Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dell Inspiron Cursor Locks Up Plus Slow Browsing


  • Please log in to reply
19 replies to this topic

#1 ronno21

ronno21

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 08 February 2016 - 04:16 PM

Hi All, 

 

I have had slow browsing for a while - but now the Cursor locks up mainly in Firefox but also in Chrome.- and also 

sometimes in Word - Adobe Reader etc.

 

When browsing, - connect wheel spins for long periods often timing out.

 

I do have Symantec installed - but I did get a number of warnings from Google - your computer is acting strangely - please type

in word to confirm live user (or similar). Probably have a virus or malware.

 

I haven't cleared the Cache for a long time - maybe a contributing factor?

 

Details - Dell Inspiron 15 / 3000 series - 8 GB Ram 64 bit OS - - Windows 8.1

 

Computer is coming up to one year old - Dell Warranty ends around 3rd week of Feb 2016 - but also have extended retailer warranty.

 

Any help appreciated - I have used 'Bleeping Computer' to help on past issues...

 

Many thanks

 

ronno21


Edited by hamluis, 09 February 2016 - 11:33 AM.
Moved from Win 8 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Daydreamed

Daydreamed

  • Members
  • 349 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Dimension C-137
  • Local time:05:15 AM

Posted 08 February 2016 - 04:39 PM

If you think you have malware, you should read this thread and follow the instructions in this: http://www.bleepingcomputer.com/forums/t/182397/am-i-infected-what-do-i-do-how-do-i-get-help-who-is-helping-me/


- Daydreamed


#3 ronno21

ronno21
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 09 February 2016 - 03:41 AM

Hi Daydreamed,

 

Thanks for advice - it looks like I am in the wrong forum.

I will delete thread and re-post. I suspect I have a malware

 

ronno21



#4 ronno21

ronno21
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 09 February 2016 - 04:33 AM

Hi again,

 

I hope I am in the right forum - have decided to not delete thread.

 

In addition to my first post - I am pretty sure I have some unwanted malware and I need help

from a supervisor - I am not very computer savvy..

 

I just noticed today a 'non stop games ícon on my start menu - which I unpinned as I never play games.

Now I have lost it?

 

I also read in the virus forum - about some game malware that also opens unwanted ads in

your browser. I get this problem at times - usually taking me to 'Become an online Millionaire'

or 'Gardening Products'(I never garden) etc

 

I look forward to further advice - I still have the cursor freezing problem...

 

ronno21



#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:15 AM

Posted 09 February 2016 - 09:38 AM

Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
malwarerun_zps9abd4ef1.png
 
4)  When the scan is complete the results will be displayed.  Click on Delete All.
 
malwarenew_zps34b58fdc.png
 
5)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the log in your topic.
 
================
 

Please run AdwCleaner
 
Please download AdwCleaner and install it.
 
When AdwCleaner opens you will see an image like the one below.
 
adwcleaner11_zps48314883.png
 
Click on Scan to start the scan.
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in you topic.
 
=================

Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by dc3, 09 February 2016 - 09:39 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 ronno21

ronno21
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 10 February 2016 - 02:23 PM

Hi Arachibutyrophobia,

 

I ran the scans as instructed - the logs are attached.

Malware showed (from memory) 32 infections - quarantined.

 

I then ran Ad Cleaner.

This showed just a N.

I presume it mean no infections found - log attached.

 

I then ran Eset On Line Scanner - but I may have done something wrong.

 

The scan was showing only 22% completed - but appeared to be

stopped with no infections - about 76,000 files scanned.

 

Thing thing is is - the time elapsed showed 3 plus hours - whereas it had

been running for at least 5 hours according to my estimation - hence I stopped the scan.

 

I then tried to rerun the scan - but it did not start.

 

Sorry if I have done the Eset incorrectly. Logs below.

 

Many thanks

 

ronno21

 

mbam-check result log version:     2.3.2.0
========================================

User Account type:                 Administrator
DomainComputer:                    No
OS:                                Windows 8.1  64 bit Operating System
Current Version and Build:         6.3.9600
Malwarebytes Anti-Malware:         2.2.0.1024
Installed On:                      2016/02/10
Malware Database:                  2016.02.10.03
Rootkit Database:                  2016.02.08.01
Remediation Database:              2016.02.05.02
IP Database:                       2016.02.08.01
Domain Database:                   2016.02.10.05
License:                           Trial
Malware Protection:                4 (The service is running.)
Malicious Website Protection:      4 (The service is running.)
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2016/02/10 22:05:26

User Information for Local System:
===========================================
User Account: Administrator
    Account Level: Admin
User Account: Guest
    Account Level: Guest
User Account: HomeGroupUser$
    Account Level: Guest
User Account: RonCam
    Account Level: Admin
Total # of user entries: 4

UAC Settings:
===================
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    DWORD    1    Status: ON
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    DWORD    0    Status: OFF

AntiVirus Information:
===================
AntiVirus Software Installed:    "Windows Defender"
AntiVirus Software Installed:    "Symantec Endpoint Protection"

FireWall Information:
===================
NO 3rd Party Firewall Software Installed

AntiSpyware Information:
===================
AntiSpyware Software Installed:    "Windows Defender"
AntiSpyware Software Installed:    "Symantec Endpoint Protection"

Machine Information
===============================================
Machine ID:    ca7b9663fe717b95e4bba02cc3f0be51bc412066
Installation Token:    Dx4abmAf1u-kMkiyXQ8K1455095701
System has been up for:     1.48333 Hours
Current Date:    2016-Feb-10 14:05:28.168970
Date Booted:    2016-Feb-10 13:05:28.168970

Detection and Protection Settings
===============================================
Use Advanced Heuristics Engine (Shuriken):            true
Scan for rootkits:                                    false
Scan within archives:                                 true
PUP (Potentially Unwanted Program) detections:        Treat Detections as Malware
PUM (Potentially Unwanted Modification) detections:   Treat Detections as Malware

Compatibility Flag Settings:
=================================





Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:

MBAM Startup Entries:
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Malwarebytes Anti-Malware Service and Driver Status:
=======================================================

--------------Driver File Info:--------------
C:\Windows\system32\drivers\mbam.sys
File Size:     25816 BYTES    FileVersion: 0.1.16.0    MD5: [cfbc6c6d8a492697cabd1d353ee64933]
C:\Windows\system32\drivers\mwac.sys
File Size:     64216 BYTES    FileVersion: 1.0.6.0    MD5: [08decfcb9ba97786165a69ab1015bc30]
C:\Windows\system32\drivers\mbamswissarmy.sys
File Size:    192216 BYTES    FileVersion: 0.3.0.4    MD5: [78488af2ab2111d67b3c4044707a519b]
C:\Windows\system32\drivers\mbamchameleon.sys
File Size:    109272 BYTES    FileVersion: 1.1.21.0    MD5: [42b3f5c9fbc9b3f0e0ba6b5d7fc8e849]

--------------MBAMProtector:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


--------------MBAMService:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


--------------MBAMScheduler:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMWebAccessControl:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


Required Dependencies:
======================

--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
    DisplayName                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1001
    ErrorControl                  REG_DWORD        1
    Group                         REG_SZ        NetworkProvider
    ImagePath                     REG_EXPAND_SZ    %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
    Start                         REG_DWORD        2
    Type                          REG_DWORD        32
    Description                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1002
    DependOnService               REG_MULTI_SZ    RpcSs
                            WfpLwfs

    ObjectName                    REG_SZ        NT AUTHORITY\LocalService
    ServiceSidType                REG_DWORD        3
    RequiredPrivileges            REG_MULTI_SZ    SeAuditPrivilege

    FailureActions                REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
    ServiceDllUnloadOnStop        REG_DWORD        1
    ServiceMain                   REG_SZ        BfeServiceMain
    ServiceDll                    REG_EXPAND_SZ    %SystemRoot%\System32\bfe.dll

--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
    AttachWhenLoaded              REG_DWORD        1
    DisplayName                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
    ErrorControl                  REG_DWORD        3
    Group                         REG_SZ        FSFilter Infrastructure
    ImagePath                     REG_EXPAND_SZ    system32\drivers\fltmgr.sys
    Start                         REG_DWORD        0
    Tag                           REG_DWORD        1
    Type                          REG_DWORD        2
    Description                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10000


C:\Windows\system32\drivers\fltmgr.sys
File Size: 354112    BYTES    FileVersion: 6.3.9600.17326    MD5: [c1fb505a73fa2e9019d32444ab33b75a]
C:\Windows\SysWOW64\mscomctl.ocx
File Size: 1070232   BYTES    FileVersion: 6.1.98.46    MD5: [273676426739b02a45a0fc9349500b65]
C:\Windows\SysWOW64\olepro32.dll
File Size: 86016     BYTES    FileVersion: 6.3.9600.17415    MD5: [afe3ca77ff01edcb79ab3f9e87b7a50b]


MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced:
    AutomaticQuarantine:                                       true
    AutostartProtection:                                       true
    LimitedMode:                                               false
    StartSilentMode:                                           false
    StartupDelay:                                              -15
ApplicationState:
    First-Run-After-Installation:                              false
General:
    DaysUntilNotifyExpiration:                                 5
    Language:                                                  en
    RightClickAccess:                                          false
    SilentErrors:                                              false
Logging:
    ExportLog:                                                 true
Marketing:
    LastPostScanMarketingIndex:                                1
Notification:
ProtectionTray:
    DisplayMilliseconds:                                       3000
ScanHistory:
    Duration_Complete:                                         3858525
    Duration_Driver:                                           0
    Duration_Filesystem:                                       205
    Duration_Heuristics:                                       3257995
    Duration_Loading:                                          0
    Duration_MasterBootRecord:                                 0
    Duration_Memory:                                           40000
    Duration_PreScan:                                          43821
    Duration_Registry:                                         49395
    Duration_Sector:                                           0
    Duration_Startup:                                          70359
    ItemCount_Complete:                                        278726
    ItemCount_Driver:                                          0
    ItemCount_Filesystem:                                      47238
    ItemCount_Heuristics:                                      31916
    ItemCount_Loading:                                         0
    ItemCount_MasterBootRecord:                                0
    ItemCount_Memory:                                          2797
    ItemCount_PreScan:                                         0
    ItemCount_Registry:                                        679
    ItemCount_Sector:                                          0
    ItemCount_Startup:                                         2289
    LastRemovalRequiredDOR:                                    true
    LastScanDateEpoch:                                         1455095814814
    LastScanType:                                              1 (Threat Scan)
    QuarantineCompletedCount:                                  33
Update:
    LastUpdate:                                                2016-02-10T12:29:50
    NotifyInstallReady:                                        true
    NotifyOutdatedDatabase:                                    7
    ProxyPassword:                                              
    ProxyPort:                                                 0
    ProxyServer:                                                
    ProxyUsername:                                              
    UseProxy:                                                  false
    UseProxyAuthentication:                                    false
    CheckProgramUpdates:                          true
--------------Account:--------------
  Account Status:                                              Trial
  Expiration Time:                                             2016/02/24 09:15:02
  Activation Time:                                             2016/02/10 17:14:59
  Trial Used:                                                  true
--------------Access Policies:--------------

Scheduler Queue:
================

tasks:
    48b5481f-8fc8-424d-9bae-675a8490c1b9:                       
      parameters:                                               
        AutoDelete:                                            false
        CheckForUpdatesBeforeScanStart:                        true
        ScanConfig:                                             
          ExportLog:                                           true
          FileSystemOption:                                    true
          Quarantine:                                          Prompt
          RebootSystemWhenMalwareDetected:                     false
          ScanArchives:                                        true
          ScanExtra:                                           true
          ScanHeuristic:                                       true
          ScanMemoryObjects:                                   true
          ScanPUM:                                             Treat Detections as Malware
          ScanPUP:                                             Treat Detections as Malware
          ScanRegistry:                                        true
          ScanRootkits:                                        false
          ScanSource:                                          1
          ScanStartup:                                         true
          ScanTargets:                                          
          ScanType:                                            1 (Threat Scan)
          Silent:                                              true
        StartTaskFromSystemAccount:                            false
        TaskType:                                              0
      triggers:                                                 
        e9f910a3-1b09-4dfc-b521-21cb16851189:                   
          dateinterval:                                        1:0:0 (Days:Months:Years)
          lastscheduled:                                        
          lasttriggered:                                        
          nextscheduled:                                       Thu, 11 Feb 2016 02:21:56 +0800
          recovery:                                            23:00:00 (Hours:Minutes:Seconds)
          start:                                               Thu, 11 Feb 2016 02:07:11 +0800
          timeinterval:                                        00:00:00 (Hours:Minutes:Seconds)
          type:                                                Daily
          uuid:                                                e9f910a3-1b09-4dfc-b521-21cb16851189
      type:                                                    scan
      uuid:                                                    48b5481f-8fc8-424d-9bae-675a8490c1b9
    fad6f7ff-ad26-4e75-b46f-723b4535233d:                       
      parameters:                                               
        NotifyWhenUpdateCompletes:                             false
        ProcessLaunchedFromScheduler:                          true
        TaskType:                                              3
      triggers:                                                 
        9f6290de-caba-447f-a7af-ee8c65babb58:                   
          dateinterval:                                        0:0:0 (Days:Months:Years)
          lastscheduled:                                       Wed, 10 Feb 2016 21:31:18.914473 +0800
          lasttriggered:                                       Wed, 10 Feb 2016 21:31:18.914473 +0800
          nextscheduled:                                       Wed, 10 Feb 2016 22:07:21.905092 +0800
          recovery:                                            00:00:00 (Hours:Minutes:Seconds)
          start:                                               Wed, 10 Feb 2016 17:21:13.905092 +0800
          timeinterval:                                        01:00:00 (Hours:Minutes:Seconds)
          type:                                                Hourly
          uuid:                                                9f6290de-caba-447f-a7af-ee8c65babb58
      type:                                                    update
      uuid:                                                    fad6f7ff-ad26-4e75-b46f-723b4535233d

Pending File Rename Operations:
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
Pending File Rename Operations:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
    PendingFileRenameOperations    REG_MULTI_SZ    \??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\cleanup.old



MBAMProtector Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
    Type                          REG_DWORD        2
    Start                         REG_DWORD        3
    ErrorControl                  REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    \??\C:\Windows\system32\drivers\mbam.sys
    Group                         REG_SZ        FSFilter Anti-Virus
    DependOnService               REG_MULTI_SZ    FltMgr

    WOW64                         REG_DWORD        1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
    DefaultInstance               REG_SZ        MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
    Altitude                      REG_SZ        328800
    Flags                         REG_DWORD        0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters
    PassThruFile                  REG_SZ        mbampt.exe
    ProductPath                   REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware

MBAMService Registry Values:
============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
    Type                          REG_DWORD        16
    Start                         REG_DWORD        2
    ErrorControl                  REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
    DependOnService               REG_MULTI_SZ    MBAMProtector

    WOW64                         REG_DWORD        1
    ObjectName                    REG_SZ        LocalSystem
    Description                   REG_SZ        Malwarebytes Anti-Malware service
    DelayedAutostart              REG_DWORD        0

MBAMScheduler Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler
    Type                          REG_DWORD        16
    Start                         REG_DWORD        2
    ErrorControl                  REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
    WOW64                         REG_DWORD        1
    ObjectName                    REG_SZ        LocalSystem
    Description                   REG_SZ        Malwarebytes Anti-Malware scheduler

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


TermService Start is set to: 3 (Manual Startup)

Proxy Status: No proxy is Set

LAN Settings:
=============

only 'Automatically detect settings' is selected

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
    SystemPartition    REG_SZ        \Device\HarddiskVolume1

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
        h:mm:ss tt
        AM
        PM
        :

Currently:
REG_SZ        h:mm:ss tt
REG_SZ        AM
REG_SZ        PM
REG_SZ        :

Language and Regional Settings:
===============================

ACP:     Language is English (United States)
MACCP:     Language is English (United States)
OEMCP:     Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's Startup Folder Exists.


Context Menu Entries:
=====================
















List of MBAM Related Directories:
=================================

C:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll                                      File Size: 920888    BYTES    FileVersion:  9.20.0.0       MD5: [0bce989cf27fdce498305a041d1eba95]
changes.txt                                 File Size: 1301      BYTES    FileVersion:  N/A            MD5: [b535a0821de0464a9927c996f7e957d8]
cloud-enumeration.dll                       File Size: 286008    BYTES    FileVersion:  1.0.1.0        MD5: [9fdabf510e37b06c24aaac53d402633e]
cloud.dll                                   File Size: 351544    BYTES    FileVersion:  1.0.1.0        MD5: [020f7775a0f0bedfbbc2d87cac34e452]
license.rtf                                 File Size: 270257    BYTES    FileVersion:  N/A            MD5: [4bac855abf62066aa03591d904a26558]
master.conf                                 File Size: 1258      BYTES    FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                    File Size: 608568    BYTES    FileVersion:  1.0.40.0       MD5: [9f597ef193ba422303888cdd34e33456]
mbam.exe                                    File Size: 9832760   BYTES    FileVersion:  2.3.125.0      MD5: [babbbdef9dbb5e012ee5210fcb47c33b]
mbamcore.dll                                File Size: 2126648   BYTES    FileVersion:  1.3.24.0       MD5: [9507addeb1f70f4abf50a9835cd2f8cb]
mbamdor.exe                                 File Size: 54072     BYTES    FileVersion:  1.0.2.0        MD5: [9cee13ddcf207923a1849a8371e714e9]
mbamext.dll                                 File Size: 310584    BYTES    FileVersion:  3.0.7.0        MD5: [9c96d44764f8b8bdb09e6ad6ad68d494]
mbampt.exe                                  File Size: 39736     BYTES    FileVersion:  1.0.57.0       MD5: [edd398e736e3efd188dfa86ca4f28527]
mbamresearch.exe                            File Size: 1947960   BYTES    FileVersion:  1.1.1.0        MD5: [f4fe7e8cbf51aa07cfb947dbef07e1af]
mbamscheduler.exe                           File Size: 1513784   BYTES    FileVersion:  3.1.6.0        MD5: [ab176b9e59c0435499d83047d84edd59]
mbamservice.exe                             File Size: 1135416   BYTES    FileVersion:  3.2.19.0       MD5: [40c126cb15fab7d6c66490dca9c1aed2]
mbamsrv.dll                                 File Size: 3861816   BYTES    FileVersion:  2.1.9.0        MD5: [8853bc829caee0b5c4952e97156c9fc5]
mbamtoast.dll                               File Size: 97080     BYTES    FileVersion:  1.70.0.0       MD5: [b7398889823f2ce0116ad31344b43197]
msvcp100.dll                                File Size: 421688    BYTES    FileVersion:  10.0.40219.325 MD5: [955743f613f744c184383e09c1d2b16d]
msvcr100.dll                                File Size: 774456    BYTES    FileVersion:  10.0.40219.325 MD5: [f7659c545773f2d21f0335f58a7f20cd]
Qt5Core.dll                                 File Size: 4645688   BYTES    FileVersion:  5.4.1.0        MD5: [0187e57536d48f33acb8d9789c7ff3fc]
Qt5Gui.dll                                  File Size: 4639032   BYTES    FileVersion:  5.4.1.0        MD5: [8eb68983624868507f33b8da78507f7c]
Qt5Network.dll                              File Size: 672056    BYTES    FileVersion:  5.4.1.0        MD5: [21f2b555c0a904232f00c480219a35a8]
Qt5Widgets.dll                              File Size: 4473656   BYTES    FileVersion:  5.4.1.0        MD5: [c14017b307fb9a222ce12f7ba6c7a9c8]
unins000.dat                                File Size: 35122     BYTES    FileVersion:  N/A            MD5: [ff410759e2eb6bf404d093adb4be4377]
unins000.exe                                File Size: 720085    BYTES    FileVersion:  51.52.0.0      MD5: [f1505d347325c77e3eeef418495e1f57]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                               File Size: 235882    BYTES    FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                                 File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
firefox.exe                                 File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
firefox.pif                                 File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
firefox.scr                                 File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
iexplore.exe                                File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
mbam-chameleon.com                          File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
mbam-chameleon.exe                          File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
mbam-chameleon.pif                          File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
mbam-chameleon.scr                          File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
mbam-killer.exe                             File Size: 1503544   BYTES    FileVersion:  3.0.15.0       MD5: [f604a8e64d02412be1d4b94c6f294b14]
rundll32.exe                                File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
svchost.exe                                 File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
windows.exe                                 File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
winlogon.exe                                File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
qgif.dll                                    File Size: 28472     BYTES    FileVersion:  5.4.1.0        MD5: [98abe94698324f6326781e492e774bd3]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_ar.qm                                  File Size: 87404     BYTES    FileVersion:  N/A            MD5: [269d3107ca72a75fe154ce4ff718af50]
lang_bg.qm                                  File Size: 133911    BYTES    FileVersion:  N/A            MD5: [376ad1e4ad206bc32da09b12b564ecc4]
lang_ca.qm                                  File Size: 92634     BYTES    FileVersion:  N/A            MD5: [2d35f58b0c2db44ad2717f4a4526a085]
lang_cs.qm                                  File Size: 105193    BYTES    FileVersion:  N/A            MD5: [2c191de828d5e05fd7afa27ee1245023]
lang_da.qm                                  File Size: 88039     BYTES    FileVersion:  N/A            MD5: [f8a4941d5d388160d252832a77ab584f]
lang_de.qm                                  File Size: 139276    BYTES    FileVersion:  N/A            MD5: [b55f37281f0fcadfae67aecf0bf4cca5]
lang_el.qm                                  File Size: 126897    BYTES    FileVersion:  N/A            MD5: [bd671253e071bac626beea63393abcda]
lang_en.qm                                  File Size: 3081      BYTES    FileVersion:  N/A            MD5: [e2790b3cd9fdd9d3e266e9623fe477af]
lang_es.qm                                  File Size: 138468    BYTES    FileVersion:  N/A            MD5: [cc4f3aab63d933d5964e2bba62df4277]
lang_et.qm                                  File Size: 107794    BYTES    FileVersion:  N/A            MD5: [aa4845cd64b20377cea0ebc66eed4a42]
lang_fi.qm                                  File Size: 130793    BYTES    FileVersion:  N/A            MD5: [00653d1fb2f790817aef991025c176aa]
lang_fr.qm                                  File Size: 141996    BYTES    FileVersion:  N/A            MD5: [e06db8ef6b826b75ec5859913651ed44]
lang_he.qm                                  File Size: 98928     BYTES    FileVersion:  N/A            MD5: [2954e902664f2e129f8a8d8238e90552]
lang_hu.qm                                  File Size: 132359    BYTES    FileVersion:  N/A            MD5: [6bf3b8c78fd393ef2811a19742518b9a]
lang_id.qm                                  File Size: 129135    BYTES    FileVersion:  N/A            MD5: [6be058072a90897595c6f097a3caa797]
lang_it.qm                                  File Size: 134154    BYTES    FileVersion:  N/A            MD5: [183990148beec433023688db65a7bf2e]
lang_ja.qm                                  File Size: 73762     BYTES    FileVersion:  N/A            MD5: [f6bfd643cb92fa760ae6ec64344ee7e1]
lang_ko.qm                                  File Size: 85731     BYTES    FileVersion:  N/A            MD5: [53b5a94eb309d69993a5bc3cd43a85e4]
lang_lt.qm                                  File Size: 90799     BYTES    FileVersion:  N/A            MD5: [eecd8edca1fb068ad3bd88aa711bdae2]
lang_lv.qm                                  File Size: 90659     BYTES    FileVersion:  N/A            MD5: [683950904e725821740217824df440ff]
lang_nl.qm                                  File Size: 133514    BYTES    FileVersion:  N/A            MD5: [442a6cf7e07e6f676d8b5ae41637549c]
lang_no.qm                                  File Size: 129833    BYTES    FileVersion:  N/A            MD5: [8949e21e367e5a32ca9f36d8d22c9771]
lang_pl.qm                                  File Size: 133827    BYTES    FileVersion:  N/A            MD5: [48379f4ac164adfc8d448bf53c8e2df8]
lang_pt_BR.qm                               File Size: 136918    BYTES    FileVersion:  N/A            MD5: [b1ea2002cf5362b24ca0a026f448e3f1]
lang_pt_PT.qm                               File Size: 136982    BYTES    FileVersion:  N/A            MD5: [5e23b66cb6d8d9894b991cc8f33658af]
lang_ro.qm                                  File Size: 90458     BYTES    FileVersion:  N/A            MD5: [bcf524020255c4f7a6fdbae8df2bfe81]
lang_ru.qm                                  File Size: 137874    BYTES    FileVersion:  N/A            MD5: [5e28394fbd12f21301e2b7e1a9dbac94]
lang_sk.qm                                  File Size: 131080    BYTES    FileVersion:  N/A            MD5: [68e0e95e7131d101188a57e3a413dee5]
lang_sl.qm                                  File Size: 107631    BYTES    FileVersion:  N/A            MD5: [83755001a3f1bd527d0b4b7a77d0b37d]
lang_sv.qm                                  File Size: 129135    BYTES    FileVersion:  N/A            MD5: [b3c38242beb63f895fabcc14bbc6807a]
lang_tr.qm                                  File Size: 88838     BYTES    FileVersion:  N/A            MD5: [1e4a3c0dcd7074ad4a3971ce67762cda]
lang_vi.qm                                  File Size: 133386    BYTES    FileVersion:  N/A            MD5: [586de19c023986bf884ad56fc29c8f5e]
lang_zh_TW.qm                               File Size: 87797     BYTES    FileVersion:  N/A            MD5: [e120a014cf077bdcbcdcbf98c3438188]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\platforms
qwindows.dll                                File Size: 928568    BYTES    FileVersion:  5.4.1.0        MD5: [1dadf33fdeaabb550384beaef851313b]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                               File Size: 822584    BYTES    FileVersion:  1.4.0.1001     MD5: [16fd048f3362bf6fd2050ef22b85dba8]

C:\Users\RonCam\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                                 File Size: 4402      BYTES    FileVersion:  N/A            MD5: [dda76c659c4f269ba2cce0c7b9bd8d1e]
akadomains.ref                              File Size: 92        BYTES    FileVersion:  N/A            MD5: [73d5774cbd8df165274a0691ae264808]
akaips.ref                                  File Size: 92        BYTES    FileVersion:  N/A            MD5: [2a6869d1f91f0a0b87b1d27bd30ccc5c]
cleanup.old                                 File Size: 2126648   BYTES    FileVersion:  1.3.24.0       MD5: [9507addeb1f70f4abf50a9835cd2f8cb]
domains.ref                                 File Size: 405558    BYTES    FileVersion:  N/A            MD5: [317aeeeb147393bec76ed93a4f431d7d]
exclusions.dat                              File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref                                     File Size: 128189    BYTES    FileVersion:  N/A            MD5: [9802c698991af460d6bb6b69d221dd7e]
mbamdor.old                                 File Size: 54072     BYTES    FileVersion:  1.0.2.0        MD5: [9cee13ddcf207923a1849a8371e714e9]
rules.ref                                   File Size: 9814334   BYTES    FileVersion:  N/A            MD5: [1b80c476e5ad9b860e25bad0bbaee6bb]
swissarmy.ref                               File Size: 27833     BYTES    FileVersion:  N/A            MD5: [b326a53b4fd81ef3da84b67e545ac235]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                                  File Size: 4592      BYTES    FileVersion:  N/A            MD5: [5953c99dd9bc7a450494a7ffbd264d71]
database.conf                               File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                                File Size: 1532      BYTES    FileVersion:  N/A            MD5: [07a5edf3a37911f102d06a951f339625]
manifest.conf                               File Size: 3401      BYTES    FileVersion:  N/A            MD5: [1096944cee8f8a752c0b3ffe3df2cfa1]
marketing.conf                              File Size: 7288      BYTES    FileVersion:  N/A            MD5: [ae4d1f189893dcc8d3aef3f30832fe49]
net.conf                                    File Size: 7197      BYTES    FileVersion:  N/A            MD5: [830cdffc46df602757a483a56e495acb]
notifications.conf                          File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                              File Size: 2088      BYTES    FileVersion:  N/A            MD5: [8b1b14433ae40d29be54c384095c5250]
settings.conf                               File Size: 2124      BYTES    FileVersion:  N/A            MD5: [e737a6b44daf19e6fded9b4c4e372173]
statistics.conf                             File Size: 513       BYTES    FileVersion:  N/A            MD5: [08e78398a89e952a7ff9d62c20b2bd74]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore
build.conf                                  File Size: 4178      BYTES    FileVersion:  N/A            MD5: [6759bfb0d20758e828f322cb432d8acb]
database.conf                               File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                                File Size: 23        BYTES    FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                               File Size: 3184      BYTES    FileVersion:  N/A            MD5: [f9da45921ee39ca76afc39467ebc8e0a]
marketing.conf                              File Size: 6944      BYTES    FileVersion:  N/A            MD5: [c2133abde83f47a94e64d581e20b29cd]
net.conf                                    File Size: 6402      BYTES    FileVersion:  N/A            MD5: [859eb83405ed41b02f5a960bfb4ab573]
notifications.conf                          File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                              File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                               File Size: 1725      BYTES    FileVersion:  N/A            MD5: [5454026126dac24f6e96eeb0c64123d3]
statistics.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
mbam-log-2016-02-10 (17-16-11).xml          File Size: 2580      BYTES    FileVersion:  N/A            MD5: [ce959abf004307393634311764e4568b]
protection-log-2016-02-10.xml               File Size: 13120     BYTES    FileVersion:  N/A            MD5: [780e2e02e121d4d02055f42f88161d08]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
0193359125.data                             File Size: 742       BYTES    FileVersion:  N/A            MD5: [f62017926189b8adc43594710b143f76]
0193359125.quar                             File Size: 1550      BYTES    FileVersion:  N/A            MD5: [9bae6745b02cb9e74f57b49fc0e8c339]
0499908905.data                             File Size: 703       BYTES    FileVersion:  N/A            MD5: [a076ff4f41e07e0eec6a45b3eec31d6c]
0801636022.data                             File Size: 793       BYTES    FileVersion:  N/A            MD5: [7869c6501a852f35cbcc0f30ab998ee8]
0801636022.quar                             File Size: 476       BYTES    FileVersion:  N/A            MD5: [5932d625c887e3dad3abc9cc3b244239]
0868267322.data                             File Size: 708       BYTES    FileVersion:  N/A            MD5: [0999a2314e70e40797ac1e681c268fd0]
0868267322.quar                             File Size: 588       BYTES    FileVersion:  N/A            MD5: [a6d9c3d6ddd2903e00d2d844ddef7ed5]
0942717918.data                             File Size: 792       BYTES    FileVersion:  N/A            MD5: [4a49e62f7609170416bfaf2f8a170a47]
1152816319.data                             File Size: 898       BYTES    FileVersion:  N/A            MD5: [db47f4b75d436b2c7641a7baaf60a1ab]
1485105409.data                             File Size: 725       BYTES    FileVersion:  N/A            MD5: [cc3b766c5cb3aae1407c78890a5e1bff]
1485105409.quar                             File Size: 211064    BYTES    FileVersion:  N/A            MD5: [61a87193c1f14c71ad2ef28dabad9dba]
1939626172.data                             File Size: 758       BYTES    FileVersion:  N/A            MD5: [54b934cbc822e76d04cc40302b89c90d]
1939626172.quar                             File Size: 292       BYTES    FileVersion:  N/A            MD5: [dfeceb08e0b502995ecf5ecdc6e40c75]
2135347437.data                             File Size: 746       BYTES    FileVersion:  N/A            MD5: [c36805b770923ffb496018f8c5f183f4]
2135347437.quar                             File Size: 998       BYTES    FileVersion:  N/A            MD5: [ce154ada866c5b071d4895d74c6591a0]
2575395567.data                             File Size: 746       BYTES    FileVersion:  N/A            MD5: [0a057da26e2d4c61f2c51f111b6a0678]
2575395567.quar                             File Size: 998       BYTES    FileVersion:  N/A            MD5: [0a2d4fed65eae9fb41f80975faf0e66b]
2909795386.data                             File Size: 872       BYTES    FileVersion:  N/A            MD5: [828fbbbee9ba444beaadf4291853c8ef]
2952080878.data                             File Size: 734       BYTES    FileVersion:  N/A            MD5: [e6b4064379d04d2a83d0757f6f06e6b5]
2952080878.quar                             File Size: 926       BYTES    FileVersion:  N/A            MD5: [8c02ded637773666fa5a44a32afaece3]
3195389569.data                             File Size: 778       BYTES    FileVersion:  N/A            MD5: [0ac50834859f7e9ecf942ab8e4c451cc]
3195389569.quar                             File Size: 418       BYTES    FileVersion:  N/A            MD5: [11e110c7c16bc92ab72563d94664f124]
3289496899.data                             File Size: 721       BYTES    FileVersion:  N/A            MD5: [d01f4e44f12db5eb6a397de35b0dab56]
3289496899.quar                             File Size: 211064    BYTES    FileVersion:  N/A            MD5: [61a87193c1f14c71ad2ef28dabad9dba]
4092074867.data                             File Size: 742       BYTES    FileVersion:  N/A            MD5: [d84a16441cf6e08875263f6072551d00]
4092074867.quar                             File Size: 1550      BYTES    FileVersion:  N/A            MD5: [28eaa1145dccda4fbb81f407e3dd6cd4]
4512737083.data                             File Size: 886       BYTES    FileVersion:  N/A            MD5: [5cd81144c4c64c8a9bd47469ccd6b0f1]
5097850644.data                             File Size: 744       BYTES    FileVersion:  N/A            MD5: [a736870ad492839e5b5921f15c0ff4a9]
5097850644.quar                             File Size: 1750      BYTES    FileVersion:  N/A            MD5: [93de4e246c1e6b0e1d0fd62f17417f1a]
5215384390.data                             File Size: 740       BYTES    FileVersion:  N/A            MD5: [3cb26eb9edb57fac0fef22b3c6844879]
5215384390.quar                             File Size: 4664      BYTES    FileVersion:  N/A            MD5: [9023ce8f5d935f87e093c803d728e2be]
5842440412.data                             File Size: 736       BYTES    FileVersion:  N/A            MD5: [bd1abc6bef07249cd503ad0d495adae1]
5842440412.quar                             File Size: 362       BYTES    FileVersion:  N/A            MD5: [24eebaf69127440a6e2d65166ed1f71d]
6306986365.data                             File Size: 700       BYTES    FileVersion:  N/A            MD5: [ac0e70a6e353db68a6f3beaf122b484b]
6306986365.quar                             File Size: 1026312   BYTES    FileVersion:  N/A            MD5: [4b6a19ea0b22154734b72bb6489caae5]
6982084704.data                             File Size: 804       BYTES    FileVersion:  N/A            MD5: [8bf3312591f7a958e657eb07d73cf0bf]
6982084704.quar                             File Size: 1026      BYTES    FileVersion:  N/A            MD5: [9a012f2f186f8cd862130cb2adfd9755]
6990645708.data                             File Size: 720       BYTES    FileVersion:  N/A            MD5: [eee9b1fed01c26f1bbc1ab5647163bc7]
6990645708.quar                             File Size: 211064    BYTES    FileVersion:  N/A            MD5: [61a87193c1f14c71ad2ef28dabad9dba]
7071505879.data                             File Size: 723       BYTES    FileVersion:  N/A            MD5: [e803a9a644073103d2c6e612e44c8f7b]
7071505879.quar                             File Size: 14        BYTES    FileVersion:  N/A            MD5: [bb31f409a13a3b17144c2665f132b1b9]
7262215051.data                             File Size: 720       BYTES    FileVersion:  N/A            MD5: [dff2d01d5fc802362da7166012bcf9ab]
7262215051.quar                             File Size: 612       BYTES    FileVersion:  N/A            MD5: [5321032a0d8ed87894dc3dd58ddd4716]
7697941287.data                             File Size: 732       BYTES    FileVersion:  N/A            MD5: [563a7b751ce751aa2a482b58babdb3f3]
7697941287.quar                             File Size: 1606      BYTES    FileVersion:  N/A            MD5: [cc3db0639155124d2fded48c22db9c0d]
8208242369.data                             File Size: 802       BYTES    FileVersion:  N/A            MD5: [f5588e210cb22173a167f1780704a48e]
8223372867.data                             File Size: 790       BYTES    FileVersion:  N/A            MD5: [b400181526fd6642004b82115405a5ca]
8354574398.data                             File Size: 807       BYTES    FileVersion:  N/A            MD5: [9d6ae7302c33b8d1389499dd756eb6c1]
8354574398.quar                             File Size: 472       BYTES    FileVersion:  N/A            MD5: [a5d619cefe7ebdefd1a55e817dd5acbe]
8493558556.data                             File Size: 725       BYTES    FileVersion:  N/A            MD5: [0bd6455c73bdf5e9a7b62b9a4d95cd90]
8493558556.quar                             File Size: 72        BYTES    FileVersion:  N/A            MD5: [084a10bf0dc7ba002902c348c2f44de8]
8875531139.data                             File Size: 735       BYTES    FileVersion:  N/A            MD5: [cbe4617529bd63b3474db5da79b9b644]
8875531139.quar                             File Size: 1864      BYTES    FileVersion:  N/A            MD5: [551d7111261ffcaa9bd5858d143b4238]
8968563906.data                             File Size: 714       BYTES    FileVersion:  N/A            MD5: [2752887f5e534914aae98c196b13b32d]
9584063462.data                             File Size: 744       BYTES    FileVersion:  N/A            MD5: [faf1494707251a248ba2c8ffd978b373]
9584063462.quar                             File Size: 1750      BYTES    FileVersion:  N/A            MD5: [a23f6890ba7f2ba4609a41c772eec236]
9684338477.data                             File Size: 736       BYTES    FileVersion:  N/A            MD5: [26e187498acc824ece7570601cd88ba7]
9684338477.quar                             File Size: 362       BYTES    FileVersion:  N/A            MD5: [bd6d2945db889a3c272065e7a26dda56]

Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
Vendor: PUP.Optional.StrongSignal, Date: 2016/02/10 11:27:10, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C723A437-2EAF-466D-A95B-3FA0966BF88C}
Vendor: PUP.Optional.UpdateProc, Date: 2016/02/10 11:27:10, Type: Folder, Location: C:\Users\RonCam\AppData\Roaming\UpdaterEX
Vendor: PUP.Optional.StrongSignal, Date: 2016/02/10 11:27:10, Type: Registry Key, Location: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C723A437-2EAF-466D-A95B-3FA0966BF88C}
Vendor: PUM.Optional.DisableChromeUpdates, Date: 2016/02/10 11:27:10, Type: Registry Key, Location: HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE
Vendor: PUP.Optional.ProductSetup, Date: 2016/02/10 11:27:10, Type: Registry Value, Location: HKU\S-1-5-21-1205331595-861584677-2982247311-1001\SOFTWARE\PRODUCTSETUP|tb
Vendor: PUP.Optional.SuperOptimizer, Date: 2016/02/10 11:27:10, Type: Registry Value, Location: HKU\S-1-5-21-1205331595-861584677-2982247311-1001\SOFTWARE\SUPER OPTIMIZER|AdsBuyNowURL
Vendor: PUP.Optional.383Media, Date: 2016/02/10 11:27:10, Type: File, Location: C:\Users\RonCam\AppData\Local\Temp\DRHelper_uninstallComplete.exe
Vendor: PUP.Optional.VideoPerformer, Date: 2016/02/10 11:27:10, Type: Registry Key, Location: HKU\S-1-5-21-1205331595-861584677-2982247311-1001\SOFTWARE\PERFORMERSOFT LLC\Video Performer
Vendor: PUP.Optional.StrongSignal, Date: 2016/02/10 11:27:10, Type: Registry Key, Location: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BA6EB888-8424-4C93-8E71-6050C714CFBE}
Vendor: PUP.Optional.StrongSignal, Date: 2016/02/10 11:27:10, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BA6EB888-8424-4C93-8E71-6050C714CFBE}
Vendor: PUP.Optional.SuperOptimizer, Date: 2016/02/10 11:27:10, Type: Registry Value, Location: HKU\S-1-5-21-1205331595-861584677-2982247311-1001\SOFTWARE\SUPER OPTIMIZER|SetupName
Vendor: PUP.Optional.StrongSignal, Date: 2016/02/10 11:27:10, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\INTERFACE\{BA6EB888-8424-4C93-8E71-6050C714CFBE}
Vendor: PUP.Optional.MultiPlug, Date: 2016/02/10 11:27:10, Type: Registry Key, Location: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{cae99edb}
Vendor: PUP.Optional.383Media, Date: 2016/02/10 11:27:10, Type: File, Location: C:\Users\RonCam\AppData\Local\Temp\DRHelper_installFinish.exe
Vendor: PUP.Optional.StrongSignal, Date: 2016/02/10 11:27:10, Type: Registry Key, Location: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{c723a437-2eaf-466d-a95b-3fa0966bf88c}
Vendor: PUP.Optional.SearchAlgo, Date: 2016/02/10 11:27:10, Type: Registry Value, Location: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs
Vendor: PUP.Optional.StrongSignal, Date: 2016/02/10 11:27:10, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{e806ac01-e7a5-4949-af7c-7e6e5775035b}
Vendor: PUP.Optional.SuperOptimizer, Date: 2016/02/10 11:27:10, Type: Registry Key, Location: HKU\S-1-5-21-1205331595-861584677-2982247311-1001\SOFTWARE\SUPER OPTIMIZER
Vendor: PUP.Optional.Yontoo, Date: 2016/02/10 11:27:10, Type: Registry Key, Location: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Vendor: PUP.Optional.PerformerSoft, Date: 2016/02/10 11:27:10, Type: File, Location: C:\Users\RonCam\Downloads\setup.exe
Vendor: PUP.Optional.StrongSignal, Date: 2016/02/10 11:27:10, Type: Registry Key, Location: HKU\S-1-5-21-1205331595-861584677-2982247311-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C723A437-2EAF-466D-A95B-3FA0966BF88C}
Vendor: PUP.Optional.383Media, Date: 2016/02/10 11:27:10, Type: File, Location: C:\Users\RonCam\AppData\Local\Temp\DRHelper_installStart.exe
Vendor: PUP.Optional.UpdateProc, Date: 2016/02/10 11:27:10, Type: File, Location: C:\Users\RonCam\AppData\Roaming\UpdaterEX\UpdateProc\prod.dat
Vendor: PUM.Optional.DisableChromeUpdates, Date: 2016/02/10 11:27:10, Type: Registry Key, Location: HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE
Vendor: PUP.Optional.StrongSignal, Date: 2016/02/10 11:27:10, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\TYPELIB\{e806ac01-e7a5-4949-af7c-7e6e5775035b}
Vendor: PUM.Optional.DisableChromeUpdates, Date: 2016/02/10 11:27:10, Type: Registry Value, Location: HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue
Vendor: PUM.Optional.DisableChromeUpdates, Date: 2016/02/10 11:27:10, Type: Registry Value, Location: HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue
Vendor: PUP.Optional.StrongSignal, Date: 2016/02/10 11:27:10, Type: Registry Key, Location: HKU\S-1-5-21-1205331595-861584677-2982247311-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C723A437-2EAF-466D-A95B-3FA0966BF88C}
Vendor: PUP.Optional.UpdateProc, Date: 2016/02/10 11:27:10, Type: File, Location: C:\Users\RonCam\AppData\Roaming\UpdaterEX\UpdateProc\config.dat
Vendor: PUP.Optional.ProductSetup, Date: 2016/02/10 11:27:10, Type: Registry Key, Location: HKU\S-1-5-21-1205331595-861584677-2982247311-1001\SOFTWARE\PRODUCTSETUP
Vendor: PUP.Optional.UpdateProc, Date: 2016/02/10 11:27:10, Type: Folder, Location: C:\Users\RonCam\AppData\Roaming\UpdaterEX\UpdateProc
Vendor: PUP.Optional.StrongSignal, Date: 2016/02/10 11:27:10, Type: Registry Key, Location: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{e806ac01-e7a5-4949-af7c-7e6e5775035b}
Vendor: PUP.Optional.Yontoo, Date: 2016/02/10 11:27:10, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
===============================================================
END OF FILE

 

# AdwCleaner v5.033 - Logfile created 10/02/2016 at 22:32:44
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : RonCam - RONCAM21DELL
# Running from : C:\Users\RonCam\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\DriverRestore
Folder Found : C:\ProgramData\60803d9800007da2
Folder Found : C:\ProgramData\{4cf3bf76-7889-204b-4cf3-3bf76788fdd9}
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Folder Found : C:\Windows\SysNative\Tasks\UpdaterEX

***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : UpdaterEX

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\b2caf5c5-0254-fb1a-0f9c-c822939002bb
Key Found : HKCU\Software\DriverRestore
Key Found : HKCU\Software\eSupport.com
Key Found : HKCU\Software\performersoft llc
Key Found : HKCU\Software\UpdaterEX
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX

***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1203 bytes] ##########


 



#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:15 AM

Posted 12 February 2016 - 10:48 AM

Malwarebytes only found potentially unwanted programs and a couple of potentially unwanted modifications which were quarantined and then removed when you restarted the computer.

 

Try running the ESET scan again after restarting the computer.  This scan can take a very long time, five or six hours to run this in not unheard of.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 ronno21

ronno21
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 12 February 2016 - 02:19 PM

Hi dc3,

 

I am having trouble trying to re-run the eset scan.

 

I couldn't get the second scan to run -  so I deleted it - then downloaded it again.

 

I saved to desktop - ran as Administrator.

 

After accepting terms - I started process.

 

I get a window - Cannot get update - Is proxy configured?

 

I ticked the box - Use custom proxy settings - nothing happened.

 

I then clicked 'çonfigure' (in blue type)

 

I get a box asking...

 

Proxy Address

 

Port

 

User Name

 

Password

 

I don't know what to fill in on the above details?

 

So download will not complete.

 

The first time I used Eset I had no problems - and I got through to the part

where you ticked the tasks required - and the scan ran - but as mentioned it seemed stuck at 22% scanned.

 

I was not asked for Proxy address etc first time I used it.

 

I must be doing something basically wrong - my apologies.

 

Please advise next steps.

 

Many thanks

 

Ronno21



#9 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:15 AM

Posted 13 February 2016 - 09:01 AM

What browser are you using?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#10 peterracine

peterracine

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 13 February 2016 - 08:14 PM

Hello ronno21, if you have time and you want to run farbar recovery scan tool (FRST) and post the results I would be happy to see if I can figure out what is going on with your computer.You can find it in Bleeping Computers downloads page. I was also wondering if you are using Firefox for your browser. I came across another thread which the user had issues with eset and they changed a Firefox proxy setting from use system proxy to no proxy and eset ran fine after that. Good luck.

#11 ronno21

ronno21
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 14 February 2016 - 12:27 AM

Hi dc3,

 

Browser is Firefox

 

Hi Peterracine,

 

Thanks for advice - and alternative scan(FRST)

 

I will try to find proxy settings on Firefox and see if I can get Eset scan to run as requested by dc3 in first instance.

 

Thanks for both your inputs

 

ronno21



#12 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:15 AM

Posted 14 February 2016 - 11:54 AM

Hello ronno21, if you have time and you want to run farbar recovery scan tool (FRST) 

FRST can not be run in the Am I Infected forum.  This can only be run in the Malware Removal Logs forum which is relegated to the members of the Malware Removal Team.

 

If you wish to read more about this you should read the Instructions for posting advice in the Am I Infected forum.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#13 ronno21

ronno21
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 14 February 2016 - 12:58 PM

Hi again,

 

I got the Eset scan to run - it is still scanning - 9 hrs + 57 Min

 

The problem was - that I had disabled Synantec Endpoint - and Windows Firewall - but I had overlooked

to disable Malwares - which I had just downloaded earlier to run the scan - sorry - basic stuff but I am not good with computers.

 

Once Malwares was also disabled - the download started OK

 

The Eset scan has been running now for 10+ hours - and scanned 608,000+ files - and is still going.

   

However, the bar is showing scanned just 44% - and hasn't moved off that amount in about 4 hours - so I hope it is doing it correctly.

 

I will just let it run till it stops.

 

There are 2 threats showing - both are JS/Kryptik Ad Trojan   

 

I will post the scan log when it is completed - probably some time tomorrow.

 

Best regards

 

ronno21   



#14 InsufficientFunds

InsufficientFunds

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Location, Location.
  • Local time:04:15 AM

Posted 14 February 2016 - 01:18 PM

Hi again,

 

I got the Eset scan to run - it is still scanning - 9 hrs + 57 Min

 

The problem was - that I had disabled Synantec Endpoint - and Windows Firewall - but I had overlooked

to disable Malwares - which I had just downloaded earlier to run the scan - sorry - basic stuff but I am not good with computers.

 

Once Malwares was also disabled - the download started OK

 

The Eset scan has been running now for 10+ hours - and scanned 608,000+ files - and is still going.

   

However, the bar is showing scanned just 44% - and hasn't moved off that amount in about 4 hours - so I hope it is doing it correctly.

 

I will just let it run till it stops.

 

There are 2 threats showing - both are JS/Kryptik Ad Trojan   

 

I will post the scan log when it is completed - probably some time tomorrow.

 

Best regards

 

ronno21   

 

Hi ronno21,

 

I have looked over your logs you posted as scan results and it seems that you do have malware infections on your system.

 

After the ESET Online Scanner completes itself, please do make sure to remove all infected and found files. Once you have completed this, I highly advise you to post within the http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/ and read all the pinned topics, here they can perform extra security measures to ensure your computer's infection free.

 

If the symptoms do not show any longer, slowness and advertising, I still advise you to post there. Why? The Kyptik trojan you have is usually bundled through other malware, which may return in the future if improperly handled.

 

If you have any questions or concerns, do reply back.


Edited by InsufficientFunds, 14 February 2016 - 01:20 PM.

HP Pavilion dv6t-7k Custom Windows 7 Professional x64 iPhone 6, iOS 9.2 (awaiting jailbreak) 

 

Cyber Security Instructor in Linux, Cisco Networking Academy and  Windows (XP thru 10, Servers)

 

I try to make my tomorrow better than yesterday.


#15 ronno21

ronno21
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 15 February 2016 - 04:23 PM

Hi DC3 (also Insuficient Funds)

 

Below is the log from the Eset scan.

 

I am not sure this scan completed successfully.

 

The scan ran for 20 hours 57 minutes - then I stopped it.

 

The scan bar stayed stuck on 44% scanned - it would not budge - and seemed to be in the same directory it was scanning

 

Scanned files showed 1,490,487(I don't know if I have that many files - so I suspect it was stuck or looping - I have no idea).

 

Some forums I looked at on Eset talked about scans being 'long' at 3.5 hours - so I could not see the point of continuing at 20+ hours - stuck on 44%.

 

Here is the log - would appreciate advice as to what to do next - e.g. go to Virus forum as suggested by InsufficientFunds?

 

Many thanks

 

ronno21

 

C:\Users\RonCam\AppData\Local\Mozilla\Firefox\Profiles\ar01k5kc.default-1427748092068\cache2\entries\00FD7A5E0CAA740E5810A300282E631DF4048B5F    JS/Kryptik.AD trojan
C:\Users\RonCam\AppData\Local\Mozilla\Firefox\Profiles\ar01k5kc.default-1427748092068\cache2\entries\37051EE3EDA6DA0A1E5988CC85CCD45DE2449526    JS/Kryptik.AD trojan
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users