Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Patched3_c.ADTG Unable to remove


  • Please log in to reply
7 replies to this topic

#1 connorap

connorap

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 06 June 2015 - 07:08 AM

Hi all,

 

First time on the forum and im having a bit of a nightmare!

 

AVG keeps flagging up the virus Patched3_c.ADTG and although it says its successfully removed it, it keeps showing its ugly face over and over again!

 

Ive tried to find and remove it but have been unable too. 

 

Ive got a reasonable amount of IT Training, although clearly not enough to cure myself of this! Any help would be greatly appreciated.

 

Cheers in advance,

 

Connor



BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:54 PM

Posted 06 June 2015 - 10:35 AM

Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
malwarerun_zps9abd4ef1.png
 
4)  When the scan is complete the results will be displayed.  Click on Delete All.
 
malwarenew_zps34b58fdc.png
 
5)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the log in your topic.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:54 AM

Posted 06 June 2015 - 11:30 AM

Hello,

You have another thread open on Tech Support Forum here.

I recommend that you only follow one thread as a time, since having multiple helpers working on the same machine will only cause confusion for the helpers and usually result in complicated problems.

That said, which thread do you wish to continue with?

Regards,
Alex

#4 connorap

connorap
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 06 June 2015 - 12:36 PM

Ran MalwareBytes and found and deleted three other Trojans from my recycle bin! But when i restarted the PC AVG again sprang up with the same detection message. I will paste in the log below.

 

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/06/06 17:44:55 +0100</date>
<logfile>mbam-log-2015-06-06 (17-44-53).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.01.6.1022</version>
<malware-database>v2015.06.06.04</malware-database>
<rootkit-database>v2015.06.02.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8.1</osversion>
<arch>x64</arch>
<username>Connor</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>347726</objects>
<time>1444</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>3</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<file><path>C:\$Recycle.Bin\S-1-5-21-1866443748-3894570128-205892043-1001\$RRP8D8J.rar</path><vendor>Hacktool.KMS</vendor><action>success</action><hash>7b01c3f4cac0b97d714cbd94b94ad52b</hash></file>
<file><path>C:\$Recycle.Bin\S-1-5-21-1866443748-3894570128-205892043-1001\$RBO4LQN\KMSpico Setup.exe</path><vendor>Hacktool.KMS</vendor><action>success</action><hash>017b15a24446f343d1ecba97a162d927</hash></file>
<file><path>C:\Users\Connor\Downloads\Win7 Activator  v2.2.2 + WAT Fix.rar</path><vendor>Hacktool.Agent</vendor><action>success</action><hash>c8b4aa0d73171c1ad0b78bf531d005fb</hash></file>
</items>
</mbam-log>


#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:54 PM

Posted 06 June 2015 - 01:15 PM

Please post the entire log.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 connorap

connorap
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 06 June 2015 - 01:32 PM



Please post the entire log.

 

Apologies, here is the full log.

 

mbam-check result log version:     2.1.1.1001
========================================
 
User Account type:                 Administrator
OS:                                Windows 8.1  64 bit Operating System
Current Version and Build:         6.3.9200.0 
Malwarebytes Anti-Malware:         2.1.6.1022
Installed On:                      2015/06/06
Malware Database:                  2015.06.06.05
Rootkit Database:                  2015.06.02.01
Remediation Database:              2015.05.13.01
IP Database:                       0000.00.00.00
Domain Database:                   0000.00.00.00
License:                           Trial
Malware Protection:                4 (The service is running.)
Malicious Website Protection:      4 (The service is running.)
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2015/06/06 19:29:59
Compatibility Flag Settings:
=================================
 
 
 
 
 
Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:
 
MBAM Startup Entries: 
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
 
Malwarebytes Anti-Malware Service and Driver Status:
=======================================================
 
--------------Driver File Info:--------------
C:\WINDOWS\system32\drivers\mbam.sys
File Size:     25816 BYTES FileVersion: 0.1.15.0 MD5: [1e9e32aec3e1eb1b31b8169f33168b56]
C:\WINDOWS\system32\drivers\mwac.sys
File Size:     64216 BYTES FileVersion: 1.0.6.0 MD5: [28b597a61c9ac9b59bc0573d70a62cbf]
C:\WINDOWS\system32\drivers\mbamswissarmy.sys
File Size:    136408 BYTES FileVersion: 0.2.21.0 MD5: [e9cd058c79ea15b4aa93e259fa713b07]
C:\WINDOWS\system32\drivers\mbamchameleon.sys
File Size:    107736 BYTES FileVersion: 1.1.13.0 MD5: [54d70409de6932e9efa117779611e7a9]
 
--------------MBAMProtector:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
--------------MBAMService:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
--------------MBAMScheduler:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMWebAccessControl:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
Required Dependencies:
======================
 
--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
DisplayName                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1001
ErrorControl                  REG_DWORD 1
Group                         REG_SZ NetworkProvider
ImagePath                     REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Start                         REG_DWORD 2
Type                          REG_DWORD 32
Description                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1002
DependOnService               REG_MULTI_SZ RpcSs
WfpLwfs
 
ObjectName                    REG_SZ NT AUTHORITY\LocalService
ServiceSidType                REG_DWORD 3
RequiredPrivileges            REG_MULTI_SZ SeAuditPrivilege
 
FailureActions                REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
ServiceDllUnloadOnStop        REG_DWORD 1
ServiceMain                   REG_SZ BfeServiceMain
ServiceDll                    REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data
 
{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data
 
{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data
 
{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data
 
{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data
 
{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data
 
{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data
 
{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data
 
{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data
 
{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data
 
{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data
 
{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data
 
{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data
 
{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data
 
{89a89b7c-b5ab-4ed6-bf05-d3059281a5c5}REG_BINARY Binary Data
 
{84750a0c-b836-48e3-ab80-104985c857db}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Options
EnablePacketQueue             REG_DWORD 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout
{39a601ca-e62e-4af0-9147-1f1abed2430d}REG_BINARY Binary Data
 
{7e1e0ec6-eb08-46fc-9c5b-24059680de00}REG_BINARY Binary Data
 
{4060ea52-e11a-49f4-9b52-f58b00cc41ef}REG_BINARY Binary Data
 
{acc52d54-5e2d-4379-8910-f7393816aae6}REG_BINARY Binary Data
 
{b082741f-324a-4fa8-ade7-93c97481b025}REG_BINARY Binary Data
 
{eda330a1-4a26-4550-844f-315c68d05fc1}REG_BINARY Binary Data
 
{ab1861a4-9ba7-4a49-819c-d1f3066190cb}REG_BINARY Binary Data
 
{f016cf0e-f210-4947-a17a-8613d0c45acc}REG_BINARY Binary Data
 
{69029c39-dfac-4768-bdc1-dbef041d7228}REG_BINARY Binary Data
 
{58bb3d6b-32bb-4e7d-9087-5f9d1d72152f}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
{be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}REG_BINARY Binary Data
 
{b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY Binary Data
 
{716b48eb-0a35-4a76-92ab-1d987230d288}REG_BINARY Binary Data
 
{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data
 
{91ffecf0-0a9e-4572-95f1-a7111af86967}REG_BINARY Binary Data
 
{f444c576-6e60-4ea2-9faa-80d57ed12cd2}REG_BINARY Binary Data
 
{3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY Binary Data
 
{5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}REG_BINARY Binary Data
 
{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data
 
{b6b2ca61-fb98-4422-adc2-e7cf56b3680c}REG_BINARY Binary Data
 
{8b50e2ec-7cF0-4b71-b42e-5b0536f6cab8}REG_BINARY Binary Data
 
{17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY Binary Data
 
{3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY Binary Data
 
{13bfd422-6f75-4408-8924-9400ec0cb19c}REG_BINARY Binary Data
 
{d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY Binary Data
 
{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data
 
{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data
 
{07a24961-a760-4e80-b263-6d275e1b09cb}REG_BINARY Binary Data
 
{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data
 
{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data
 
{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data
 
{3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY Binary Data
 
{64e55933-15a5-495d-a928-ccca43d44875}REG_BINARY Binary Data
 
{4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY Binary Data
 
{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data
 
{b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY Binary Data
 
{375fb39b-08c6-40f2-bdf2-08fa63f970a2}REG_BINARY Binary Data
 
{4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY Binary Data
 
{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data
 
{0aa7fff8-919f-453c-928c-28a12122ba38}REG_BINARY Binary Data
 
{cbfb56db-3c85-4543-9bc2-76ea28cdd74e}REG_BINARY Binary Data
 
{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data
 
{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data
 
{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data
 
{4d9581d2-aef8-4993-84cd-b986ced80d42}REG_BINARY Binary Data
 
{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data
 
{1165065e-4996-4338-abaf-4b8556b4d431}REG_BINARY Binary Data
 
{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data
 
{567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY Binary Data
 
{70694559-714a-4a38-a0cd-51439e06f1d8}REG_BINARY Binary Data
 
{89a89b7c-b5ab-4ed6-bf05-d3059281a5c5}REG_BINARY Binary Data
 
{84750a0c-b836-48e3-ab80-104985c857db}REG_BINARY Binary Data
 
{e72646bc-7d3f-4c5c-a679-b3716f8c6cc8}REG_BINARY Binary Data
 
{b98b75dc-17c0-4e84-bd4e-2080527ca6a6}REG_BINARY Binary Data
 
{a9bdb705-06d9-4978-ba91-884127762079}REG_BINARY Binary Data
 
{68806cd2-dc1a-4ebf-8d5f-f66f3b5a188e}REG_BINARY Binary Data
 
{c61756ee-5b8a-464c-94e3-7976cf0f0797}REG_BINARY Binary Data
 
{986dd3dd-f49a-4eef-8ce4-2b5e8c9faeea}REG_BINARY Binary Data
 
{9568ff84-e876-47ac-a430-007f7d5510bb}REG_BINARY Binary Data
 
{4ef12e77-6726-45be-b14c-14f704e4324b}REG_BINARY Binary Data
 
{f7b17b5c-512d-45af-bb29-be9afef8268a}REG_BINARY Binary Data
 
{f30dd197-583e-4891-8360-5da90c0e880a}REG_BINARY Binary Data
 
{c692efa4-c1c6-4147-b39e-788b097adb6d}REG_BINARY Binary Data
 
{016a59fe-edfe-4015-9f24-c585a8a17e2e}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data
 
{4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data
 
{1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data
 
{34bb4b10-3ece-4c99-a209-e506533c03c0}REG_BINARY Binary Data
 
{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
{b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data
 
{9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data
 
--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
AttachWhenLoaded              REG_DWORD 1
DisplayName                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
ErrorControl                  REG_DWORD 3
Group                         REG_SZ FSFilter Infrastructure
ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys
Start                         REG_DWORD 0
Tag                           REG_DWORD 1
Type                          REG_DWORD 2
Description                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
 
 
C:\WINDOWS\system32\drivers\fltmgr.sys
File Size: 354112    BYTES FileVersion: 6.3.9600.17326 MD5: [c1fb505a73fa2e9019d32444ab33b75a]
C:\WINDOWS\SysWOW64\mscomctl.ocx
File Size: 1070232   BYTES FileVersion: 6.1.98.39 MD5: [766f501b61c22723536af696a74133d4]
C:\WINDOWS\SysWOW64\olepro32.dll
File Size: 86016     BYTES FileVersion: 6.3.9600.17415 MD5: [afe3ca77ff01edcb79ab3f9e87b7a50b]
 
 
MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced: 
    AutomaticQuarantine:                                       true 
    AutostartProtection:                                       true 
    LimitedMode:                                               false 
    StartSilentMode:                                           false 
    StartupDelay:                                              -15 
ApplicationState: 
    First-Run-After-Installation:                              false 
General: 
    DaysUntilNotifyExpiration:                                 5 
    Language:                                                  en 
    RightClickAccess:                                          false 
    SilentErrors:                                              false 
Logging: 
    ExportLog:                                                 true 
Marketing: 
    LastPostScanMarketingIndex:                                3 
Notification: 
ProtectionTray: 
    DisplayMilliseconds:                                       3000 
ScanHistory: 
    Duration_Complete:                                         731632 
    Duration_Driver:                                           20077 
    Duration_Filesystem:                                       20 
    Duration_Heuristics:                                       670059 
    Duration_Loading:                                          0 
    Duration_MasterBootRecord:                                 1 
    Duration_Memory:                                           40000 
    Duration_PreScan:                                          18750 
    Duration_Registry:                                         14385 
    Duration_Sector:                                           0 
    Duration_Startup:                                          16320 
    ItemCount_Complete:                                        286160 
    ItemCount_Driver:                                          -18386 
    ItemCount_Filesystem:                                      45730 
    ItemCount_Heuristics:                                      13124 
    ItemCount_Loading:                                         0 
    ItemCount_MasterBootRecord:                                0 
    ItemCount_Memory:                                          2797 
    ItemCount_PreScan:                                         18750 
    ItemCount_Registry:                                        658 
    ItemCount_Sector:                                          0 
    ItemCount_Startup:                                         1622 
    LastScanDateEpoch:                                         1433612513641 
    LastScanType:                                              1 (Threat Scan)
Update: 
    LastUpdate:                                                2015-06-06T17:13:56 
    NotifyInstallReady:                                        true 
    NotifyOutdatedDatabase:                                    7 
    ProxyPassword:                                              
    ProxyPort:                                                 0 
    ProxyServer:                                                
    ProxyUsername:                                              
    UseProxy:                                                  false 
    UseProxyAuthentication:                                    false 
--------------Account:--------------
  Account Status:                                              Trial 
  Expiration Time:                                             2015/06/20 16:43:41 
  Activation Time:                                             2015/06/06 17:43:41 
  Trial Used:                                                  true 
--------------Access Policies:--------------
 
Scheduler Queue:
================
 
tasks: 
    319b83a0-a3b9-4e69-844f-f170f27fb0e1:                       
      parameters:                                               
        AutoDelete:                                            false 
        CheckForUpdatesBeforeScanStart:                        true 
        ScanConfig:                                             
          ExitWhenQuarantineCompletes:                         false 
          ExportLog:                                           true 
          FileSystemOption:                                    true 
          Quarantine:                                          Prompt 
          RebootSystemWhenMalwareDetected:                     false 
          ScanArchives:                                        true 
          ScanExtra:                                           true 
          ScanHeuristic:                                       true 
          ScanMemoryObjects:                                   true 
          ScanPUM:                                             2 
          ScanPUP:                                             2 
          ScanRegistry:                                        true 
          ScanRootkits:                                        false 
          ScanSource:                                          1 
          ScanStartup:                                         true 
          ScanTargets:                                          
          ScanType:                                            1 (Threat Scan)
          Silent:                                              true 
        StartTaskFromSystemAccount:                            false 
        TaskType:                                              0 
      triggers:                                                 
        1f44b19a-9353-4f94-b85c-414a14e97156:                   
          dateinterval:                                        1:0:0 
          lastscheduled:                                        
          lasttriggered:                                        
          nextscheduled:                                       Sun, 07 Jun 2015 03:59:04 +0100 
          recovery:                                            23:00:00 
          start:                                               Sun, 07 Jun 2015 03:52:30 +0100 
          timeinterval:                                        00:00:00 
          type:                                                4 
          uuid:                                                1f44b19a-9353-4f94-b85c-414a14e97156 
      type:                                                    scan 
      uuid:                                                    319b83a0-a3b9-4e69-844f-f170f27fb0e1 
    ed55e39f-9a45-4884-b57d-862171e5e390:                       
      parameters:                                               
        TaskType:                                              3 
      triggers:                                                 
        9df4ef48-7ba3-4f5e-9d9b-df88f39448aa:                   
          dateinterval:                                        0:0:0 
          lastscheduled:                                       Sat, 06 Jun 2015 19:18:45.181559 +0100 
          lasttriggered:                                       Sat, 06 Jun 2015 19:18:45.181559 +0100 
          nextscheduled:                                       Sat, 06 Jun 2015 20:05:17.181393 +0100 
          recovery:                                            00:00:00 
          start:                                               Sat, 06 Jun 2015 18:04:58.181393 +0100 
          timeinterval:                                        01:00:00 
          type:                                                3 
          uuid:                                                9df4ef48-7ba3-4f5e-9d9b-df88f39448aa 
      type:                                                    update 
      uuid:                                                    ed55e39f-9a45-4884-b57d-862171e5e390 
 
Pending File Rename Operations: 
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
Pending File Rename Operations: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
PendingFileRenameOperations REG_MULTI_SZ \??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\cleanup.old
 
 
 
MBAMProtector Registry Values:
==============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
Type                          REG_DWORD 2
Start                         REG_DWORD 3
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ \??\C:\WINDOWS\system32\drivers\mbam.sys
Group                         REG_SZ FSFilter Anti-Virus
DependOnService               REG_MULTI_SZ FltMgr
 
WOW64                         REG_DWORD 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
DefaultInstance               REG_SZ MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
Altitude                      REG_SZ 328800
Flags                         REG_DWORD 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters
PassThruFile                  REG_SZ mbampt.exe
ProductPath                   REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware
 
MBAMService Registry Values:
============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
Type                          REG_DWORD 16
Start                         REG_DWORD 2
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
DependOnService               REG_MULTI_SZ MBAMProtector
 
WOW64                         REG_DWORD 1
ObjectName                    REG_SZ LocalSystem
Description                   REG_SZ Malwarebytes Anti-Malware service
DelayedAutostart              REG_DWORD 0
 
MBAMScheduler Registry Values:
==============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler
Type                          REG_DWORD 16
Start                         REG_DWORD 2
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
WOW64                         REG_DWORD 1
ObjectName                    REG_SZ LocalSystem
Description                   REG_SZ Malwarebytes Anti-Malware scheduler
 
Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================
 
--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
TermService Start is set to: 3 (Manual Startup)
 
Proxy Status: No proxy is Set
 
LAN Settings:
=============
 
only 'Automatically detect settings' is selected
 
SystemPartition:
================
 
HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SystemPartition REG_SZ \Device\HarddiskVolume1
 
Balloon Tips Status:
====================
 
Enabled
 
Time Format Settings:
=====================
 
Should be:
h:mm:ss tt
AM 
PM 
:
 
Currently:
REG_SZ HH:mm:ss
REG_SZ AM
REG_SZ PM
REG_SZ :
 
Language and Regional Settings:
===============================
 
ACP: Language is English (United States)
MACCP: Language is English (United States)
OEMCP: 850 Please refer to this link for details: Here 
 
Startup Folders for Error_Expanding_Variables Check:
====================================================
 
All Users Startup Folder Exists.
Current User's Startup Folder Exists.
 
 
Context Menu Entries:
=====================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
List of MBAM Related Directories:
=================================
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll                                   File Size: 920888    BYTES FileVersion:  9.20.0.0       MD5: [3c88cad475b8b4b30b62199e40b2498c]
changes.txt                             File Size: 577       BYTES FileVersion:  N/A            MD5: [58354dbb59bc2955d070559338f970a4]
license.rtf                             File Size: 42936     BYTES FileVersion:  N/A            MD5: [b22cb49aa8d1359b08eb9e4a4e13899b]
master.conf                             File Size: 1258      BYTES FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                 File Size: 602936    BYTES FileVersion:  1.0.35.0       MD5: [296e2ee79be1a6cf197ad38ae3bd58d9]
mbam.exe                                 File Size: 6212920   BYTES FileVersion:  1.0.2.929      MD5: [7e212e742bf06bf678ae35e9c1b74b8f]
mbamcore.dll                             File Size: 1971000   BYTES FileVersion:  1.2.0.0        MD5: [043835a4a31239fe57b891ec960e6075]
mbamdor.exe                             File Size: 54072     BYTES FileVersion:  1.0.1.0        MD5: [b83bd7a2c8c2c03d06859c9c46358de7]
mbamext.dll                             File Size: 310584    BYTES FileVersion:  3.0.6.0        MD5: [2f3e8b9ee709180e01b197929b3dd4eb]
mbampt.exe                               File Size: 39736     BYTES FileVersion:  1.0.0.0        MD5: [416c41110833b3e1c14c7188b71ae70f]
mbamscheduler.exe                       File Size: 1871160   BYTES FileVersion:  3.1.2.0        MD5: [516e29ad03bdf610cc36a95ae692fe42]
mbamservice.exe                         File Size: 1080120   BYTES FileVersion:  3.1.0.0        MD5: [2b983f067aee3f9eb4df5e97f45d21d1]
mbamsrv.dll                             File Size: 3847992   BYTES FileVersion:  1.2.7.0        MD5: [22c7bd320a5c2ae3ae24c529768702f9]
mbamtoast.dll                           File Size: 96568     BYTES FileVersion:  1.70.0.0       MD5: [952fbeccca48dff4814f0a6dc7eff75f]
msvcp100.dll                             File Size: 421688    BYTES FileVersion:  10.0.40219.325 MD5: [83c628fb6b293d61f7bfbbc3d8f88ac9]
msvcr100.dll                             File Size: 774456    BYTES FileVersion:  10.0.40219.325 MD5: [e8115316a914da20529e984f0c52828d]
QtCore4.dll                             File Size: 2582840   BYTES FileVersion:  4.8.5.0        MD5: [f8e05dc5365f07d0337ef56be17b3e04]
QtGui4.dll                               File Size: 8420152   BYTES FileVersion:  4.8.5.0        MD5: [fd1d67dd57309ffe4ae508c14b71b561]
QtNetwork4.dll                           File Size: 909112    BYTES FileVersion:  4.8.5.0        MD5: [d966279de7fa2193eb84cfb859e704a6]
unins000.dat                             File Size: 28292     BYTES FileVersion:  N/A            MD5: [331e685aade2925384ac8eccf093048b]
unins000.exe                             File Size: 718037    BYTES FileVersion:  51.52.0.0      MD5: [d2796ecf50731e696f0c065d24c0827a]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\accessible
qtaccessiblewidgets4.dll                 File Size: 198968    BYTES FileVersion:  4.8.4.0        MD5: [9ba27dab5412b71cb8238740d6619d1d]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                           File Size: 235882    BYTES FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                             File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
firefox.exe                             File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
firefox.pif                             File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
firefox.scr                             File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
iexplore.exe                             File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
mbam-chameleon.com                       File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
mbam-chameleon.exe                       File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
mbam-chameleon.pif                       File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
mbam-chameleon.scr                       File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
mbam-killer.exe                         File Size: 1445176   BYTES FileVersion:  3.0.9.0        MD5: [99345356e450a5a403488280d3520550]
rundll32.exe                             File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
svchost.exe                             File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
windows.exe                             File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
winlogon.exe                             File Size: 878392    BYTES FileVersion:  3.1.16.0       MD5: [4518dd9a09b4fef7db3b13f0ddddd36e]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
qgif4.dll                               File Size: 32568     BYTES FileVersion:  4.8.4.0        MD5: [769d18b10c86186dc31a389979d33c27]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_ar.qm                               File Size: 102066    BYTES FileVersion:  N/A            MD5: [1601bc6ef4bec7d2ab9ba68a7f989a37]
lang_bg.qm                               File Size: 124167    BYTES FileVersion:  N/A            MD5: [1353a08c12f1de3f9daf8d4accf005de]
lang_ca.qm                               File Size: 107459    BYTES FileVersion:  N/A            MD5: [5549692fe8f9e43e0012a088f6a94450]
lang_cs.qm                               File Size: 119884    BYTES FileVersion:  N/A            MD5: [585ff91200e8e356bc713f5ee7dd78a5]
lang_da.qm                               File Size: 102643    BYTES FileVersion:  N/A            MD5: [ef3261171bcaebac883893f374ad4024]
lang_de.qm                               File Size: 130017    BYTES FileVersion:  N/A            MD5: [7558ad2d9a5f23f95bcb9d50f7458250]
lang_el.qm                               File Size: 128427    BYTES FileVersion:  N/A            MD5: [4450767b6eaaa6869ee410d389a5e9ed]
lang_en.qm                               File Size: 100191    BYTES FileVersion:  N/A            MD5: [2b85d8e24659bf96f2c8a666bead54c4]
lang_es.qm                               File Size: 129307    BYTES FileVersion:  N/A            MD5: [74e57ce8c0dc024d7c5fcb068debb3a0]
lang_et.qm                               File Size: 122063    BYTES FileVersion:  N/A            MD5: [ff11420bba00002307e14b288c4ce19f]
lang_fi.qm                               File Size: 103951    BYTES FileVersion:  N/A            MD5: [89d33b2b7175fb7b3924d9864cdf2230]
lang_fr.qm                               File Size: 131783    BYTES FileVersion:  N/A            MD5: [d2b1267fbbb51c39e79f975fbe2182a7]
lang_he.qm                               File Size: 112817    BYTES FileVersion:  N/A            MD5: [a2614d9a5d9aba7817fbae878a92de2c]
lang_hu.qm                               File Size: 123254    BYTES FileVersion:  N/A            MD5: [c64b7919827df30fd55d9e9f40cf87a7]
lang_id.qm                               File Size: 120134    BYTES FileVersion:  N/A            MD5: [dffed4516bf61605021d9e8861c01951]
lang_it.qm                               File Size: 126353    BYTES FileVersion:  N/A            MD5: [4736f333e32d0c8f091ca9afe3fa4e71]
lang_ja.qm                               File Size: 87363     BYTES FileVersion:  N/A            MD5: [d982d5194aaa6e24e7191ee908491f9d]
lang_ko.qm                               File Size: 99039     BYTES FileVersion:  N/A            MD5: [5211e95dd40ea3b4cde5c831490822c9]
lang_lt.qm                               File Size: 105352    BYTES FileVersion:  N/A            MD5: [d610679ecb6929ee3ce82cac8f8d00a1]
lang_lv.qm                               File Size: 105344    BYTES FileVersion:  N/A            MD5: [985309298c683a35571fdb9486708287]
lang_nl.qm                               File Size: 125821    BYTES FileVersion:  N/A            MD5: [018c55baa051080bb012e63cb446b203]
lang_no.qm                               File Size: 120529    BYTES FileVersion:  N/A            MD5: [c2ee34817e0dfed9d5a5a85bc667e73c]
lang_pl.qm                               File Size: 125910    BYTES FileVersion:  N/A            MD5: [56e9a207bf8f4b564fd71e9defa96d4b]
lang_pt_BR.qm                           File Size: 124022    BYTES FileVersion:  N/A            MD5: [46a048872f4091a6a9862a54457c3a2c]
lang_pt_PT.qm                           File Size: 129551    BYTES FileVersion:  N/A            MD5: [99eb0c042faad4ee276f267a870a7abf]
lang_ro.qm                               File Size: 104981    BYTES FileVersion:  N/A            MD5: [0cbdb05b7927831d8331eb14d4638f32]
lang_ru.qm                               File Size: 126972    BYTES FileVersion:  N/A            MD5: [0febf393c35f2f1a3cd914b838da66dc]
lang_sk.qm                               File Size: 103656    BYTES FileVersion:  N/A            MD5: [d3fd5aa90bdae21984139a21058f4d71]
lang_sl.qm                               File Size: 122126    BYTES FileVersion:  N/A            MD5: [59911addc36e105cc55ba2ee31d09b7a]
lang_sv.qm                               File Size: 121593    BYTES FileVersion:  N/A            MD5: [f96d43155d3c98e43d7682983c0a9898]
lang_tr.qm                               File Size: 103127    BYTES FileVersion:  N/A            MD5: [12b05f94c8e397c62f324485e3059b07]
lang_vi.qm                               File Size: 119896    BYTES FileVersion:  N/A            MD5: [651b66fb4a9cfa95b640876670be7a27]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                           File Size: 821560    BYTES FileVersion:  1.1.0.1010     MD5: [796973043d5b665178150dd1cfb41a43]
 
C:\Users\Connor\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                             File Size: 1064      BYTES FileVersion:  N/A            MD5: [82d5c75c4414aca1215937ee1713407b]
cleanup.old                             File Size: 1971000   BYTES FileVersion:  1.2.0.0        MD5: [043835a4a31239fe57b891ec960e6075]
domains.ref                             File Size: 84        BYTES FileVersion:  N/A            MD5: [11061fd93cbfc792dff939fdc202128e]
exclusions.dat                           File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref                                 File Size: 80        BYTES FileVersion:  N/A            MD5: [a5459c6d3de2b4b4b09dfff07e13b2fc]
mbamdor.old                             File Size: 54072     BYTES FileVersion:  1.0.1.0        MD5: [b83bd7a2c8c2c03d06859c9c46358de7]
rules.ref                               File Size: 12353501  BYTES FileVersion:  N/A            MD5: [2aa1474835ffb8f47495eb6ce6d279a7]
swissarmy.ref                           File Size: 25177     BYTES FileVersion:  N/A            MD5: [b84b389d68bc052011e628051e20d340]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                               File Size: 4598      BYTES FileVersion:  N/A            MD5: [0b7e759f73a6fa040cf64987af7dd6b1]
database.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 1087      BYTES FileVersion:  N/A            MD5: [6973b5c54f10977d88c73ae5d2ea97a9]
manifest.conf                           File Size: 1810      BYTES FileVersion:  N/A            MD5: [b927cc07b7b942090d7dcd46e0f3b3e0]
marketing.conf                           File Size: 11163     BYTES FileVersion:  N/A            MD5: [5ae2d2735ac9e32afd2ddbab1d604496]
net.conf                                 File Size: 6895      BYTES FileVersion:  N/A            MD5: [1ad53efbd722589254b33cab0345997c]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 2051      BYTES FileVersion:  N/A            MD5: [5e62656e7fb1e6d3313fa52d5da0bf16]
settings.conf                           File Size: 2050      BYTES FileVersion:  N/A            MD5: [a4746493c1ceb5849eaf8408a14dc7bf]
statistics.conf                         File Size: 513       BYTES FileVersion:  N/A            MD5: [1b72068ecc26c6cf6fc456d979a753b2]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore
build.conf                               File Size: 4182      BYTES FileVersion:  N/A            MD5: [a6f4892a9a602a54ecfc8681294103bb]
database.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 23        BYTES FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                           File Size: 1576      BYTES FileVersion:  N/A            MD5: [af6de7a6ee83d328eb7211c854c57c67]
marketing.conf                           File Size: 11163     BYTES FileVersion:  N/A            MD5: [5ae2d2735ac9e32afd2ddbab1d604496]
net.conf                                 File Size: 6085      BYTES FileVersion:  N/A            MD5: [2e9986b0f3babad30e41fd2468197e94]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                           File Size: 1725      BYTES FileVersion:  N/A            MD5: [5454026126dac24f6e96eeb0c64123d3]
statistics.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
mbam-log-2015-06-06 (17-44-53).xml       File Size: 3682      BYTES FileVersion:  N/A            MD5: [6d13667b5082c6ee1e0a5649d261322c]
mbam-log-2015-06-06 (18-13-48).xml       File Size: 2474      BYTES FileVersion:  N/A            MD5: [9df19840ad6823d43fedce98c720fa12]
mbam-log-2015-06-06 (18-41-51).xml       File Size: 2472      BYTES FileVersion:  N/A            MD5: [55b295ce2023d31f40f3071d14a20e8d]
protection-log-2015-06-06.xml           File Size: 8148      BYTES FileVersion:  N/A            MD5: [9ed26f3e2ecaa194ea2c2051963a5fdc]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
4557240054.data                         File Size: 716       BYTES FileVersion:  N/A            MD5: [8a889d6a179be772a863aa4d95426269]
4557240054.quar                         File Size: 1895996   BYTES FileVersion:  N/A            MD5: [0f6d0e0419389566b284e16b9abad7b4]
6294808139.data                         File Size: 740       BYTES FileVersion:  N/A            MD5: [19dcd1d521c3df3b893315e2a9459e44]
6294808139.quar                         File Size: 2961088   BYTES FileVersion:  N/A            MD5: [ba72addce36c7db8514ed3c7eefd06b0]
9099091443.data                         File Size: 726       BYTES FileVersion:  N/A            MD5: [e9276faeca0d44624f8c686e2baa5f4e]
9099091443.quar                         File Size: 2934270   BYTES FileVersion:  N/A            MD5: [8d34cb675685dd3028821e739ad4b61a]
 
Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
Vendor: Hacktool.Agent, Date: 2015/06/06 16:44:55, Type: File, Location: C:\Users\Connor\Downloads\Win7 Activator  v2.2.2 + WAT Fix.rar
Vendor: Hacktool.KMS, Date: 2015/06/06 16:44:55, Type: File, Location: C:\$Recycle.Bin\S-1-5-21-1866443748-3894570128-205892043-1001\$RBO4LQN\KMSpico Setup.exe
Vendor: Hacktool.KMS, Date: 2015/06/06 16:44:55, Type: File, Location: C:\$Recycle.Bin\S-1-5-21-1866443748-3894570128-205892043-1001\$RRP8D8J.rar
===============================================================
END OF FILE


#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:54 PM

Posted 06 June 2015 - 01:58 PM

If you haven't done so already, restart this computer.

 

 
Please run TDSSKiller.
 
Please download TDSSKiller from here and save it to your Desktop.
 
The log for the TDSSKiller can be very long.  If you go to the bottom of the log to where you find Scan finished you will see the results of the scan.  If it shows Detected object count: 0 and Actual detected object count: 0, this means that nothing malicious was found and you will not need to post the log.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
tdss1_zps90132559.png
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
tdsskillermultiple_zps472c18eb.png
 
3.  Click Start Scan and allow the scan process to run.
 
tdss4_zps6792a13c.png
 
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!
 
Click on Continue.
 
tdss5_zps98fc5887.png
 
5.  Click on Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.
 
Note:  The log may be very long.  You may need to break it into parts to post the whole log.
 
==========
 

 
 
Please download and install Emsisoft.
 
1.  When Emsisoft opens click on Update.
 
emsisoft6_zpsace019ac.png
 
2.  Click on Full Scan.
 
emsisoft7_zps9186dacd.png
 
3.  After the scan has completed the results will be displayed.  Make sure there is a check in the box of each item found, then click on Quarantine.
 
emsisoft9_zpsf493a30a.png
 
4.  After the items have been quarantined click on OK.
 
emsisoft10_zpscd89d5de.png
 
5.  After the quarantine has been completed click on Logs.
 
emsisoft11_zps7f976399.png
 
6.  Click on Export and save the log to a location which you will be able to find and open.  Open the log, copy and then paste the log in your topic.
 
emsisoft12_zpsb7365391.png
 
==========
 

Please run AdwCleaner
 
Please download AdwCleaner and install it.
 
When AdwCleaner opens you will see an image like the one below.
 
adwcleaner11_zps48314883.png
 
Click on Scan to start the scan.
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.
 

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 connorap

connorap
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 06 June 2015 - 03:57 PM

Okay so ive ran all three programmes to no avail. 

 

KasperSky - Found nothing so no report log

 

Emisoft - Found two items;

 

Emsisoft Emergency Kit - Version 9.0
Quarantine log
 
Date Source Event Detection
06/06/2015 21:35:34 C:\Program Files\KMSpico\AutoPico.exe Moved to quarantine HackTool.MSIL.KMS (A)
06/06/2015 21:35:33 C:\Program Files\KMSpico\Service_KMS.exe File locked, removal on next reboot HackTool.MSIL.KMS (A)
 
AdwCleaner -
 
# AdwCleaner v4.206 - Logfile created 06/06/2015 at 21:50:35
# Updated 01/06/2015 by Xplode
# Database : 2015-06-05.1 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Connor - CONNORS
# Running from : C:\Users\Connor\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\SecTaskMan
Folder Deleted : C:\ProgramData\{d394bc06-0e22-7b12-d394-4bc060e2f018}
Folder Deleted : C:\Users\Connor\AppData\Local\SecTaskMan
File Deleted : C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v43.0.2357.81
 
 
*************************
 
AdwCleaner[R0].txt - [1307 bytes] - [06/06/2015 21:45:04]
AdwCleaner[R1].txt - [1366 bytes] - [06/06/2015 21:47:47]
AdwCleaner[S0].txt - [1254 bytes] - [06/06/2015 21:50:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1313  bytes] ##########





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users