalwareDetected:                     false 
          ScanArchives:                                        true 
          ScanExtra:                                           true 
          ScanHeuristic:                                       true 
          ScanMemoryObjects:                                   true 
          ScanPUM:                                             2 
          ScanPUP:                                             2 
          ScanRegistry:                                        true 
          ScanRootkits:                                        false 
          ScanSource:                                          1 
          ScanStartup:                                         true 
          ScanTargets:                                          
          ScanType:                                            1 (Threat Scan)
          Silent:                                              true 
        StartTaskFromSystemAccount:                            false 
        TaskType:                                              0 
      triggers:                                                 
        35a01029-e78c-4524-90ed-f6a429c5db94:                   
          dateinterval:                                        1:0:0 
          lastscheduled:                                       Sun, 07 Jun 2015 12:24:07.523001 -0300 
          lasttriggered:                                       Sun, 07 Jun 2015 12:24:07.523001 -0300 
          nextscheduled:                                       Mon, 08 Jun 2015 03:36:02 -0300 
          recovery:                                            23:00:00 
          start:                                               Sat, 06 Jun 2015 03:41:13 -0300 
          timeinterval:                                        00:00:00 
          type:                                                4 
          uuid:                                                35a01029-e78c-4524-90ed-f6a429c5db94 
      type:                                                    scan 
      uuid:                                                    1b0cfdd1-8fac-4dd0-aadc-8fe4fc62f02c 
    b578261e-af8c-4e42-8f64-e35f246e58ce:                       
      parameters:                                               
        ProcessLaunchedFromScheduler:                          true 
        TaskType:                                              3 
      triggers:                                                 
        f9f822d6-aea5-4eee-95c2-c792a54645c7:                   
          dateinterval:                                        0:0:0 
          lastscheduled:                                       Sun, 07 Jun 2015 12:24:07.523001 -0300 
          lasttriggered:                                       Sun, 07 Jun 2015 12:24:07.523001 -0300 
          nextscheduled:                                       Sun, 07 Jun 2015 13:24:28.240985 -0300 
          recovery:                                            00:00:00 
          start:                                               Fri, 05 Jun 2015 18:10:24.240985 -0300 
          timeinterval:                                        01:00:00 
          type:                                                3 
          uuid:                                                f9f822d6-aea5-4eee-95c2-c792a54645c7 
      type:                                                    update 
      uuid:                                                    b578261e-af8c-4e42-8f64-e35f246e58ce 
 
Pending File Rename Operations: 
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
 
MBAMProtector Registry Values:
==============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
Type                          REG_DWORD 2
Start                         REG_DWORD 3
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ \??\C:\Windows\system32\drivers\mbam.sys
Group                         REG_SZ FSFilter Anti-Virus
DependOnService               REG_MULTI_SZ FltMgr
 
WOW64                         REG_DWORD 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
DefaultInstance               REG_SZ MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
Altitude                      REG_SZ 328800
Flags                         REG_DWORD 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters
PassThruFile                  REG_SZ mbampt.exe
ProductPath                   REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum
0                             REG_SZ Root\LEGACY_MBAMPROTECTOR\0000
Count                         REG_DWORD 1
NextInstance                  REG_DWORD 1
 
MBAMService Registry Values:
============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
Type                          REG_DWORD 16
Start                         REG_DWORD 2
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
DependOnService               REG_MULTI_SZ MBAMProtector
 
WOW64                         REG_DWORD 1
ObjectName                    REG_SZ LocalSystem
Description                   REG_SZ Malwarebytes Anti-Malware service
DelayedAutostart              REG_DWORD 0
 
MBAMScheduler Registry Values:
==============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler
Type                          REG_DWORD 16
Start                         REG_DWORD 2
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
WOW64                         REG_DWORD 1
ObjectName                    REG_SZ LocalSystem
Description                   REG_SZ Malwarebytes Anti-Malware scheduler
 
Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================
 
--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
TermService Start is set to: 3 (Manual Startup)
 
Proxy Status: No proxy is Set
 
Proxy Override: 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
ProxyOverride REG_SZ *.local;<local>
 
LAN Settings:
=============
 
No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY
 
SystemPartition:
================
 
HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SystemPartition REG_SZ \Device\HarddiskVolume2
 
Balloon Tips Status:
====================
 
Enabled
 
Time Format Settings:
=====================
 
Should be:
h:mm:ss tt
AM 
PM 
:
 
Currently:
REG_SZ h:mm:ss tt
REG_SZ AM
REG_SZ PM
REG_SZ :
 
Language and Regional Settings:
===============================
 
ACP: Language is English (United States)
MACCP: Language is English (United States)
OEMCP: Language is English (United States)
 
Startup Folders for Error_Expanding_Variables Check:
====================================================
 
All Users Startup Folder Exists.
Current User's Startup Folder Exists.
 
 
Context Menu Entries:
=====================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
List of MBAM Related Directories:
=================================
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll                                   File Size: 920888    BYTES FileVersion:  9.20.0.0       MD5: [3c88cad475b8b4b30b62199e40b2498c]
changes.txt                             File Size: 577       BYTES FileVersion:  N/A            MD5: [58354dbb59bc2955d070559338f970a4]
license.rtf                             File Size: 42936     BYTES FileVersion:  N/A            MD5: [b22cb49aa8d1359b08eb9e4a4e13899b]
master.conf                             File Size: 1258      BYTES FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                 File Size: 602936    BYTES FileVersion:  1.0.35.0       MD5: [296e2ee79be1a6cf197ad38ae3bd58d9]
mbam.exe                                 File Size: 6212920   BYTES FileVersion:  1.0.2.929      MD5: [7e212e742bf06bf678ae35e9c1b74b8f]
mbamcore.dll                             File Size: 1971000   BYTES FileVersion:  1.2.0.0        MD5: [043835a4a31239fe57b891ec960e6075]
mbamdor.exe                             File Size: 54072     BYTES FileVersion:  1.0.1.0        MD5: [b83bd7a2c8c2c03d06859c9c46358de7]
mbamext.dll                             File Size: 310584    BYTES FileVersion:  3.0.6.0        MD5: [2f3e8b9ee709180e01b197929b3dd4eb]
mbampt.exe                               File Size: 39736     BYTES FileVersion:  1.0.0.0        MD5: [416c41110833b3e1c14c7188b71ae70f]
mbamscheduler.exe                       File Size: 1871160   BYTES FileVersion:  3.1.2.0        MD5: [516e29ad03bdf610cc36a95ae692fe42]
mbamservice.exe                         File Size: 1080120   BYTES FileVersion:  3.1.0.0        MD5: [2b983f067aee3f9eb4df5e97f45d21d1]
mbamsrv.dll                             File Size: 3847992   BYTES FileVersion:  1.2.7.0        MD5: [22c7bd320a5c2ae3ae24c529768702f9]
msvcp100.dll                             File Size: 421688    BYTES FileVersion:  10.0.40219.325 MD5: [83c628fb6b293d61f7bfbbc3d8f88ac9]
msvcr100.dll                             File Size: 774456    BYTES FileVersion:  10.0.40219.325 MD5: [e8115316a914da20529e984f0c52828d]
QtCore4.dll                             File Size: 2582840   BYTES FileVersion:  4.8.5.0        MD5: [f8e05dc5365f07d0337ef56be17b3e04]
QtGui4.dll                               File Size: 8420152   BYTES FileVersion:  4.8.5.0        MD5: [fd1d67dd57309ffe4ae508c14b71b561]
QtNetwork4.dll                           File Size: 909112    BYTES FileVersion:  4.8.5.0        MD5: [d966279de7fa2193eb84cfb859e704a6]
unins000.dat                             File Size: 27858     BYTES FileVersion:  N/A            MD5: [997cb1da73b6b5863a600a2a5336ae27]
unins000.exe                             File Size: 718037    BYTES FileVersion:  51.52.0.0      MD5: [d2796ecf50731e696f0c065d24c0827a]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\accessible
qtaccessiblewidgets4.dll                 File Size: 198968    BYTES FileVersion:  4.8.4.0        MD5: [9ba27dab5412b71cb8238740d6619d1d]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                           File Size: 235882    BYTES FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                             File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
firefox.exe                             File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
firefox.pif                             File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
firefox.scr                             File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
iexplore.exe                             File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
mbam-chameleon.com                       File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
mbam-chameleon.exe                       File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
mbam-chameleon.pif                       File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
mbam-chameleon.scr                       File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
mbam-killer.exe                         File Size: 1445176   BYTES FileVersion:  3.0.9.0        MD5: [99345356e450a5a403488280d3520550]
rundll32.exe                             File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
svchost.exe                             File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
windows.exe                             File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
winlogon.exe                             File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
qgif4.dll                               File Size: 32568     BYTES FileVersion:  4.8.4.0        MD5: [769d18b10c86186dc31a389979d33c27]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_ar.qm                               File Size: 102066    BYTES FileVersion:  N/A            MD5: [1601bc6ef4bec7d2ab9ba68a7f989a37]
lang_bg.qm                               File Size: 124167    BYTES FileVersion:  N/A            MD5: [1353a08c12f1de3f9daf8d4accf005de]
lang_ca.qm                               File Size: 107459    BYTES FileVersion:  N/A            MD5: [5549692fe8f9e43e0012a088f6a94450]
lang_cs.qm                               File Size: 119884    BYTES FileVersion:  N/A            MD5: [585ff91200e8e356bc713f5ee7dd78a5]
lang_da.qm                               File Size: 102643    BYTES FileVersion:  N/A            MD5: [ef3261171bcaebac883893f374ad4024]
lang_de.qm                               File Size: 130017    BYTES FileVersion:  N/A            MD5: [7558ad2d9a5f23f95bcb9d50f7458250]
lang_el.qm                               File Size: 128427    BYTES FileVersion:  N/A            MD5: [4450767b6eaaa6869ee410d389a5e9ed]
lang_en.qm                               File Size: 100191    BYTES FileVersion:  N/A            MD5: [2b85d8e24659bf96f2c8a666bead54c4]
lang_es.qm                               File Size: 129307    BYTES FileVersion:  N/A            MD5: [74e57ce8c0dc024d7c5fcb068debb3a0]
lang_et.qm                               File Size: 122063    BYTES FileVersion:  N/A            MD5: [ff11420bba00002307e14b288c4ce19f]
lang_fi.qm                               File Size: 103951    BYTES FileVersion:  N/A            MD5: [89d33b2b7175fb7b3924d9864cdf2230]
lang_fr.qm                               File Size: 131783    BYTES FileVersion:  N/A            MD5: [d2b1267fbbb51c39e79f975fbe2182a7]
lang_he.qm                               File Size: 112817    BYTES FileVersion:  N/A            MD5: [a2614d9a5d9aba7817fbae878a92de2c]
lang_hu.qm                               File Size: 123254    BYTES FileVersion:  N/A            MD5: [c64b7919827df30fd55d9e9f40cf87a7]
lang_id.qm                               File Size: 120134    BYTES FileVersion:  N/A            MD5: [dffed4516bf61605021d9e8861c01951]
lang_it.qm                               File Size: 126353    BYTES FileVersion:  N/A            MD5: [4736f333e32d0c8f091ca9afe3fa4e71]
lang_ja.qm                               File Size: 87363     BYTES FileVersion:  N/A            MD5: [d982d5194aaa6e24e7191ee908491f9d]
lang_ko.qm                               File Size: 99039     BYTES FileVersion:  N/A            MD5: [5211e95dd40ea3b4cde5c831490822c9]
lang_lt.qm                               File Size: 105352    BYTES FileVersion:  N/A            MD5: [d610679ecb6929ee3ce82cac8f8d00a1]
lang_lv.qm                               File Size: 105344    BYTES FileVersion:  N/A            MD5: [985309298c683a35571fdb9486708287]
lang_nl.qm                               File Size: 125821    BYTES FileVersion:  N/A            MD5: [018c55baa051080bb012e63cb446b203]
lang_no.qm                               File Size: 120529    BYTES FileVersion:  N/A            MD5: [c2ee34817e0dfed9d5a5a85bc667e73c]
lang_pl.qm                               File Size: 125910    BYTES FileVersion:  N/A            MD5: [56e9a207bf8f4b564fd71e9defa96d4b]
lang_pt_BR.qm                           File Size: 124022    BYTES FileVersion:  N/A            MD5: [46a048872f4091a6a9862a54457c3a2c]
lang_pt_PT.qm                           File Size: 129551    BYTES FileVersion:  N/A            MD5: [99eb0c042faad4ee276f267a870a7abf]
lang_ro.qm                               File Size: 104981    BYTES FileVersion:  N/A            MD5: [0cbdb05b7927831d8331eb14d4638f32]
lang_ru.qm                               File Size: 126972    BYTES FileVersion:  N/A            MD5: [0febf393c35f2f1a3cd914b838da66dc]
lang_sk.qm                               File Size: 103656    BYTES FileVersion:  N/A            MD5: [d3fd5aa90bdae21984139a21058f4d71]
lang_sl.qm                               File Size: 122126    BYTES FileVersion:  N/A            MD5: [59911addc36e105cc55ba2ee31d09b7a]
lang_sv.qm                               File Size: 121593    BYTES FileVersion:  N/A            MD5: [f96d43155d3c98e43d7682983c0a9898]
lang_tr.qm                               File Size: 103127    BYTES FileVersion:  N/A            MD5: [12b05f94c8e397c62f324485e3059b07]
lang_vi.qm                               File Size: 119896    BYTES FileVersion:  N/A            MD5: [651b66fb4a9cfa95b640876670be7a27]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                           File Size: 821560    BYTES FileVersion:  1.1.0.1010     MD5: [796973043d5b665178150dd1cfb41a43]
 
C:\Users\Nancy\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                             File Size: 1064      BYTES FileVersion:  N/A            MD5: [82d5c75c4414aca1215937ee1713407b]
domains.ref                             File Size: 84        BYTES FileVersion:  N/A            MD5: [11061fd93cbfc792dff939fdc202128e]
exclusions.dat                           File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref                                 File Size: 80        BYTES FileVersion:  N/A            MD5: [a5459c6d3de2b4b4b09dfff07e13b2fc]
rules.ref                               File Size: 12355685  BYTES FileVersion:  N/A            MD5: [946653dc220bedd3f608556a1069f3a5]
S-1-5-21-26751967-809291980-3467015544-1000-0-UsrClass.dat File Size: 4759552   BYTES FileVersion:  N/A            MD5: [b24e19d28c65fe9d496833d6df52ee5b]
S-1-5-21-26751967-809291980-3467015544-1000-0-UsrClass.dat.LOG1 File Size: 6144      BYTES FileVersion:  N/A            MD5: [878ff2f73185e82729bc5ca606cd1363]
S-1-5-21-26751967-809291980-3467015544-1000-0-UsrClass.dat.LOG2 File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
S-1-5-21-26751967-809291980-3467015544-1000-0-UsrClass.dat{86f65d33-0cb3-11e5-930d-78843cb31ae5}.TM.blf File Size: 65536     BYTES FileVersion:  N/A            MD5: [f75d3bfcf954beb1afb34d946338a567]
S-1-5-21-26751967-809291980-3467015544-1000-0-UsrClass.dat{86f65d33-0cb3-11e5-930d-78843cb31ae5}.TMContainer00000000000000000001.regtrans-ms File Size: 524288    BYTES FileVersion:  N/A            MD5: [ff51282cbf708997ee0ab358176d2b3e]
S-1-5-21-26751967-809291980-3467015544-1000-0-UsrClass.dat{86f65d33-0cb3-11e5-930d-78843cb31ae5}.TMContainer00000000000000000002.regtrans-ms File Size: 524288    BYTES FileVersion:  N/A            MD5: [59071590099d21dd439896592338bf95]
S-1-5-21-26751967-809291980-3467015544-1005-0-UsrClass.dat File Size: 1572864   BYTES FileVersion:  N/A            MD5: [95b6aad76902930f7b6b6b41d6235dae]
S-1-5-21-26751967-809291980-3467015544-1005-0-UsrClass.dat.LOG1 File Size: 5120      BYTES FileVersion:  N/A            MD5: [be01cd58f7e4e0b932c50be25ee67e0f]
S-1-5-21-26751967-809291980-3467015544-1005-0-UsrClass.dat.LOG2 File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
S-1-5-21-26751967-809291980-3467015544-1005-0-UsrClass.dat{6d5a5cf1-6b36-11e4-9e80-78843cb31ae5}.TM.blf File Size: 65536     BYTES FileVersion:  N/A            MD5: [6e7cac17b188e5db99858cfd8f715203]
S-1-5-21-26751967-809291980-3467015544-1005-0-UsrClass.dat{6d5a5cf1-6b36-11e4-9e80-78843cb31ae5}.TMContainer00000000000000000001.regtrans-ms File Size: 524288    BYTES FileVersion:  N/A            MD5: [eab2293dcd1d6069abaa3127db98e79d]
S-1-5-21-26751967-809291980-3467015544-1005-0-UsrClass.dat{6d5a5cf1-6b36-11e4-9e80-78843cb31ae5}.TMContainer00000000000000000002.regtrans-ms File Size: 524288    BYTES FileVersion:  N/A            MD5: [59071590099d21dd439896592338bf95]
S-1-5-21-26751967-809291980-3467015544-1006-0-UsrClass.dat File Size: 786432    BYTES FileVersion:  N/A            MD5: [49c271240cf24503a8b75b149bbdbece]
S-1-5-21-26751967-809291980-3467015544-1006-0-UsrClass.dat.LOG1 File Size: 5120      BYTES FileVersion:  N/A            MD5: [689bad49a5d7fba6a11134e6c8319dc6]
S-1-5-21-26751967-809291980-3467015544-1006-0-UsrClass.dat.LOG2 File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
S-1-5-21-26751967-809291980-3467015544-1006-0-UsrClass.dat{c516e516-0ae7-11e5-9dc2-78843cb31ae5}.TM.blf File Size: 65536     BYTES FileVersion:  N/A            MD5: [ad8f3e257c8978303413015910579fff]
S-1-5-21-26751967-809291980-3467015544-1006-0-UsrClass.dat{c516e516-0ae7-11e5-9dc2-78843cb31ae5}.TMContainer00000000000000000001.regtrans-ms File Size: 524288    BYTES FileVersion:  N/A            MD5: [208928d62a6bc5ea5a8ad26311b9ec2a]
S-1-5-21-26751967-809291980-3467015544-1006-0-UsrClass.dat{c516e516-0ae7-11e5-9dc2-78843cb31ae5}.TMContainer00000000000000000002.regtrans-ms File Size: 524288    BYTES FileVersion:  N/A            MD5: [59071590099d21dd439896592338bf95]
S-1-5-21-26751967-809291980-3467015544-501-0-UsrClass.dat File Size: 1310720   BYTES FileVersion:  N/A            MD5: [fd1878cb0e83bb062568aebdc9fa23e0]
S-1-5-21-26751967-809291980-3467015544-501-0-UsrClass.dat.LOG1 File Size: 5120      BYTES FileVersion:  N/A            MD5: [d891015d85c3da1b04ef111eb08f06af]
S-1-5-21-26751967-809291980-3467015544-501-0-UsrClass.dat.LOG2 File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
S-1-5-21-26751967-809291980-3467015544-501-0-UsrClass.dat{6d5a5cf8-6b36-11e4-9e80-78843cb31ae5}.TM.blf File Size: 65536     BYTES FileVersion:  N/A            MD5: [1587fb2daf0414d9af4accb60c91268e]
S-1-5-21-26751967-809291980-3467015544-501-0-UsrClass.dat{6d5a5cf8-6b36-11e4-9e80-78843cb31ae5}.TMContainer00000000000000000001.regtrans-ms File Size: 524288    BYTES FileVersion:  N/A            MD5: [009102083d0237b8285f1d4ec26fd615]
S-1-5-21-26751967-809291980-3467015544-501-0-UsrClass.dat{6d5a5cf8-6b36-11e4-9e80-78843cb31ae5}.TMContainer00000000000000000002.regtrans-ms File Size: 524288    BYTES FileVersion:  N/A            MD5: [59071590099d21dd439896592338bf95]
swissarmy.ref                           File Size: 25177     BYTES FileVersion:  N/A            MD5: [b84b389d68bc052011e628051e20d340]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                               File Size: 4597      BYTES FileVersion:  N/A            MD5: [bdb9d104bb75377d4eba1668c65b30bb]
database.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 1090      BYTES FileVersion:  N/A            MD5: [6cdcc87a7ffedaf921946f96f0d7e250]
manifest.conf                           File Size: 1810      BYTES FileVersion:  N/A            MD5: [df6d20f74476fb9bb4739f3e8dad2a8a]
marketing.conf                           File Size: 11163     BYTES FileVersion:  N/A            MD5: [5ae2d2735ac9e32afd2ddbab1d604496]
net.conf                                 File Size: 6894      BYTES FileVersion:  N/A            MD5: [270d8ceb56dbb9e29dc70eb87d28b005]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 2164      BYTES FileVersion:  N/A            MD5: [8225781f10a4e201d7cdcdbf96b63151]
settings.conf                           File Size: 1941      BYTES FileVersion:  N/A            MD5: [2b5e38d35dd415cf613ec4d5232703ed]
statistics.conf                         File Size: 513       BYTES FileVersion:  N/A            MD5: [35e60bccc600cd3ec93d84130d9e555d]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore
build.conf                               File Size: 4182      BYTES FileVersion:  N/A            MD5: [a6f4892a9a602a54ecfc8681294103bb]
database.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 23        BYTES FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                           File Size: 1576      BYTES FileVersion:  N/A            MD5: [af6de7a6ee83d328eb7211c854c57c67]
marketing.conf                           File Size: 11163     BYTES FileVersion:  N/A            MD5: [5ae2d2735ac9e32afd2ddbab1d604496]
net.conf                                 File Size: 6085      BYTES FileVersion:  N/A            MD5: [2e9986b0f3babad30e41fd2468197e94]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                           File Size: 1725      BYTES FileVersion:  N/A            MD5: [5454026126dac24f6e96eeb0c64123d3]
statistics.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
protection-log-2015-06-05.xml           File Size: 210100    BYTES FileVersion:  N/A            MD5: [f947db75a1fa159d4f62d24bd6d63145]
protection-log-2015-06-06.xml           File Size: 26186     BYTES FileVersion:  N/A            MD5: [0c3324435ae731d7d015d921724d7b97]
protection-log-2015-06-07.xml           File Size: 5372      BYTES FileVersion:  N/A            MD5: [e3f53720c00f812fb236f9040dd6b5dc]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
5267764468.data                         File Size: 744       BYTES FileVersion:  N/A            MD5: [6f038aee5e696d565dd98089e90e3195]
5267764468.quar                         File Size: 141824    BYTES FileVersion:  N/A            MD5: [a34ec9f55ff75222e2c22f3b61831f35]
9645140375.data                         File Size: 744       BYTES FileVersion:  N/A            MD5: [bca9afe7ffa789dcedb2da2cdcc5f665]
9645140375.quar                         File Size: 169984    BYTES FileVersion:  N/A            MD5: [189c3e66b980ea9427afe0bfb834e2d7]
 
Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
Vendor: PUP.Optional.AudioAds.A, Date: 2015/06/07 04:35:56, Type: File, Location: C:\Users\Hack Station\AppData\Roaming\inminet\forvercu.dll
Vendor: PUP.Optional.AudioAds.A, Date: 2015/06/07 04:35:56, Type: File, Location: C:\Users\Hack Station\AppData\Roaming\inminet\sencolny.dll
===============================================================
END OF FILE





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users