Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Missing dll Pop Up.....


  • Please log in to reply
26 replies to this topic

#1 Blkbird

Blkbird

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 26 December 2015 - 09:03 PM

Old guy but newbie here.

 

Hi to all on the board

I was hoping for some help as I am not very tech savvy

Here is my story

 

Since doing a cleaning of my tablet after getting infected by Malware/Adware.( I used Malwarebytes, ADWCleaner, and HitmanPro.)

 

I keep getting this popup saying

 

<< the module "C:\users\Carm|AppData\Local\Uqnwmedia|UsbMain.dll" failed to load. 

 

Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent DLL files.

 

The specified module could not be found.>>

 

I have done web searches for "Uqnwmedia" and "UsbMain.dll" .  Nothing to be found.

 

Tablet seems to be running just fine

 

I was hoping for some feedback on how to fix this popup or eliminate it

 

TIA.


Edited by hamluis, 30 December 2015 - 03:48 PM.
Moved from Win 8 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Blkbird

Blkbird
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 27 December 2015 - 09:21 AM

No suggestions on how to fix this?????



#3 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:45 AM

Posted 27 December 2015 - 10:37 AM

You need to keep in mind that many of our members are spending the Holiday/s with friends and family.  Post in the forums here may not be a real high priority for them.
 
Please download and install Speccy to provide us with information about your computer.  Clicking on this link will automatically initiate the download. 
 
When Speccy opens you will see a screen similar to the one below.
 
speccy9_zps2d9cdedc.png
 
Click on File which is outlined in red in the screen above, and then click on Publish Snapshot.
 
The following screen will appear, click on Yes.
 
speccy7_zpsfa02105f.png
 
The following screen will appear, click on Copy to Clipboard.
 
speccy3_zps1791b093.png
 
In your next post right click inside the Reply to Topic box, then click on Paste.  This will load a link to the Speccy log.
 
 

Please download MiniToolBox to your desktop.
 
Right-click on MiniToolBox.exe and select Run as Administrator.
 
You will see an image like the one below.
 
minitoolbox_zps7byuwkla.png
 
Click on the following checkboxes only:
 
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• List Minidump Files
 
Click on Go to start the scan.  Once it is finished highlight the text, then copy it and paste it in your topic.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 Blkbird

Blkbird
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 30 December 2015 - 11:13 AM

thankyou for your assistance.

here below all info per your instructions

http://speccy.piriform.com/results/0o0pEB0qLDZiiVXlyOXd2UV

 

Mini toolbox report:

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Carm (administrator) on 30-12-2015 at 11:11:20
Running from "C:\Users\Carm\Downloads"
Microsoft Windows 8.1 Pro  (X64)
Model: Surface Pro 3 Manufacturer: Microsoft Corporation
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/30/2015 10:53:00 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
 
Error: (12/30/2015 10:38:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: Carmine)
Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2147024321 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/30/2015 10:33:04 AM) (Source: RIM MDNS) (User: )
Description: 644: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (12/30/2015 10:33:04 AM) (Source: RIM MDNS) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (12/30/2015 10:33:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: Carmine)
Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2147024321 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/30/2015 10:32:45 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
 
Error: (12/30/2015 10:32:43 AM) (Source: RIM MDNS) (User: )
Description: 900: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (12/30/2015 10:32:43 AM) (Source: RIM MDNS) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (12/30/2015 10:32:43 AM) (Source: RIM MDNS) (User: )
Description: 868: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (12/30/2015 10:32:43 AM) (Source: RIM MDNS) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
 
System errors:
=============
Error: (12/30/2015 10:38:18 AM) (Source: DCOM) (User: Carmine)
Description: "C:\windows\system32\backgroundTaskHost.exe" -ServerName:App.AppX4325622ft6437f3xfywcfxgbedfvpn0x.mca575App.AppXvwgnrrhcka99admvy9fqan3zpdmgg69a.mcaUnavailableUnavailable
 
Error: (12/30/2015 10:32:57 AM) (Source: DCOM) (User: Carmine)
Description: "C:\windows\system32\backgroundTaskHost.exe" -ServerName:App.AppX4325622ft6437f3xfywcfxgbedfvpn0x.mca575App.AppX2tphb21dp9jkkycchwvscnrxk12cys3z.mcaUnavailableUnavailable
 
Error: (12/30/2015 10:32:43 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (12/29/2015 08:26:35 PM) (Source: DCOM) (User: Carmine)
Description: "C:\windows\system32\backgroundTaskHost.exe" -ServerName:App.AppX4325622ft6437f3xfywcfxgbedfvpn0x.mca575App.AppXvwgnrrhcka99admvy9fqan3zpdmgg69a.mcaUnavailableUnavailable
 
Error: (12/29/2015 08:26:30 PM) (Source: DCOM) (User: Carmine)
Description: "C:\windows\system32\backgroundTaskHost.exe" -ServerName:App.AppX4325622ft6437f3xfywcfxgbedfvpn0x.mca575App.AppX2tphb21dp9jkkycchwvscnrxk12cys3z.mcaUnavailableUnavailable
 
Error: (12/29/2015 08:26:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: System Hardware Update - ‎10/‎26/‎2015.
 
Error: (12/29/2015 08:26:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Realtek - Other hardware, Removable Storage - Realtek USB 3.0 Card Reader.
 
Error: (12/29/2015 08:26:15 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (12/28/2015 01:59:38 PM) (Source: DCOM) (User: Carmine)
Description: "C:\windows\system32\backgroundTaskHost.exe" -ServerName:App.AppX4325622ft6437f3xfywcfxgbedfvpn0x.mca575App.AppX2tphb21dp9jkkycchwvscnrxk12cys3z.mcaUnavailableUnavailable
 
Error: (12/28/2015 01:59:22 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
 
Microsoft Office Sessions:
=========================
Error: (12/30/2015 10:53:00 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
 
Error: (12/30/2015 10:38:23 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: Carmine)
Description: Microsoft.WindowsAlarms_8wekyb3d8bbwe!App-2147024321
 
Error: (12/30/2015 10:33:04 AM) (Source: RIM MDNS)(User: )
Description: 644: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (12/30/2015 10:33:04 AM) (Source: RIM MDNS)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (12/30/2015 10:33:02 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: Carmine)
Description: Microsoft.WindowsAlarms_8wekyb3d8bbwe!App-2147024321
 
Error: (12/30/2015 10:32:45 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
 
Error: (12/30/2015 10:32:43 AM) (Source: RIM MDNS)(User: )
Description: 900: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (12/30/2015 10:32:43 AM) (Source: RIM MDNS)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (12/30/2015 10:32:43 AM) (Source: RIM MDNS)(User: )
Description: 868: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (12/30/2015 10:32:43 AM) (Source: RIM MDNS)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-12-23 16:03:02.233
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-23 16:03:02.108
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-23 16:02:57.678
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-23 16:02:57.522
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-23 16:02:57.397
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-23 16:02:43.243
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-23 16:02:43.111
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-23 16:02:42.986
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
BlackBerry Link (HKLM-x32\...\{15AFC3BA-5D41-4616-AD9A-AE5B6F52CA24}) (Version: 1.2.3.56 - BlackBerry Ltd.) Hidden
BlackBerry Link (HKLM-x32\...\BlackBerry_10_Desktop) (Version: 1.2.3.56 - BlackBerry Ltd.)
Gadwin PrintScreen Professional (HKLM-x32\...\Gadwin PrintScreen Professional) (Version: 4.5 - Gadwin Systems, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.1 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
RegCure Pro (HKLM-x32\...\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}) (Version: 3.1.0.0 - ParetoLogic, Inc.)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 42%
Total physical RAM: 4001.07 MB
Available physical RAM: 2311.56 MB
Total Virtual: 4705.07 MB
Available Virtual: 2765.82 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows) (Fixed) (Total:113.5 GB) (Free:60.74 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\CARMINE
 
Administrator            Carm                     Guest                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
 
**** End of log ****


#5 Blkbird

Blkbird
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 30 December 2015 - 11:19 AM

thankyou in advance for your all your assistance



#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:45 AM

Posted 30 December 2015 - 11:33 AM

Please uninstall RegCure Pro.

 

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:
 
Why you should not use Registry Cleaners and Optimization Tools
 
There are numerous programs which purport to improve system performance, make repairs and tune up a computer. Many of them include such features as a registry cleaner, registry optimizer, disk optimizer, etc. Some of these programs even incorporate optimization and registry cleaning features alongside anti-malware capabilities. These registry cleaners and optimizers claim to speed up your computer by finding and removing orphaned and corrupt registry entries that are responsible for slowing down system performance. There is no statistical evidence to back such claims. Advertisements to do so are borderline scams intended to goad users into using an unnecessary and potential dangerous product.
 
Credit for this goes to Quietman7, one of our Global Moderators.
 
 
Please post the Malwarebytes log.
 

To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the log in your topic.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 Blkbird

Blkbird
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 30 December 2015 - 12:16 PM

Thankyou for your assistance Arachibutyrophobia

 

RegCurePro has been uninstalled.

 

Malwarebytes report

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/30/2015
Scan Time: 12:07 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.30.04
Rootkit Database: v2015.12.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Carm
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325626
Time Elapsed: 6 min, 47 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.MyStart, C:\Users\Carm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.mystart.com_0.localstorage, , [34088526157642f43ab9befa46bc758b], 
PUP.Optional.MyStart, C:\Users\Carm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.mystart.com_0.localstorage-journal, , [50ece9c2dcaf75c12ec5378128da20e0], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#8 Blkbird

Blkbird
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 30 December 2015 - 12:21 PM

Sorry about that.
Here is the report
 
 
Potential issues:
==============================
 
LAN Settings: No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
mbam-check result log version:     2.3.0.0
========================================
 
User Account type:                 Administrator
DomainComputer:                    No
OS:                                Windows 8.1  64 bit Operating System
Current Version and Build:         6.3.9200.0 
Malwarebytes Anti-Malware:         2.2.0.1024
Installed On:                      2015/12/23
Malware Database:                  2015.12.30.04
Rootkit Database:                  2015.12.26.01
Remediation Database:              2015.12.15.02
IP Database:                       2015.12.25.01
Domain Database:                   2015.12.30.05
License:                           Free
Malware Protection:                0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
Malicious Website Protection:      0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMWebAccessControl
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2015/12/30 12:18:04
 
User Information for Local System:
===========================================
User Account: Administrator
Account Level: Admin
User Account: Carm
Account Level: Admin
User Account: Guest
Account Level: Guest
User Account: HomeGroupUser$
Account Level: Guest
Total # of user entries: 4
 
UAC Settings:
===================
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
DWORD 1 Status: ON
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
DWORD 5 Status: ON
 
AntiVirus Information:
===================
AntiVirus Software Installed: "Windows Defender"
AntiVirus Software Installed: "avast! Antivirus"
 
FireWall Information:
===================
3rd Party FireWall Software Installed: "avast! Antivirus"
 
AntiSpyware Information:
===================
AntiSpyware Software Installed: "Windows Defender"
AntiSpyware Software Installed: "avast! Antivirus"
 
Machine Information
===============================================
Machine ID: 41ec91d1323246a253cbeb123b45b59857f5170a
Installation Token: YZxgxnp9SuQ-L_WMtnrU1450913571
System has been up for: 0.562778 Hours
System has been booted within the last hour
Current Date: 2015-Dec-30 17:18:04.876956
Date Booted: 2015-Dec-30 17:18:04.876956
 
Detection and Protection Settings
===============================================
Use Advanced Heuristics Engine (Shuriken):            true
Scan for rootkits:                                    true
Scan within archives:                                 true
PUP (Potentially Unwanted Program) detections:        Treat Detections as Malware
PUM (Potentially Unwanted Modification) detections:   Treat Detections as Malware
 
Compatibility Flag Settings:
=================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
 
 
 
Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:
 
MBAM Startup Entries: 
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
 
Malwarebytes Anti-Malware Service and Driver Status:
=======================================================
 
--------------Driver File Info:--------------
C:\windows\system32\drivers\mbam.sys
File Size:     25816 BYTES FileVersion: 0.1.16.0 MD5: [cfbc6c6d8a492697cabd1d353ee64933]
C:\windows\system32\drivers\mwac.sys
File Size:     64216 BYTES FileVersion: 1.0.6.0 MD5: [08decfcb9ba97786165a69ab1015bc30]
C:\windows\system32\drivers\mbamswissarmy.sys
File Size:    192216 BYTES FileVersion: 0.3.0.4 MD5: [78488af2ab2111d67b3c4044707a519b]
C:\windows\system32\drivers\mbamchameleon.sys
File Size:    109272 BYTES FileVersion: 1.1.21.0 MD5: [42b3f5c9fbc9b3f0e0ba6b5d7fc8e849]
 
--------------MBAMProtector:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMService:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMScheduler:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMWebAccessControl:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControl
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
Required Dependencies:
======================
 
--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
DisplayName                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1001
ErrorControl                  REG_DWORD 1
Group                         REG_SZ NetworkProvider
ImagePath                     REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Start                         REG_DWORD 2
Type                          REG_DWORD 32
Description                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1002
DependOnService               REG_MULTI_SZ RpcSs
WfpLwfs
 
ObjectName                    REG_SZ NT AUTHORITY\LocalService
ServiceSidType                REG_DWORD 3
RequiredPrivileges            REG_MULTI_SZ SeAuditPrivilege
 
FailureActions                REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
ServiceDllUnloadOnStop        REG_DWORD 1
ServiceMain                   REG_SZ BfeServiceMain
ServiceDll                    REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
 
--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
AttachWhenLoaded              REG_DWORD 1
DisplayName                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
ErrorControl                  REG_DWORD 3
Group                         REG_SZ FSFilter Infrastructure
ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys
Start                         REG_DWORD 0
Tag                           REG_DWORD 1
Type                          REG_DWORD 2
Description                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
 
 
C:\windows\system32\drivers\fltmgr.sys
File Size: 354112    BYTES FileVersion: 6.3.9600.17326 MD5: [c1fb505a73fa2e9019d32444ab33b75a]
C:\windows\SysWOW64\olepro32.dll
File Size: 86016     BYTES FileVersion: 6.3.9600.17415 MD5: [afe3ca77ff01edcb79ab3f9e87b7a50b]
 
 
MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced: 
    AutomaticQuarantine:                                       true 
    AutostartProtection:                                       false 
    LimitedMode:                                               false 
    SelfProtection:                                            false 
    StartSilentMode:                                           false 
    StartupDelay:                                              -15 
ApplicationState: 
    First-Run-After-Installation:                              false 
BusinessMessaging: 
    Count:                                                     0 
General: 
    DaysUntilNotifyExpiration:                                 5 
    Language:                                                  en 
    RightClickAccess:                                          false 
    SilentErrors:                                              false 
Logging: 
    ExportLog:                                                 true 
Marketing: 
    LastPostScanMarketingIndex:                                2 
Notification: 
ProtectionTray: 
    DisplayMilliseconds:                                       3000 
ScanHistory: 
    Duration_Complete:                                         19152 
    Duration_Driver:                                           7508 
    Duration_Filesystem:                                       22 
    Duration_Heuristics:                                       331015 
    Duration_Loading:                                          0 
    Duration_MasterBootRecord:                                 1 
    Duration_Memory:                                           40000 
    Duration_PreScan:                                          9711 
    Duration_Registry:                                         14509 
    Duration_Sector:                                           0 
    Duration_Startup:                                          21967 
    ItemCount_Complete:                                        267449 
    ItemCount_Driver:                                          374 
    ItemCount_Filesystem:                                      42798 
    ItemCount_Heuristics:                                      12773 
    ItemCount_Loading:                                         0 
    ItemCount_MasterBootRecord:                                0 
    ItemCount_Memory:                                          2797 
    ItemCount_PreScan:                                         0 
    ItemCount_Registry:                                        658 
    ItemCount_Sector:                                          0 
    ItemCount_Startup:                                         1514 
    LastRemovalRequiredDOR:                                    false 
    LastScanDateEpoch:                                         1451495258357 
    LastScanType:                                              1 (Threat Scan)
    QuarantineCompletedCount:                                  150 
Update: 
    LastUpdate:                                                2015-12-30T17:07:38 
    NotifyInstallReady:                                        true 
    NotifyOutdatedDatabase:                                    7 
    ProxyPassword:                                              
    ProxyPort:                                                 0 
    ProxyServer:                                                
    ProxyUsername:                                              
    UseProxy:                                                  false 
    UseProxyAuthentication:                                    false 
--------------Account:--------------
  Account Status:                                              Free 
  Expiration Time:                                              
  Activation Time:                                              
  Trial Used:                                                  false 
--------------Access Policies:--------------
 
Scheduler Queue:
================
 
tasks: 
    a44c7b30-684f-4fad-b137-57a44bf15db9:                       
      parameters:                                               
        NotifyWhenUpdateCompletes:                             true 
        ProcessLaunchedFromScheduler:                          true 
        TaskType:                                              3 
      triggers:                                                 
        5d50c458-4fd4-4161-a0ff-b9a69589a725:                   
          dateinterval:                                        0:0:0 (Days:Months:Years) 
          lastscheduled:                                       Wed, 30 Dec 2015 11:36:24.077241 -0500 
          lasttriggered:                                       Wed, 23 Dec 2015 18:31:33.091765 -0500 
          nextscheduled:                                       Wed, 30 Dec 2015 12:36:24.077241 -0500 
          recovery:                                            00:00:00 (Hours:Minutes:Seconds) 
          start:                                               Tue, 18 Nov 2014 19:36:24.077241 -0500 
          timeinterval:                                        01:00:00 (Hours:Minutes:Seconds) 
          type:                                                Hourly 
          uuid:                                                5d50c458-4fd4-4161-a0ff-b9a69589a725 
      type:                                                    update 
      uuid:                                                    a44c7b30-684f-4fad-b137-57a44bf15db9 
    f390c484-49ef-4f0f-bec6-b23cd99a78e5:                       
      parameters:                                               
        AutoDelete:                                            false 
        CheckForUpdatesBeforeScanStart:                        true 
        ProcessLaunchedFromScheduler:                          true 
        ScanConfig:                                             
          ExitWhenQuarantineCompletes:                         false 
          ExportLog:                                           true 
          FileSystemOption:                                    true 
          Quarantine:                                          Prompt 
          RebootSystemWhenMalwareDetected:                     false 
          ScanArchives:                                        true 
          ScanExtra:                                           true 
          ScanHeuristic:                                       true 
          ScanMemoryObjects:                                   true 
          ScanPUM:                                             Treat Detections as Malware 
          ScanPUP:                                             Treat Detections as Malware 
          ScanRegistry:                                        true 
          ScanRootkits:                                        false 
          ScanStartup:                                         true 
          ScanTargets:                                          
          ScanType:                                            1 (Threat Scan)
          Silent:                                              true 
        StartTaskFromSystemAccount:                            false 
        TaskType:                                              0 
      triggers:                                                 
        52ec12d8-f7e2-419c-b8ff-c06c43495e28:                   
          dateinterval:                                        1:0:0 (Days:Months:Years) 
          lastscheduled:                                       Wed, 30 Dec 2015 02:09:47 -0500 
          lasttriggered:                                       Wed, 23 Dec 2015 17:07:09.297875 -0500 
          nextscheduled:                                       Thu, 31 Dec 2015 02:09:47 -0500 
          recovery:                                            23:00:00 (Hours:Minutes:Seconds) 
          start:                                               Wed, 19 Nov 2014 02:09:47 -0500 
          timeinterval:                                        00:00:00 (Hours:Minutes:Seconds) 
          type:                                                Daily 
          uuid:                                                52ec12d8-f7e2-419c-b8ff-c06c43495e28 
      type:                                                    scan 
      uuid:                                                    f390c484-49ef-4f0f-bec6-b23cd99a78e5 
 
Pending File Rename Operations: 
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
 
MBAMProtector Registry Values:
==============================
 
 
 
MBAMService Registry Values:
============================
 
 
 
MBAMScheduler Registry Values:
==============================
 
 
 
Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================
 
--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
TermService Start is set to: 3 (Manual Startup)
 
Proxy Status: No proxy is Set
 
LAN Settings:
=============
 
No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY
 
SystemPartition:
================
 
HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SystemPartition REG_SZ \Device\HarddiskVolume2
 
Balloon Tips Status:
====================
 
Enabled
 
Time Format Settings:
=====================
 
Should be:
h:mm:ss tt
AM 
PM 
:
 
Currently:
REG_SZ h:mm:ss tt
REG_SZ AM
REG_SZ PM
REG_SZ :
 
Language and Regional Settings:
===============================
 
ACP: Language is English (United States)
MACCP: Language is English (United States)
OEMCP: Language is English (United States)
 
Startup Folders for Error_Expanding_Variables Check:
====================================================
 
All Users Startup Folder Exists.
Current User's Startup Folder Exists.
 
 
Context Menu Entries:
=====================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
List of MBAM Related Directories:
=================================
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll                                   File Size: 920888    BYTES FileVersion:  9.20.0.0       MD5: [0bce989cf27fdce498305a041d1eba95]
changes.txt                             File Size: 1301      BYTES FileVersion:  N/A            MD5: [b535a0821de0464a9927c996f7e957d8]
cloud-enumeration.dll                   File Size: 286008    BYTES FileVersion:  1.0.1.0        MD5: [9fdabf510e37b06c24aaac53d402633e]
cloud.dll                               File Size: 351544    BYTES FileVersion:  1.0.1.0        MD5: [020f7775a0f0bedfbbc2d87cac34e452]
license.rtf                             File Size: 270257    BYTES FileVersion:  N/A            MD5: [4bac855abf62066aa03591d904a26558]
master.conf                             File Size: 1258      BYTES FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                 File Size: 608568    BYTES FileVersion:  1.0.40.0       MD5: [9f597ef193ba422303888cdd34e33456]
mbam.exe                                 File Size: 9832760   BYTES FileVersion:  2.3.125.0      MD5: [babbbdef9dbb5e012ee5210fcb47c33b]
mbamcore.dll                             File Size: 2126648   BYTES FileVersion:  1.3.24.0       MD5: [9507addeb1f70f4abf50a9835cd2f8cb]
mbamdor.exe                             File Size: 54072     BYTES FileVersion:  1.0.2.0        MD5: [9cee13ddcf207923a1849a8371e714e9]
mbamext.dll                             File Size: 310584    BYTES FileVersion:  3.0.7.0        MD5: [9c96d44764f8b8bdb09e6ad6ad68d494]
mbampt.exe                               File Size: 39736     BYTES FileVersion:  1.0.57.0       MD5: [edd398e736e3efd188dfa86ca4f28527]
mbamresearch.exe                         File Size: 1947960   BYTES FileVersion:  1.1.1.0        MD5: [f4fe7e8cbf51aa07cfb947dbef07e1af]
mbamscheduler.exe                       File Size: 1513784   BYTES FileVersion:  3.1.6.0        MD5: [ab176b9e59c0435499d83047d84edd59]
mbamservice.exe                         File Size: 1135416   BYTES FileVersion:  3.2.19.0       MD5: [40c126cb15fab7d6c66490dca9c1aed2]
mbamsrv.dll                             File Size: 3861816   BYTES FileVersion:  2.1.9.0        MD5: [8853bc829caee0b5c4952e97156c9fc5]
mbamtoast.dll                           File Size: 97080     BYTES FileVersion:  1.70.0.0       MD5: [b7398889823f2ce0116ad31344b43197]
msvcp100.dll                             File Size: 421688    BYTES FileVersion:  10.0.40219.325 MD5: [955743f613f744c184383e09c1d2b16d]
msvcr100.dll                             File Size: 774456    BYTES FileVersion:  10.0.40219.325 MD5: [f7659c545773f2d21f0335f58a7f20cd]
Qt5Core.dll                             File Size: 4645688   BYTES FileVersion:  5.4.1.0        MD5: [0187e57536d48f33acb8d9789c7ff3fc]
Qt5Gui.dll                               File Size: 4639032   BYTES FileVersion:  5.4.1.0        MD5: [8eb68983624868507f33b8da78507f7c]
Qt5Network.dll                           File Size: 672056    BYTES FileVersion:  5.4.1.0        MD5: [21f2b555c0a904232f00c480219a35a8]
Qt5Widgets.dll                           File Size: 4473656   BYTES FileVersion:  5.4.1.0        MD5: [c14017b307fb9a222ce12f7ba6c7a9c8]
unins000.dat                             File Size: 60511     BYTES FileVersion:  N/A            MD5: [fcb9777426119b9699777e26ec7ee3d6]
unins000.exe                             File Size: 720085    BYTES FileVersion:  51.52.0.0      MD5: [f1505d347325c77e3eeef418495e1f57]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                           File Size: 235882    BYTES FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                             File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
firefox.exe                             File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
firefox.pif                             File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
firefox.scr                             File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
iexplore.exe                             File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
mbam-chameleon.com                       File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
mbam-chameleon.exe                       File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
mbam-chameleon.pif                       File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
mbam-chameleon.scr                       File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
mbam-killer.exe                         File Size: 1503544   BYTES FileVersion:  3.0.15.0       MD5: [f604a8e64d02412be1d4b94c6f294b14]
rundll32.exe                             File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
svchost.exe                             File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
windows.exe                             File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
winlogon.exe                             File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
qgif.dll                                 File Size: 28472     BYTES FileVersion:  5.4.1.0        MD5: [98abe94698324f6326781e492e774bd3]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_ar.qm                               File Size: 87404     BYTES FileVersion:  N/A            MD5: [269d3107ca72a75fe154ce4ff718af50]
lang_bg.qm                               File Size: 133911    BYTES FileVersion:  N/A            MD5: [376ad1e4ad206bc32da09b12b564ecc4]
lang_ca.qm                               File Size: 92634     BYTES FileVersion:  N/A            MD5: [2d35f58b0c2db44ad2717f4a4526a085]
lang_cs.qm                               File Size: 105193    BYTES FileVersion:  N/A            MD5: [2c191de828d5e05fd7afa27ee1245023]
lang_da.qm                               File Size: 88039     BYTES FileVersion:  N/A            MD5: [f8a4941d5d388160d252832a77ab584f]
lang_de.qm                               File Size: 139276    BYTES FileVersion:  N/A            MD5: [b55f37281f0fcadfae67aecf0bf4cca5]
lang_el.qm                               File Size: 126897    BYTES FileVersion:  N/A            MD5: [bd671253e071bac626beea63393abcda]
lang_en.qm                               File Size: 3081      BYTES FileVersion:  N/A            MD5: [e2790b3cd9fdd9d3e266e9623fe477af]
lang_es.qm                               File Size: 138468    BYTES FileVersion:  N/A            MD5: [cc4f3aab63d933d5964e2bba62df4277]
lang_et.qm                               File Size: 107794    BYTES FileVersion:  N/A            MD5: [aa4845cd64b20377cea0ebc66eed4a42]
lang_fi.qm                               File Size: 130793    BYTES FileVersion:  N/A            MD5: [00653d1fb2f790817aef991025c176aa]
lang_fr.qm                               File Size: 141996    BYTES FileVersion:  N/A            MD5: [e06db8ef6b826b75ec5859913651ed44]
lang_he.qm                               File Size: 98928     BYTES FileVersion:  N/A            MD5: [2954e902664f2e129f8a8d8238e90552]
lang_hu.qm                               File Size: 132359    BYTES FileVersion:  N/A            MD5: [6bf3b8c78fd393ef2811a19742518b9a]
lang_id.qm                               File Size: 129135    BYTES FileVersion:  N/A            MD5: [6be058072a90897595c6f097a3caa797]
lang_it.qm                               File Size: 134154    BYTES FileVersion:  N/A            MD5: [183990148beec433023688db65a7bf2e]
lang_ja.qm                               File Size: 73762     BYTES FileVersion:  N/A            MD5: [f6bfd643cb92fa760ae6ec64344ee7e1]
lang_ko.qm                               File Size: 85731     BYTES FileVersion:  N/A            MD5: [53b5a94eb309d69993a5bc3cd43a85e4]
lang_lt.qm                               File Size: 90799     BYTES FileVersion:  N/A            MD5: [eecd8edca1fb068ad3bd88aa711bdae2]
lang_lv.qm                               File Size: 90659     BYTES FileVersion:  N/A            MD5: [683950904e725821740217824df440ff]
lang_nl.qm                               File Size: 133514    BYTES FileVersion:  N/A            MD5: [442a6cf7e07e6f676d8b5ae41637549c]
lang_no.qm                               File Size: 129833    BYTES FileVersion:  N/A            MD5: [8949e21e367e5a32ca9f36d8d22c9771]
lang_pl.qm                               File Size: 133827    BYTES FileVersion:  N/A            MD5: [48379f4ac164adfc8d448bf53c8e2df8]
lang_pt_BR.qm                           File Size: 136918    BYTES FileVersion:  N/A            MD5: [b1ea2002cf5362b24ca0a026f448e3f1]
lang_pt_PT.qm                           File Size: 136982    BYTES FileVersion:  N/A            MD5: [5e23b66cb6d8d9894b991cc8f33658af]
lang_ro.qm                               File Size: 90458     BYTES FileVersion:  N/A            MD5: [bcf524020255c4f7a6fdbae8df2bfe81]
lang_ru.qm                               File Size: 137874    BYTES FileVersion:  N/A            MD5: [5e28394fbd12f21301e2b7e1a9dbac94]
lang_sk.qm                               File Size: 131080    BYTES FileVersion:  N/A            MD5: [68e0e95e7131d101188a57e3a413dee5]
lang_sl.qm                               File Size: 107631    BYTES FileVersion:  N/A            MD5: [83755001a3f1bd527d0b4b7a77d0b37d]
lang_sv.qm                               File Size: 129135    BYTES FileVersion:  N/A            MD5: [b3c38242beb63f895fabcc14bbc6807a]
lang_th.qm                               File Size: 137957    BYTES FileVersion:  N/A            MD5: [6a24ece552172d805cd428853255d294]
lang_tr.qm                               File Size: 88838     BYTES FileVersion:  N/A            MD5: [1e4a3c0dcd7074ad4a3971ce67762cda]
lang_vi.qm                               File Size: 133386    BYTES FileVersion:  N/A            MD5: [586de19c023986bf884ad56fc29c8f5e]
lang_zh_TW.qm                           File Size: 87797     BYTES FileVersion:  N/A            MD5: [e120a014cf077bdcbcdcbf98c3438188]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\platforms
qwindows.dll                             File Size: 928568    BYTES FileVersion:  5.4.1.0        MD5: [1dadf33fdeaabb550384beaef851313b]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                           File Size: 822584    BYTES FileVersion:  1.4.0.1001     MD5: [16fd048f3362bf6fd2050ef22b85dba8]
 
C:\Users\Carm\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                             File Size: 3525      BYTES FileVersion:  N/A            MD5: [417faaa01870eeed57f23f92106cb8a2]
akadomains.ref                           File Size: 92        BYTES FileVersion:  N/A            MD5: [73d5774cbd8df165274a0691ae264808]
akaips.ref                               File Size: 92        BYTES FileVersion:  N/A            MD5: [2a6869d1f91f0a0b87b1d27bd30ccc5c]
domains.ref                             File Size: 373089    BYTES FileVersion:  N/A            MD5: [04991e207df3537453eb3f13064e8ebb]
exclusions.dat                           File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref                                 File Size: 114797    BYTES FileVersion:  N/A            MD5: [de7e1460fedeee1445be9ac5b169beec]
mbam-setup.exe                           File Size: 22908888  BYTES FileVersion:  2.2.0.1024     MD5: [49e3825acb348f848d9b841e4d48fd3b]
rules.ref                               File Size: 9125658   BYTES FileVersion:  N/A            MD5: [f81ede2352bbdfde5869b9f6268cc612]
swissarmy.ref                           File Size: 27708     BYTES FileVersion:  N/A            MD5: [d1cc34094147f8d9e39e59b2dd9d7780]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                               File Size: 4594      BYTES FileVersion:  N/A            MD5: [1c0fb4710559d8eb547c69975191c1ed]
database.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 1399      BYTES FileVersion:  N/A            MD5: [16555a81f4a2345132387c803af7e7ae]
manifest.conf                           File Size: 3394      BYTES FileVersion:  N/A            MD5: [03b7aa627575172be630886ea142aeab]
marketing.conf                           File Size: 7196      BYTES FileVersion:  N/A            MD5: [84cf6326badb9d82a1f2c79d4a88ed2a]
net.conf                                 File Size: 7199      BYTES FileVersion:  N/A            MD5: [8d1a450865f80371893243b7c5c50e0b]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 2214      BYTES FileVersion:  N/A            MD5: [8214dd5d605240765907845b0d5a27ef]
settings.conf                           File Size: 2180      BYTES FileVersion:  N/A            MD5: [213cc45bd6357cbc0e41b6d710f82d37]
statistics.conf                         File Size: 597       BYTES FileVersion:  N/A            MD5: [393c7442bec31c89632d18608c07d988]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore
build.conf                               File Size: 4178      BYTES FileVersion:  N/A            MD5: [6759bfb0d20758e828f322cb432d8acb]
database.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 23        BYTES FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                           File Size: 3184      BYTES FileVersion:  N/A            MD5: [f9da45921ee39ca76afc39467ebc8e0a]
marketing.conf                           File Size: 6944      BYTES FileVersion:  N/A            MD5: [c2133abde83f47a94e64d581e20b29cd]
net.conf                                 File Size: 6402      BYTES FileVersion:  N/A            MD5: [859eb83405ed41b02f5a960bfb4ab573]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                           File Size: 1725      BYTES FileVersion:  N/A            MD5: [5454026126dac24f6e96eeb0c64123d3]
statistics.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
mbam-log-2014-11-18 (19-02-14).xml       File Size: 2472      BYTES FileVersion:  N/A            MD5: [917cf7144e655d599ab0a4027c0c030c]
mbam-log-2015-12-23 (17-22-52).xml       File Size: 22128     BYTES FileVersion:  N/A            MD5: [efbb6279bf3bcd5d15f954800e69a547]
mbam-log-2015-12-23 (18-11-21).xml       File Size: 44720     BYTES FileVersion:  N/A            MD5: [fcca92ba3d125c38a6512bf19dfe46c6]
mbam-log-2015-12-23 (18-41-10).xml       File Size: 80766     BYTES FileVersion:  N/A            MD5: [18b8963150ee01387cd22b6eb9603935]
mbam-log-2015-12-30 (12-07-35).xml       File Size: 3598      BYTES FileVersion:  N/A            MD5: [1991e69edf1e4b5285dc80866258bea1]
protection-log-2014-11-18.xml           File Size: 6196      BYTES FileVersion:  N/A            MD5: [0b59bd8d54d77759989569615a749055]
protection-log-2015-12-23.xml           File Size: 113884    BYTES FileVersion:  N/A            MD5: [7eae4a3c74483b5544319e4c5c6e7f1c]
protection-log-2015-12-30.xml           File Size: 2224      BYTES FileVersion:  N/A            MD5: [11df75750fd744d8855319d15909c33e]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
 
Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
===============================================================
END OF FILE


#9 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:45 AM

Posted 31 December 2015 - 01:28 PM

Emsisoft Emergency Kit
 
Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note:  This option is only available if malicious objects were detected during the scan.  If this is the case select Delete selected.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
  •  
    ================
     

    Please run AdwCleaner
     
    Please download AdwCleaner and install it.
     
    When AdwCleaner opens you will see an image like the one below.
     
    adwcleaner11_zps48314883.png
     
    Click on Scan to start the scan.
     
    Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
     
    Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
     
    You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
     
    When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.

    Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

     

     

     

     


    #10 Blkbird

    Blkbird
    • Topic Starter

    • Members
    • 17 posts
    • OFFLINE
    •  
    • Local time:12:45 PM

    Posted 31 December 2015 - 04:44 PM

    # AdwCleaner v5.027 - Logfile created 31/12/2015 at 16:42:12
    # Updated 30/12/2015 by Xplode
    # Database : 2015-12-30.1 [Server]
    # Operating system : Windows 8.1 Pro  (x64)
    # Username : Carm - CARMINE
    # Running from : C:\Users\Carm\Downloads\AdwCleaner.exe
    # Option : Cleaning
     
    ***** [ Services ] *****
     
     
    ***** [ Folders ] *****
     
    [x] Folder Not Deleted : C:\Program Files\kmspico
    [x] Folder Not Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
    [x] Folder Not Deleted : C:\ProgramData\ParetoLogic
    [x] Folder Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kmspico
    [-] Folder Deleted : C:\Users\Carm\AppData\Roaming\ParetoLogic
     
    ***** [ Files ] *****
     
     
    ***** [ DLLs ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Scheduled tasks ] *****
     
    [-] Task Deleted : paretologic registration3
    [-] Task Deleted : paretologic update version3
    [-] Task Deleted : ParetoLogic Update Version3 Startup Task
     
    ***** [ Registry ] *****
     
    [-] Key Deleted : HKLM\SOFTWARE\Classes\uus3url-pl
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0320EF3E-5E37-4431-8920-3D825407C2F0}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D9A45D0-539A-4C3D-A1D7-C5A9967BB736}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{10ECD864-7879-4065-BF35-36422588085E}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0320EF3E-5E37-4431-8920-3D825407C2F0}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D9A45D0-539A-4C3D-A1D7-C5A9967BB736}
    [-] Key Deleted : HKCU\Software\ParetoLogic
    [-] Key Deleted : HKLM\SOFTWARE\ParetoLogic
     
    ***** [ Web browsers ] *****
     
     
    *************************
     
    :: "Tracing" keys removed
    :: Winsock settings cleared
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1730 bytes] ##########


    #11 Blkbird

    Blkbird
    • Topic Starter

    • Members
    • 17 posts
    • OFFLINE
    •  
    • Local time:12:45 PM

    Posted 31 December 2015 - 04:54 PM

    After all this.....the pop up    

     

     the module "C:\users\Carm|AppData\Local\Uqnwmedia|UsbMain.dll" failed to load. 

     

    Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent DLL files.

     

    The specified module could not be found.

     

    still comes up.

    Dang this thing is frustrating.

     

    I suspect the program is no longer present however it must still be in the registry.



    #12 dc3

    dc3

      Bleeping Treehugger


    • Members
    • 30,714 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Sierra Foothills of Northern Ca.
    • Local time:10:45 AM

    Posted 01 January 2016 - 09:25 AM

    Where is the Emsisoft scan log?


    Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

     

     

     

     


    #13 Blkbird

    Blkbird
    • Topic Starter

    • Members
    • 17 posts
    • OFFLINE
    •  
    • Local time:12:45 PM

    Posted 01 January 2016 - 06:14 PM

    sorry about that.

    Here is the Emisoft report

     

    Emsisoft Emergency Kit - Version 10.0
    Last update: 1/1/2016 6:09:15 PM
    User account: Carmine\Carm
     
    Scan settings:
     
    Scan type: Malware Scan
    Objects: Rootkits, Memory, Traces, Files
     
    Detect PUPs: On
    Scan archives: Off
    ADS Scan: On
    File extension filter: Off
    Advanced caching: On
    Direct disk access: Off
     
    Scan start: 1/1/2016 6:09:52 PM
     
    Scanned 74917
    Found 0
     
    Scan end: 1/1/2016 6:10:54 PM
    Scan time: 0:01:02


    #14 dc3

    dc3

      Bleeping Treehugger


    • Members
    • 30,714 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Sierra Foothills of Northern Ca.
    • Local time:10:45 AM

    Posted 02 January 2016 - 08:44 AM

    Please run the ESET OnlineScan
     
    This scan takes quite a long time to run, so be prepared to allow this to run till it is completed.
     
    ***Please note.  If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***
     
    ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

  • Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

     

     

     

     


    #15 Blkbird

    Blkbird
    • Topic Starter

    • Members
    • 17 posts
    • OFFLINE
    •  
    • Local time:12:45 PM

    Posted 02 January 2016 - 12:13 PM

    Thanx Arachibutyrophobia.

    I'll give this a try and get back to you with the report






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users