Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop running slowly and crashing after supposed virus removal.


  • Please log in to reply
5 replies to this topic

#1 Samsungultrabook

Samsungultrabook

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 13 January 2016 - 06:13 AM

Hi recently I had a Google redirect virus (volunteerorg) that prevented me from making Google my default browser as well as giving ads as search results. I couldn't find anything by that name in control panel and it didn't come up when I ran malwarebytes however after i ran malwarebytes it seemed to have disappeared and I could change my default browser back to Google. Now after that and since it has gone, my laptop is running slowly, freezing, crashing and I couldn't get into my profile/account due to an error saying couldn't connect to windows all user install agent. I do not use my laptop as administrator due to malware I had last year that blocked my access to administrator account although I have access to administrator now. I also downloaded reimage which diagnosed my laptop as poor stability saying that the following programmes have crashed: windows explorer, Microsoft register service, software protection platform service, common agent. Exe, .net runtime, atierecord, bsthdandroidsvc, chrome.exe and a few others. What do I do now?

BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,393 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:48 PM

Posted 13 January 2016 - 10:51 AM

Please post the Malwarebytes log in your topic.

 

To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the log in your topic.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 Samsungultrabook

Samsungultrabook
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 13 January 2016 - 12:11 PM

mbam-check result log version:     2.3.0.0
========================================
 
User Account type:                 Limited User
DomainComputer:                    No
OS:                                Windows 8  64 bit Operating System
Current Version and Build:         6.2.9200.0 
Malwarebytes Anti-Malware:         2.2.0.1024
Installed On:                      2016/01/11
Malware Database:                  2016.01.11.03
Rootkit Database:                  2016.01.09.01
Remediation Database:              2016.01.08.01
IP Database:                       2016.01.06.02
Domain Database:                   2016.01.11.02
License:                           Free
Malware Protection:                4 (The service is running.)
Malicious Website Protection:      1 (The service is not running.)
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2016/01/13 19:09:36
 
User Information for Local System:
===========================================
User Account: Administrator
Account Level: Admin
User Account: Evashnee
Account Level: Limited User
User Account: Guest
Account Level: Guest
Total # of user entries: 3
 
UAC Settings:
===================
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
DWORD 1 Status: ON
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
DWORD 5 Status: ON
 
AntiVirus Information:
===================
AntiVirus Software Installed: "Windows Defender"
AntiVirus Software Installed: "avast! Antivirus"
 
FireWall Information:
===================
NO 3rd Party FireWall Software Installed
 
AntiSpyware Information:
===================
AntiSpyware Software Installed: "Windows Defender"
AntiSpyware Software Installed: "avast! Antivirus"
 
Machine Information
===============================================
Machine ID: b0024328b381e304206f429b64dd3d395f65adff
Installation Token: n4xb5gRKPitP8jsBPkQs1452534535
System has been up for: 6.81861 Hours
Current Date: 2016-Jan-13 17:09:38.995560
Date Booted: 2016-Jan-13 11:09:38.995560
 
Detection and Protection Settings
===============================================
Use Advanced Heuristics Engine (Shuriken):            true
Scan for rootkits:                                    false
Scan within archives:                                 true
PUP (Potentially Unwanted Program) detections:        Treat Detections as Malware
PUM (Potentially Unwanted Modification) detections:   Treat Detections as Malware
 
Compatibility Flag Settings:
=================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
C:\ProgramData\DatacardService\DCSHelper.exeREG_SZ $ Win7RTM
C:\ProgramData\DatacardService\HWDeviceService64.exeREG_SZ $ Win7RTM
C:\ProgramData\DatacardService\HWDeviceService.exeREG_SZ $ Win7RTM
C:\ProgramData\DatacardService\DCService.exeREG_SZ $ Win7RTM
C:\Program Files (x86)\MTN Online\AddPbk.exeREG_SZ $ Win7RTM
C:\Program Files (x86)\MTN Online\AutoRun\AutoRunSetup.exeREG_SZ $ Win7RTM
C:\Program Files (x86)\MTN Online\AutoRun\AutoRunUninstall.exeREG_SZ $ Win7RTM
C:\Program Files (x86)\MTN Online\Driver\DriverUninstall.exeREG_SZ $ Win7RTM
C:\Program Files (x86)\MTN Online\Driver\DriverSetup.exeREG_SZ $ Win7RTM
C:\Program Files (x86)\MTN Online\Driver\devsetup32.exeREG_SZ $ Win7RTM
C:\Program Files (x86)\MTN Online\Driver\devsetup64.exeREG_SZ $ Win7RTM
C:\Program Files (x86)\MTN Online\MTN Online.exeREG_SZ $ Win7RTM
C:\Program Files (x86)\MTN Online\UpdateDog\LiveUpd.exeREG_SZ $ Win7RTM
C:\Program Files (x86)\MTN Online\UpdateDog\RunLiveUpd.exeREG_SZ $ Win7RTM
C:\Program Files (x86)\MTN Online\UpdateDog\RunOuc.exeREG_SZ $ Win7RTM
C:\Program Files (x86)\MTN Online\mt.exeREG_SZ $ Win7RTM
C:\Program Files (x86)\MTN Online\UpdateDog\ouc.exeREG_SZ $ Win7RTM
C:\Program Files (x86)\MTN Online\XStartScreen.exeREG_SZ $ Win7RTM
C:\Users\Administrator\AppData\Local\Temp\UTPS\common\AddPbk.exeREG_SZ $ Win7RTM
C:\Program Files (x86)\MTN Online\subinacl.exeREG_SZ $ Win7RTM
C:\Program Files (x86)\MTN Online\uninst.exeREG_SZ $ Win7RTM
C:\Users\Administrator\AppData\Local\Temp\UTPS\common\Driver\DriverSetup.exeREG_SZ $ Win7RTM
C:\Users\Administrator\AppData\Local\Temp\UTPS\common\Driver\DriverUninstall.exeREG_SZ $ Win7RTM
C:\Users\Administrator\AppData\Local\Temp\UTPS\common\AutoRun\AutoRunSetup.exeREG_SZ $ Win7RTM
C:\Users\Administrator\AppData\Local\Temp\UTPS\common\AutoRun\AutoRunUninstall.exeREG_SZ $ Win7RTM
C:\Users\Administrator\AppData\Local\Temp\UTPS\common\Driver\devsetup32.exeREG_SZ $ Win7RTM
C:\Users\Administrator\AppData\Local\Temp\UTPS\common\Driver\devsetup64.exeREG_SZ $ Win7RTM
C:\Users\Administrator\AppData\Local\Temp\UTPS\common\mobilepartner.exeREG_SZ $ Win7RTM
C:\Users\Administrator\AppData\Local\Temp\UTPS\common\UpdateDog\RunLiveUpd.exeREG_SZ $ Win7RTM
C:\Users\Administrator\AppData\Local\Temp\UTPS\common\UpdateDog\RunOuc.exeREG_SZ $ Win7RTM
C:\Users\Administrator\AppData\Local\Temp\UTPS\common\UpdateDog\LiveUpd.exeREG_SZ $ Win7RTM
C:\Users\Administrator\AppData\Local\Temp\UTPS\common\UpdateDog\ouc.exeREG_SZ $ Win7RTM
C:\Users\Administrator\AppData\Local\Temp\UTPS\common\XStartScreen.exeREG_SZ $ Win7RTM
C:\Users\Administrator\AppData\Local\Temp\UTPS\common\mt.exeREG_SZ $ Win7RTM
C:\Users\Administrator\AppData\Local\Temp\UTPS\common\subinacl.exeREG_SZ $ Win7RTM
 
 
 
Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:
 
MBAM Startup Entries: 
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
 
Malwarebytes Anti-Malware Service and Driver Status:
=======================================================
 
--------------Driver File Info:--------------
C:\windows\system32\drivers\mbam.sys
File Size: 25816     BYTES FileVersion: 0.1.16.0 MD5: [cfbc6c6d8a492697cabd1d353ee64933]
C:\windows\system32\drivers\mwac.sys
File Size: 64216     BYTES FileVersion: 1.0.6.0 MD5: [08decfcb9ba97786165a69ab1015bc30]
C:\windows\system32\drivers\mbamswissarmy.sys
File Size: 192216    BYTES FileVersion: 0.3.0.4 MD5: [78488af2ab2111d67b3c4044707a519b]
C:\windows\system32\drivers\mbamchameleon.sys
File Size: 109272    BYTES FileVersion: 1.1.21.0 MD5: [42b3f5c9fbc9b3f0e0ba6b5d7fc8e849]
 
--------------MBAMProtector:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
--------------MBAMService:--------------
Type:                   16
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
--------------MBAMScheduler:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMWebAccessControl:--------------
Type:                   2
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
Required Dependencies:
======================
 
--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
DisplayName                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1001
ErrorControl                  REG_DWORD 1
Group                         REG_SZ NetworkProvider
ImagePath                     REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Start                         REG_DWORD 2
Type                          REG_DWORD 32
Description                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1002
DependOnService               REG_MULTI_SZ RpcSs
WfpLwfs
 
ObjectName                    REG_SZ NT AUTHORITY\LocalService
ServiceSidType                REG_DWORD 3
RequiredPrivileges            REG_MULTI_SZ SeAuditPrivilege
 
FailureActions                REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
ServiceDllUnloadOnStop        REG_DWORD 1
ServiceMain                   REG_SZ BfeServiceMain
ServiceDll                    REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
 
--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
AttachWhenLoaded              REG_DWORD 1
DisplayName                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
ErrorControl                  REG_DWORD 3
Group                         REG_SZ FSFilter Infrastructure
ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys
Start                         REG_DWORD 0
Tag                           REG_DWORD 1
Type                          REG_DWORD 2
Description                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
 
 
C:\windows\system32\drivers\fltmgr.sys
File Size: 374512    BYTES FileVersion: 6.2.9200.16384 MD5: [b33ec133ae4e6c1881d2302d93d2467d]
C:\windows\SysWOW64\mscomctl.ocx
File Size: 1069376   BYTES FileVersion: 6.1.98.18 MD5: [d7eef2c46a9880f21be01511024b53ab]
C:\windows\SysWOW64\olepro32.dll
File Size: 79360     BYTES FileVersion: 6.2.9200.16384 MD5: [75439663a508a6256f3d50e0e760488b]
 
 
MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced: 
    AutomaticQuarantine:                                       true 
    AutostartProtection:                                       true 
    LimitedMode:                                               false 
    StartSilentMode:                                           false 
    StartupDelay:                                              -15 
ApplicationState: 
    First-Run-After-Installation:                              false 
General: 
    DaysUntilNotifyExpiration:                                 5 
    Language:                                                  en 
    RightClickAccess:                                          false 
    SilentErrors:                                              false 
Logging: 
    ExportLog:                                                 true 
Marketing: 
    LastPostScanMarketingIndex:                                1 
Notification: 
ProtectionTray: 
    DisplayMilliseconds:                                       3000 
ScanHistory: 
    Duration_Complete:                                         2592835 
    Duration_Driver:                                           0 
    Duration_Filesystem:                                       1074 
    Duration_Heuristics:                                       2206544 
    Duration_Loading:                                          0 
    Duration_MasterBootRecord:                                 0 
    Duration_Memory:                                           40000 
    Duration_PreScan:                                          88251 
    Duration_Registry:                                         25424 
    Duration_Sector:                                           0 
    Duration_Startup:                                          61276 
    ItemCount_Complete:                                        353955 
    ItemCount_Driver:                                          0 
    ItemCount_Filesystem:                                      57101 
    ItemCount_Heuristics:                                      30516 
    ItemCount_Loading:                                         0 
    ItemCount_MasterBootRecord:                                0 
    ItemCount_Memory:                                          2797 
    ItemCount_PreScan:                                         88250 
    ItemCount_Registry:                                        700 
    ItemCount_Sector:                                          0 
    ItemCount_Startup:                                         2275 
    LastRemovalRequiredDOR:                                    true 
    LastScanDateEpoch:                                         1452545021645 
    LastScanType:                                              1 (Threat Scan)
    QuarantineCompletedCount:                                  1061 
Update: 
    LastUpdate:                                                2016-01-11T17:50:36 
    NotifyInstallReady:                                        true 
    NotifyOutdatedDatabase:                                    7 
    ProxyPassword:                                              
    ProxyPort:                                                 0 
    ProxyServer:                                                
    ProxyUsername:                                              
    UseProxy:                                                  false 
    UseProxyAuthentication:                                    false 
--------------Account:--------------
  Account Status:                                              Free 
  Expiration Time:                                              
  Activation Time:                                              
  Trial Used:                                                  false 
--------------Access Policies:--------------
 
Scheduler Queue:
================
 
tasks: 
    5c784278-fbed-4545-9592-965289d66ee9:                       
      parameters:                                               
        NotifyWhenUpdateCompletes:                             true 
        TaskType:                                              3 
      triggers:                                                 
        f8007a18-dc6c-4897-974d-c6ac922ac169:                   
          dateinterval:                                        0:0:0 (Days:Months:Years) 
          lastscheduled:                                       Wed, 13 Jan 2016 18:16:55.265603 +0200 
          lasttriggered:                                        
          nextscheduled:                                       Wed, 13 Jan 2016 19:16:55.265603 +0200 
          recovery:                                            00:00:00 (Hours:Minutes:Seconds) 
          start:                                               Tue, 04 Aug 2015 21:16:55.265603 +0200 
          timeinterval:                                        01:00:00 (Hours:Minutes:Seconds) 
          type:                                                Hourly 
          uuid:                                                f8007a18-dc6c-4897-974d-c6ac922ac169 
      type:                                                    update 
      uuid:                                                    5c784278-fbed-4545-9592-965289d66ee9 
    ed511fea-2cd0-493e-857a-1f3fe33afbe8:                       
      parameters:                                               
        AutoDelete:                                            false 
        CheckForUpdatesBeforeScanStart:                        true 
        ScanConfig:                                             
          ExitWhenQuarantineCompletes:                         false 
          ExportLog:                                           true 
          FileSystemOption:                                    true 
          Quarantine:                                          Prompt 
          RebootSystemWhenMalwareDetected:                     false 
          ScanArchives:                                        true 
          ScanExtra:                                           true 
          ScanHeuristic:                                       true 
          ScanMemoryObjects:                                   true 
          ScanPUM:                                             Treat Detections as Malware 
          ScanPUP:                                             Treat Detections as Malware 
          ScanRegistry:                                        true 
          ScanRootkits:                                        false 
          ScanStartup:                                         true 
          ScanTargets:                                          
          ScanType:                                            1 (Threat Scan)
          Silent:                                              true 
        StartTaskFromSystemAccount:                            false 
        TaskType:                                              0 
      triggers:                                                 
        6c907875-2d50-431b-8470-e184c7e91d5a:                   
          dateinterval:                                        1:0:0 (Days:Months:Years) 
          lastscheduled:                                       Wed, 13 Jan 2016 03:27:22 +0200 
          lasttriggered:                                        
          nextscheduled:                                       Thu, 14 Jan 2016 03:27:22 +0200 
          recovery:                                            23:00:00 (Hours:Minutes:Seconds) 
          start:                                               Wed, 05 Aug 2015 03:27:22 +0200 
          timeinterval:                                        00:00:00 (Hours:Minutes:Seconds) 
          type:                                                Daily 
          uuid:                                                6c907875-2d50-431b-8470-e184c7e91d5a 
      type:                                                    scan 
      uuid:                                                    ed511fea-2cd0-493e-857a-1f3fe33afbe8 
 
Pending File Rename Operations: 
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
Pending File Rename Operations: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
PendingFileRenameOperations REG_MULTI_SZ \??\C:\Users\ADMINI~1\AppData\Local\Temp\nsqC7A7.tmp\registry.dll
 
 
 
MBAMProtector Registry Values:
==============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
Type                          REG_DWORD 2
Start                         REG_DWORD 3
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ \??\C:\windows\system32\drivers\mbam.sys
Group                         REG_SZ FSFilter Anti-Virus
DependOnService               REG_MULTI_SZ FltMgr
 
WOW64                         REG_DWORD 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
DefaultInstance               REG_SZ MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
Altitude                      REG_SZ 328800
Flags                         REG_DWORD 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters
PassThruFile                  REG_SZ mbampt.exe
ProductPath                   REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware
 
MBAMService Registry Values:
============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
Type                          REG_DWORD 16
Start                         REG_DWORD 2
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
DependOnService               REG_MULTI_SZ MBAMProtector
 
WOW64                         REG_DWORD 1
ObjectName                    REG_SZ LocalSystem
Description                   REG_SZ Malwarebytes Anti-Malware service
DelayedAutostart              REG_DWORD 0
 
MBAMScheduler Registry Values:
==============================
 
 
 
Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================
 
--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
TermService Start is set to: 3 (Manual Startup)
 
Proxy Status: No proxy is Set
 
Proxy Override: 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
ProxyOverride REG_SZ *.local
 
LAN Settings:
=============
 
only 'Automatically detect settings' is selected
 
SystemPartition:
================
 
HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SystemPartition REG_SZ \Device\HarddiskVolume2
 
Balloon Tips Status:
====================
 
Enabled
 
Time Format Settings:
=====================
 
Should be:
h:mm:ss tt
AM 
PM 
:
 
Currently:
REG_SZ hh:mm:ss tt
REG_SZ AM
REG_SZ PM
REG_SZ :
 
Language and Regional Settings:
===============================
 
ACP: Language is English (United States)
MACCP: Language is English (United States)
OEMCP: Language is English (United States)
 
Startup Folders for Error_Expanding_Variables Check:
====================================================
 
All Users Startup Folder Exists.
Current User's Startup Folder Exists.
 
 
Context Menu Entries:
=====================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
List of MBAM Related Directories:
=================================
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll                                   File Size: 920888    BYTES FileVersion:  9.20.0.0       MD5: [0bce989cf27fdce498305a041d1eba95]
changes.txt                             File Size: 1301      BYTES FileVersion:  N/A            MD5: [b535a0821de0464a9927c996f7e957d8]
cloud-enumeration.dll                   File Size: 286008    BYTES FileVersion:  1.0.1.0        MD5: [9fdabf510e37b06c24aaac53d402633e]
cloud.dll                               File Size: 351544    BYTES FileVersion:  1.0.1.0        MD5: [020f7775a0f0bedfbbc2d87cac34e452]
license.rtf                             File Size: 270257    BYTES FileVersion:  N/A            MD5: [4bac855abf62066aa03591d904a26558]
master.conf                             File Size: 1258      BYTES FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                 File Size: 608568    BYTES FileVersion:  1.0.40.0       MD5: [9f597ef193ba422303888cdd34e33456]
mbam.exe                                 File Size: 9832760   BYTES FileVersion:  2.3.125.0      MD5: [babbbdef9dbb5e012ee5210fcb47c33b]
mbamcore.dll                             File Size: 2126648   BYTES FileVersion:  1.3.24.0       MD5: [9507addeb1f70f4abf50a9835cd2f8cb]
mbamdor.exe                             File Size: 54072     BYTES FileVersion:  1.0.2.0        MD5: [9cee13ddcf207923a1849a8371e714e9]
mbamext.dll                             File Size: 310584    BYTES FileVersion:  3.0.7.0        MD5: [9c96d44764f8b8bdb09e6ad6ad68d494]
mbampt.exe                               File Size: 39736     BYTES FileVersion:  1.0.57.0       MD5: [edd398e736e3efd188dfa86ca4f28527]
mbamresearch.exe                         File Size: 1947960   BYTES FileVersion:  1.1.1.0        MD5: [f4fe7e8cbf51aa07cfb947dbef07e1af]
mbamscheduler.exe                       File Size: 1513784   BYTES FileVersion:  3.1.6.0        MD5: [ab176b9e59c0435499d83047d84edd59]
mbamservice.exe                         File Size: 1135416   BYTES FileVersion:  3.2.19.0       MD5: [40c126cb15fab7d6c66490dca9c1aed2]
mbamsrv.dll                             File Size: 3861816   BYTES FileVersion:  2.1.9.0        MD5: [8853bc829caee0b5c4952e97156c9fc5]
mbamtoast.dll                           File Size: 97080     BYTES FileVersion:  1.70.0.0       MD5: [b7398889823f2ce0116ad31344b43197]
msvcp100.dll                             File Size: 421688    BYTES FileVersion:  10.0.40219.325 MD5: [955743f613f744c184383e09c1d2b16d]
msvcr100.dll                             File Size: 774456    BYTES FileVersion:  10.0.40219.325 MD5: [f7659c545773f2d21f0335f58a7f20cd]
Qt5Core.dll                             File Size: 4645688   BYTES FileVersion:  5.4.1.0        MD5: [0187e57536d48f33acb8d9789c7ff3fc]
Qt5Gui.dll                               File Size: 4639032   BYTES FileVersion:  5.4.1.0        MD5: [8eb68983624868507f33b8da78507f7c]
Qt5Network.dll                           File Size: 672056    BYTES FileVersion:  5.4.1.0        MD5: [21f2b555c0a904232f00c480219a35a8]
Qt5Widgets.dll                           File Size: 4473656   BYTES FileVersion:  5.4.1.0        MD5: [c14017b307fb9a222ce12f7ba6c7a9c8]
unins000.dat                             File Size: 60532     BYTES FileVersion:  N/A            MD5: [99142195a51ed1f90f0db84833ea7d1a]
unins000.exe                             File Size: 720085    BYTES FileVersion:  51.52.0.0      MD5: [f1505d347325c77e3eeef418495e1f57]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                           File Size: 235882    BYTES FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                             File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
firefox.exe                             File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
firefox.pif                             File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
firefox.scr                             File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
iexplore.exe                             File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
mbam-chameleon.com                       File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
mbam-chameleon.exe                       File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
mbam-chameleon.pif                       File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
mbam-chameleon.scr                       File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
mbam-killer.exe                         File Size: 1503544   BYTES FileVersion:  3.0.15.0       MD5: [f604a8e64d02412be1d4b94c6f294b14]
rundll32.exe                             File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
svchost.exe                             File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
windows.exe                             File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
winlogon.exe                             File Size: 893752    BYTES FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
qgif.dll                                 File Size: 28472     BYTES FileVersion:  5.4.1.0        MD5: [98abe94698324f6326781e492e774bd3]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_ar.qm                               File Size: 87404     BYTES FileVersion:  N/A            MD5: [269d3107ca72a75fe154ce4ff718af50]
lang_bg.qm                               File Size: 133911    BYTES FileVersion:  N/A            MD5: [376ad1e4ad206bc32da09b12b564ecc4]
lang_ca.qm                               File Size: 92634     BYTES FileVersion:  N/A            MD5: [2d35f58b0c2db44ad2717f4a4526a085]
lang_cs.qm                               File Size: 105193    BYTES FileVersion:  N/A            MD5: [2c191de828d5e05fd7afa27ee1245023]
lang_da.qm                               File Size: 88039     BYTES FileVersion:  N/A            MD5: [f8a4941d5d388160d252832a77ab584f]
lang_de.qm                               File Size: 139276    BYTES FileVersion:  N/A            MD5: [b55f37281f0fcadfae67aecf0bf4cca5]
lang_el.qm                               File Size: 126897    BYTES FileVersion:  N/A            MD5: [bd671253e071bac626beea63393abcda]
lang_en.qm                               File Size: 3081      BYTES FileVersion:  N/A            MD5: [e2790b3cd9fdd9d3e266e9623fe477af]
lang_es.qm                               File Size: 138468    BYTES FileVersion:  N/A            MD5: [cc4f3aab63d933d5964e2bba62df4277]
lang_et.qm                               File Size: 107794    BYTES FileVersion:  N/A            MD5: [aa4845cd64b20377cea0ebc66eed4a42]
lang_fi.qm                               File Size: 130793    BYTES FileVersion:  N/A            MD5: [00653d1fb2f790817aef991025c176aa]
lang_fr.qm                               File Size: 141996    BYTES FileVersion:  N/A            MD5: [e06db8ef6b826b75ec5859913651ed44]
lang_he.qm                               File Size: 98928     BYTES FileVersion:  N/A            MD5: [2954e902664f2e129f8a8d8238e90552]
lang_hu.qm                               File Size: 132359    BYTES FileVersion:  N/A            MD5: [6bf3b8c78fd393ef2811a19742518b9a]
lang_id.qm                               File Size: 129135    BYTES FileVersion:  N/A            MD5: [6be058072a90897595c6f097a3caa797]
lang_it.qm                               File Size: 134154    BYTES FileVersion:  N/A            MD5: [183990148beec433023688db65a7bf2e]
lang_ja.qm                               File Size: 73762     BYTES FileVersion:  N/A            MD5: [f6bfd643cb92fa760ae6ec64344ee7e1]
lang_ko.qm                               File Size: 85731     BYTES FileVersion:  N/A            MD5: [53b5a94eb309d69993a5bc3cd43a85e4]
lang_lt.qm                               File Size: 90799     BYTES FileVersion:  N/A            MD5: [eecd8edca1fb068ad3bd88aa711bdae2]
lang_lv.qm                               File Size: 90659     BYTES FileVersion:  N/A            MD5: [683950904e725821740217824df440ff]
lang_nl.qm                               File Size: 133514    BYTES FileVersion:  N/A            MD5: [442a6cf7e07e6f676d8b5ae41637549c]
lang_no.qm                               File Size: 129833    BYTES FileVersion:  N/A            MD5: [8949e21e367e5a32ca9f36d8d22c9771]
lang_pl.qm                               File Size: 133827    BYTES FileVersion:  N/A            MD5: [48379f4ac164adfc8d448bf53c8e2df8]
lang_pt_BR.qm                           File Size: 136918    BYTES FileVersion:  N/A            MD5: [b1ea2002cf5362b24ca0a026f448e3f1]
lang_pt_PT.qm                           File Size: 136982    BYTES FileVersion:  N/A            MD5: [5e23b66cb6d8d9894b991cc8f33658af]
lang_ro.qm                               File Size: 90458     BYTES FileVersion:  N/A            MD5: [bcf524020255c4f7a6fdbae8df2bfe81]
lang_ru.qm                               File Size: 137874    BYTES FileVersion:  N/A            MD5: [5e28394fbd12f21301e2b7e1a9dbac94]
lang_sk.qm                               File Size: 131080    BYTES FileVersion:  N/A            MD5: [68e0e95e7131d101188a57e3a413dee5]
lang_sl.qm                               File Size: 107631    BYTES FileVersion:  N/A            MD5: [83755001a3f1bd527d0b4b7a77d0b37d]
lang_sv.qm                               File Size: 129135    BYTES FileVersion:  N/A            MD5: [b3c38242beb63f895fabcc14bbc6807a]
lang_th.qm                               File Size: 137957    BYTES FileVersion:  N/A            MD5: [6a24ece552172d805cd428853255d294]
lang_tr.qm                               File Size: 88838     BYTES FileVersion:  N/A            MD5: [1e4a3c0dcd7074ad4a3971ce67762cda]
lang_vi.qm                               File Size: 133386    BYTES FileVersion:  N/A            MD5: [586de19c023986bf884ad56fc29c8f5e]
lang_zh_TW.qm                           File Size: 87797     BYTES FileVersion:  N/A            MD5: [e120a014cf077bdcbcdcbf98c3438188]


#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,393 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:48 PM

Posted 13 January 2016 - 12:50 PM

At the bottom there should be Malware Exclusions, Web Exclusions, and Quarantined Items like you see in the log below.

 

Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
Vendor: PUP.Optional.MindSpark, Date: 2016/01/13 17:32:06, Type: File, Location: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mapsgalaxy.dl.myway.com_0.localstorage-journal
Vendor: PUP.Optional.MindSpark, Date: 2016/01/13 17:32:06, Type: File, Location: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mapsgalaxy.dl.tb.ask.com_0.localstorage-journal
Vendor: PUP.Optional.MindSpark, Date: 2016/01/13 17:32:06, Type: File, Location: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mapsgalaxy.dl.tb.ask.com_0.localstorage
Vendor: Trojan.Agent.AI, Date: 2015/06/13 14:31:49, Type: File, Location: C:\Users\Dan\AppData\Local\Temp\Quarantine.exe
Vendor: PUP.Optional.MindSpark, Date: 2016/01/13 17:32:06, Type: File, Location: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mapsgalaxy.dl.myway.com_0.localstorage
Vendor: PUP.Optional.OpenCandy, Date: 2015/06/13 14:31:49, Type: File, Location: C:\Users\Dan\Documents\SetupImgBurn_2.5.8.0.exe
===============================================================
END OF FILE

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 Samsungultrabook

Samsungultrabook
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 13 January 2016 - 01:14 PM

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
 
Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
===============================================================
END OF FILE


#6 LH47

LH47

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 14 January 2016 - 09:47 AM

I usually start by running ESET Servicesrepair.exe.

 

Lately, I also usually start the whole process with ADWCleaner 

 

(even before mbam.)

 

Then Mbam, and then I go to Rogue Killer, etc.

 

I'm just regurgitating all of the tools that I found right here on this forum...  :-)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users