Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloaded a virus,now my computer has poor internet connection and runs slow.


  • Please log in to reply
14 replies to this topic

#1 rih23

rih23

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 08 June 2016 - 05:57 AM

Not long ago i downloaded a virus it was an .exe file masked as a setup.At the start it installed YesSearches and Thats all i found.I downloaded malwarebytes it didnt find anything,also tried Spyhunter 4 it showed 4000 infections by YesShearches.I couldn't remove them cause Spyunter isn't a free program.
About 4 days later now my PC runs and starts up slow.Also when i try to use google chrome or mozila the internet is very slow.When i go on to the internet with my tablet it works fine.
I am running Windows 7 Home Premium
I have got 8gb of RAM
I would like to know if i can remove this Infection.

Edited by Queen-Evie, 08 June 2016 - 07:15 AM.
moved from Windows 7 to Am I Infected


BC AdBot (Login to Remove)

 


#2 TinoNgombo

TinoNgombo

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Luanda, Angola
  • Local time:07:15 AM

Posted 08 June 2016 - 07:03 AM

Greetings.

​Are there any restore points saved on your computer, in order to revert to a previous state, before the infection?



#3 rih23

rih23
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 08 June 2016 - 07:10 AM

Not really i tried restoring to the 5th of june which is the oldest one but the problem started at the start of the summer.



#4 TinoNgombo

TinoNgombo

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Luanda, Angola
  • Local time:07:15 AM

Posted 08 June 2016 - 07:30 AM

Ok. Try to use ''adwcleaner''. It's a malware removal software and I believe it's also available for download here at Bleeping Computer.



#5 rih23

rih23
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 08 June 2016 - 07:46 AM

Ok,i cleaned with adwcleaner.Here is a Log file of what it found and deleted.

 

# AdwCleaner v5.119 - Logfile created 08/06/2016 at 15:38:44
# Updated 30/05/2016 by Xplode
# Database : 2016-06-07.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Blekus - BLEKUS-PC
# Running from : C:\Users\Blekus\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : Browser Updater Task(Core)
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\hdcode
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [5911 bytes] - [27/05/2016 19:57:38]
C:\AdwCleaner\AdwCleaner[C2].txt - [1075 bytes] - [08/06/2016 15:38:44]
C:\AdwCleaner\AdwCleaner[S1].txt - [6083 bytes] - [27/05/2016 19:55:18]
C:\AdwCleaner\AdwCleaner[S2].txt - [1187 bytes] - [08/06/2016 15:36:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1294 bytes] ##########
 


#6 rih23

rih23
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 08 June 2016 - 07:51 AM

I forgot to mention that google asks me for a captcha.It's detecting unusual traffic.

 



#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,675 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:15 PM

Posted 08 June 2016 - 10:05 AM

Please download Malwarebytes Anti-Malware
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  
 
mbam1_zps98e7fba9.png
 
3)  Click on Settings, you will see a image like the one below.
 
malware%20settings_zpsixkea5sd.png
 
When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.
 
4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.
 
5)  When the scan is complete the results will be displayed.  Click on Delete All.
 
malwarenew_zps34b58fdc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the log in your topic.
 
 

 
Please run TDSSKiller.
 
Please download TDSSKiller from here and save it to your Desktop.
 
The log for the TDSSKiller can be very long.  If you go to the bottom of the log to where you find Scan finished you will see the results of the scan.  If it shows Detected object count: 0 and Actual detected object count: 0, this means that nothing malicious was found and you will not need to post the log.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
tdss1_zps90132559.png
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
tdsskillermultiple_zps472c18eb.png
 
3.  Click Start Scan and allow the scan process to run.
 
tdss4_zps6792a13c.png
 
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!
 
Click on Continue.
 
tdss5_zps98fc5887.png
 
5.  Click on Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.
 
Note:  The log may be very long.  You may need to break it into parts to post the whole log.
 
Post this in your topic.



Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
    here
    .
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by dc3, 08 June 2016 - 10:08 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 rih23

rih23
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 13 June 2016 - 05:03 AM

Sorry for being late i was away from home.

I lost my Malwarebytes log,but i rember it found 2 threats.

TDSS killer didn't find anything

 

And here's the ESET log:

C:\Users\Blekus\AppData\Local\Temp\qqpcmgr_v11.5.17490.219_45525_Silence.exe.td a variant of Win32/Tencent.A potentially unwanted application cleaned by deleting
C:\Users\Blekus\AppData\Local\Temp\HYDF368.tmp.1462709200\HTA\install.1462709200.zip a variant of Win32/OpenCandy.A potentially unsafe application deleted


#9 rih23

rih23
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 13 June 2016 - 05:08 AM

i think i found the log but it's too long to post (the Malwarebytes log)



#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,675 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:15 PM

Posted 13 June 2016 - 08:49 AM

In step 6 I requested that you post the Malwarebtes log in your topic.  I also directed you to download the mbam-check.exe to your desktop and then click on it to open the log.  Did you do this?

 

I have yet to see a Malwarebytes log too large to to be posted here.  But I guess there is always first time.  If this is the case you can break the log into two parts and post these separately.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 rih23

rih23
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 13 June 2016 - 09:10 AM

mbam-check result log version:     2.3.2.0
========================================
 
User Account type:                 Administrator
DomainComputer:                    No
OS:                                Windows 7 Service Pack 1 Service Pack 1 64 bit Operating System
Current Version and Build:         6.1.7601 
Malwarebytes Anti-Malware:         2.2.1.1043
Installed On:                      2016/06/08
Malware Database:                  2016.06.13.01
Rootkit Database:                  2016.05.27.01
Remediation Database:              2016.05.25.01
IP Database:                       2016.06.12.02
Domain Database:                   2016.06.12.06
License:                           Trial
Malware Protection:                4 (The service is running.)
Malicious Website Protection:      4 (The service is running.)
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2016/06/13 11:20:06
 
User Information for Local System:
===========================================
User Account: Administrator
Account Level: Admin
User Account: Blekus
Account Level: Admin
User Account: Guest
Account Level: Guest
User Account: HomeGroupUser$
Account Level: Guest
Total # of user entries: 4
 
UAC Settings:
===================
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
DWORD 0 Status: OFF
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
DWORD 0 Status: OFF
 
AntiVirus Information:
===================
AntiVirus Software Installed: "AVG Internet Security"
 
FireWall Information:
===================
NO 3rd Party Firewall Software Installed
 
AntiSpyware Information:
===================
AntiSpyware Software Installed: "Windows Defender"
AntiSpyware Software Installed: "AVG Internet Security"
 
Machine Information
===============================================
Machine ID: fbac01e813bedab5b9466ded0ffe5f31b2d7932f
Installation Token: -kTEsaKbmUPKr3-Fw4L51464734378
System has been up for: 0.805278 Hours
System has been booted within the last hour
Current Date: 2016-Jun-13 08:20:08.497528
Date Booted: 2016-Jun-13 08:20:08.497528
 
Detection and Protection Settings
===============================================
Use Advanced Heuristics Engine (Shuriken):            true
Scan for rootkits:                                    false
Scan within archives:                                 true
PUP (Potentially Unwanted Program) detections:        Treat Detections as Malware
PUM (Potentially Unwanted Modification) detections:   Treat Detections as Malware
 
Compatibility Flag Settings:
=================================
 
 
 
 
 
Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:
 
MBAM Startup Entries: 
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
 
Malwarebytes Anti-Malware Service and Driver Status:
=======================================================
 
--------------Driver File Info:--------------
C:\Windows\system32\drivers\mbam.sys
File Size:     27008 BYTES FileVersion: 0.1.16.0 MD5: [78bff5425e044086e74e78650a359fbb]
C:\Windows\system32\drivers\mwac.sys
File Size:     64896 BYTES FileVersion: 1.0.6.0 MD5: [452acb7a9914398d9e18cccffcf92208]
C:\Windows\system32\drivers\mbamswissarmy.sys
File Size:    192216 BYTES FileVersion: 0.3.0.4 MD5: [78488af2ab2111d67b3c4044707a519b]
C:\Windows\system32\drivers\mbamchameleon.sys
File Size:    140672 BYTES FileVersion: 1.1.22.0 MD5: [1239597bab7eed2bb16d035af87e65d9]
 
--------------MBAMProtector:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
--------------MBAMService:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
--------------MBAMScheduler:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMWebAccessControl:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
Required Dependencies:
======================
 
--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
DisplayName                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1001
Group                         REG_SZ NetworkProvider
ImagePath                     REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Description                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1002
ObjectName                    REG_SZ NT AUTHORITY\LocalService
ErrorControl                  REG_DWORD 1
Start                         REG_DWORD 2
Type                          REG_DWORD 32
DependOnService               REG_MULTI_SZ RpcSs
 
ServiceSidType                REG_DWORD 3
RequiredPrivileges            REG_MULTI_SZ SeAuditPrivilege
 
FailureActions                REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
ServiceDll                    REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
ServiceDllUnloadOnStop        REG_DWORD 1
ServiceMain                   REG_SZ BfeServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data
 
{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data
 
{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data
 
{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data
 
{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data
 
{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data
 
{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data
 
{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data
 
{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data
 
{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data
 
{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data
 
{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data
 
{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data
 
{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout
{39a601ca-e62e-4af0-9147-1f1abed2430d}REG_BINARY Binary Data
 
{7e1e0ec6-eb08-46fc-9c5b-24059680de00}REG_BINARY Binary Data
 
{4060ea52-e11a-49f4-9b52-f58b00cc41ef}REG_BINARY Binary Data
 
{acc52d54-5e2d-4379-8910-f7393816aae6}REG_BINARY Binary Data
 
{b082741f-324a-4fa8-ade7-93c97481b025}REG_BINARY Binary Data
 
{eda330a1-4a26-4550-844f-315c68d05fc1}REG_BINARY Binary Data
 
{ab1861a4-9ba7-4a49-819c-d1f3066190cb}REG_BINARY Binary Data
 
{f016cf0e-f210-4947-a17a-8613d0c45acc}REG_BINARY Binary Data
 
{69029c39-dfac-4768-bdc1-dbef041d7228}REG_BINARY Binary Data
 
{58bb3d6b-32bb-4e7d-9087-5f9d1d72152f}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data
 
{f444c576-6e60-4ea2-9faa-80d57ed12cd2}REG_BINARY Binary Data
 
{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data
 
{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data
 
{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data
 
{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data
 
{4d9581d2-aef8-4993-84cd-b986ced80d42}REG_BINARY Binary Data
 
{be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}REG_BINARY Binary Data
 
{716b48eb-0a35-4a76-92ab-1d987230d288}REG_BINARY Binary Data
 
{1165065e-4996-4338-abaf-4b8556b4d431}REG_BINARY Binary Data
 
{07a24961-a760-4e80-b263-6d275e1b09cb}REG_BINARY Binary Data
 
{5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}REG_BINARY Binary Data
 
{b6b2ca61-fb98-4422-adc2-e7cf56b3680c}REG_BINARY Binary Data
 
{0aa7fff8-919f-453c-928c-28a12122ba38}REG_BINARY Binary Data
 
{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data
 
{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data
 
{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data
 
{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data
 
{91ffecf0-0a9e-4572-95f1-a7111af86967}REG_BINARY Binary Data
 
{64e55933-15a5-495d-a928-ccca43d44875}REG_BINARY Binary Data
 
{13bfd422-6f75-4408-8924-9400ec0cb19c}REG_BINARY Binary Data
 
{cbfb56db-3c85-4543-9bc2-76ea28cdd74e}REG_BINARY Binary Data
 
{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data
 
{375fb39b-08c6-40f2-bdf2-08fa63f970a2}REG_BINARY Binary Data
 
{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data
 
{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data
 
{b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY Binary Data
 
{3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY Binary Data
 
{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data
 
{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data
 
{b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY Binary Data
 
{d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY Binary Data
 
{8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY Binary Data
 
{4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY Binary Data
 
{3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY Binary Data
 
{17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY Binary Data
 
{567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY Binary Data
 
{4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY Binary Data
 
{3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY Binary Data
 
{a9bdb705-06d9-4978-ba91-884127762079}REG_BINARY Binary Data
 
{68806cd2-dc1a-4ebf-8d5f-f66f3b5a188e}REG_BINARY Binary Data
 
{c61756ee-5b8a-464c-94e3-7976cf0f0797}REG_BINARY Binary Data
 
{986dd3dd-f49a-4eef-8ce4-2b5e8c9faeea}REG_BINARY Binary Data
 
{9568ff84-e876-47ac-a430-007f7d5510bb}REG_BINARY Binary Data
 
{4ef12e77-6726-45be-b14c-14f704e4324b}REG_BINARY Binary Data
 
{f7b17b5c-512d-45af-bb29-be9afef8268a}REG_BINARY Binary Data
 
{f30dd197-583e-4891-8360-5da90c0e880a}REG_BINARY Binary Data
 
{c692efa4-c1c6-4147-b39e-788b097adb6d}REG_BINARY Binary Data
 
{016a59fe-edfe-4015-9f24-c585a8a17e2e}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data
 
{4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data
 
{1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data
 
{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data
 
{34bb4b10-3ece-4c99-a209-e506533c03c0}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
{b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data
 
{9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data
 
--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
AttachWhenLoaded              REG_DWORD 1
DisplayName                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
Group                         REG_SZ FSFilter Infrastructure
ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys
Description                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
ErrorControl                  REG_DWORD 3
Start                         REG_DWORD 0
Tag                           REG_DWORD 1
Type                          REG_DWORD 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
0                             REG_SZ Root\LEGACY_FLTMGR\0000
Count                         REG_DWORD 1
NextInstance                  REG_DWORD 1
 
 
C:\Windows\system32\drivers\fltmgr.sys
File Size: 289664    BYTES FileVersion: 6.1.7601.17514 MD5: [da6b67270fd9db3697b20fce94950741]
C:\Windows\SysWOW64\olepro32.dll
File Size: 90112     BYTES FileVersion: 6.1.7601.17514 MD5: [703ffd301ab900b047337c5d40fd6f96]
 
 
MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced: 
    AutomaticQuarantine:                                       true 
    AutostartProtection:                                       false 
    LimitedMode:                                               false 
    StartSilentMode:                                           false 
    StartupDelay:                                              -15 
ApplicationState: 
    First-Run-After-Installation:                              false 
General: 
    DaysUntilNotifyExpiration:                                 5 
    Language:                                                  en 
    RightClickAccess:                                          true 
    SilentErrors:                                              false 
Logging: 
    ExportLog:                                                 true 
Marketing: 
    LastPostScanMarketingIndex:                                5 
Notification: 
ProtectionTray: 
    DisplayMilliseconds:                                       3000 
ScanHistory: 
    Duration_Complete:                                         88305 
    Duration_Driver:                                           10256 
    Duration_Filesystem:                                       223 
    Duration_Heuristics:                                       1056203 
    Duration_Loading:                                          0 
    Duration_MasterBootRecord:                                 69 
    Duration_Memory:                                           40000 
    Duration_PreScan:                                          19664 
    Duration_Registry:                                         14621 
    Duration_Sector:                                           0 
    Duration_Startup:                                          10497 
    ItemCount_Complete:                                        234304 
    ItemCount_Driver:                                          -20202 
    ItemCount_Filesystem:                                      59981 
    ItemCount_Heuristics:                                      16239 
    ItemCount_Loading:                                         0 
    ItemCount_MasterBootRecord:                                2 
    ItemCount_Memory:                                          2797 
    ItemCount_PreScan:                                         0 
    ItemCount_Registry:                                        546 
    ItemCount_Sector:                                          0 
    ItemCount_Startup:                                         1379 
    LastRemovalRequiredDOR:                                    false 
    LastScanDateEpoch:                                         1465805587224 
    LastScanType:                                              1 (Threat Scan)
    QuarantineCompletedCount:                                  27 
Update: 
    LastUpdate:                                                2016-06-13T08:13:06 
    NotifyInstallReady:                                        true 
    NotifyOutdatedDatabase:                                    7 
    ProxyPassword:                                              
    ProxyPort:                                                 0 
    ProxyServer:                                                
    ProxyUsername:                                              
    UseProxy:                                                  false 
    UseProxyAuthentication:                                    false 
    CheckProgramUpdates:         true
--------------Account:--------------
  Account Status:                                              Trial 
  Expiration Time:                                             2016/06/14 22:39:39 
  Activation Time:                                             2016/06/01 01:39:37 
  Trial Used:                                                  true 
--------------Access Policies:--------------
 
Scheduler Queue:
================
 
tasks: 
    2267facc-36fa-4955-92d1-0e0d49125fa4:                       
      parameters:                                               
        NotifyWhenUpdateCompletes:                             false 
        ProcessLaunchedFromScheduler:                          true 
        TaskType:                                              3 
      triggers:                                                 
        7e2afcaf-23a5-47f4-9537-45a353fa5d13:                   
          dateinterval:                                        0:0:0 (Days:Months:Years) 
          lastscheduled:                                       Mon, 13 Jun 2016 10:21:39.962167 +0300 
          lasttriggered:                                       Thu, 09 Jun 2016 13:28:07.011618 +0300 
          nextscheduled:                                       Mon, 13 Jun 2016 11:21:39.962167 +0300 
          recovery:                                            00:00:00 (Hours:Minutes:Seconds) 
          start:                                               Wed, 01 Jun 2016 02:21:39.962167 +0300 
          timeinterval:                                        01:00:00 (Hours:Minutes:Seconds) 
          type:                                                Hourly 
          uuid:                                                7e2afcaf-23a5-47f4-9537-45a353fa5d13 
      type:                                                    update 
      uuid:                                                    2267facc-36fa-4955-92d1-0e0d49125fa4 
    fbb9fca8-47a2-4aa8-972e-f9b587751a3b:                       
      parameters:                                               
        AutoDelete:                                            false 
        CheckForUpdatesBeforeScanStart:                        true 
        ProcessLaunchedFromScheduler:                          true 
        ScanConfig:                                             
          ExportLog:                                           true 
          FileSystemOption:                                    true 
          Quarantine:                                          Prompt 
          RebootSystemWhenMalwareDetected:                     false 
          ScanArchives:                                        true 
          ScanExtra:                                           true 
          ScanHeuristic:                                       true 
          ScanMemoryObjects:                                   true 
          ScanPUM:                                             Treat Detections as Malware 
          ScanPUP:                                             Treat Detections as Malware 
          ScanRegistry:                                        true 
          ScanRootkits:                                        false 
          ScanSource:                                          1 
          ScanStartup:                                         true 
          ScanTargets:                                          
          ScanType:                                            1 (Threat Scan)
          Silent:                                              true 
        StartTaskFromSystemAccount:                            false 
        TaskType:                                              0 
      triggers:                                                 
        ba8c454d-2475-43e9-844f-22759b024ca5:                   
          dateinterval:                                        1:0:0 (Days:Months:Years) 
          lastscheduled:                                       Mon, 13 Jun 2016 11:12:24.030107 +0300 
          lasttriggered:                                       Mon, 13 Jun 2016 11:12:24.030107 +0300 
          nextscheduled:                                       Tue, 14 Jun 2016 02:04:28 +0300 
          recovery:                                            23:00:00 (Hours:Minutes:Seconds) 
          start:                                               Thu, 02 Jun 2016 02:19:00 +0300 
          timeinterval:                                        00:00:00 (Hours:Minutes:Seconds) 
          type:                                                Daily 
          uuid:                                                ba8c454d-2475-43e9-844f-22759b024ca5 
      type:                                                    scan 
      uuid:                                                    fbb9fca8-47a2-4aa8-972e-f9b587751a3b

Pending File Rename Operations: 
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
 
MBAMProtector Registry Values:
==============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
Type                          REG_DWORD 2
Start                         REG_DWORD 3
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ \??\C:\Windows\system32\drivers\mbam.sys
Group                         REG_SZ FSFilter Anti-Virus
DependOnService               REG_MULTI_SZ FltMgr
 
WOW64                         REG_DWORD 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
DefaultInstance               REG_SZ MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
Altitude                      REG_SZ 328800
Flags                         REG_DWORD 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters
PassThruFile                  REG_SZ mbampt.exe
ProductPath                   REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum
0                             REG_SZ Root\LEGACY_MBAMPROTECTOR\0000
Count                         REG_DWORD 1
NextInstance                  REG_DWORD 1
 
MBAMService Registry Values:
============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
Type                          REG_DWORD 16
Start                         REG_DWORD 2
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
DependOnService               REG_MULTI_SZ MBAMProtector
 
WOW64                         REG_DWORD 1
ObjectName                    REG_SZ LocalSystem
Description                   REG_SZ Malwarebytes Anti-Malware service
DelayedAutostart              REG_DWORD 0
 
MBAMScheduler Registry Values:
==============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler
Type                          REG_DWORD 16
Start                         REG_DWORD 2
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
WOW64                         REG_DWORD 1
ObjectName                    REG_SZ LocalSystem
Description                   REG_SZ Malwarebytes Anti-Malware scheduler
 
Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================
 
--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
TermService Start is set to: 3 (Manual Startup)
 
Proxy Status: No proxy is Set
 
LAN Settings:
=============
 
only 'Automatically detect settings' is selected
 
SystemPartition:
================
 
HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SystemPartition REG_SZ \Device\HarddiskVolume1
 
Balloon Tips Status:
====================
 
Enabled
 
Time Format Settings:
=====================
 
Should be:
h:mm:ss tt
AM 
PM 
:
 
Currently:
REG_SZ H:mm:ss
REG_SZ
REG_SZ
REG_SZ
 
Language and Regional Settings:
===============================
 
ACP: 1257 Please refer to this link for details: Here 
MACCP: 10029 Please refer to this link for details: Here 
OEMCP: 775 Please refer to this link for details: Here 
 
Startup Folders for Error_Expanding_Variables Check:
====================================================
 
All Users Startup Folder Exists.
Current User's Startup Folder Exists.
 
 
Context Menu Entries:
=====================
 
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
(Default):                    REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
(Default):                    REG_SZ MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
(Default):                    REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 
 
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
(Default):                    REG_SZ IMBAMShlExt
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
(Default):                    REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
(Default):                    REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
Version                       REG_SZ 1.0
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
(Default):                    REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
ThreadingModel                REG_SZ Apartment
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
(Default):                    REG_SZ MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
(Default):                    REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
(Default):                    REG_SZ MBAMExt.MBAMShlExt
 
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
(Default):                    REG_SZ MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
(Default):                    REG_SZ 0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
(Default):                    REG_SZ MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
(Default):                    REG_SZ 0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware
 
 
List of MBAM Related Directories:
=================================
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll                                   File Size: 922080    BYTES FileVersion:  9.20.0.0       MD5: [14079a2411fa2bb7f78bc100c92bbcc2]
changes.txt                             File Size: 1596      BYTES FileVersion:  N/A            MD5: [09371a0c8bd9e9554571da257d554d3e]
cloud-enumeration.dll                   File Size: 287200    BYTES FileVersion:  1.0.1.0        MD5: [84ac20b9327dbd4d94039be93384dad5]
cloud.dll                               File Size: 352736    BYTES FileVersion:  1.0.1.0        MD5: [5659790448fb136a80be407c4a0dbb50]
license.conf                             File Size: 3118      BYTES FileVersion:  N/A            MD5: [19c5dfcff735de7dc93e885a21ede0d5]
license.rtf                             File Size: 38870     BYTES FileVersion:  N/A            MD5: [ed36ea764c3a452334416713c8cf1eed]
master.conf                             File Size: 1258      BYTES FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                 File Size: 609760    BYTES FileVersion:  1.0.40.0       MD5: [c4a51c1cb174066fdaf383c09f0d574b]
mbam.exe                                 File Size: 9926112   BYTES FileVersion:  2.3.173.0      MD5: [8e98e3ec16d2641005b4748cd330fb45]
mbamcore.dll                             File Size: 2127840   BYTES FileVersion:  1.3.24.0       MD5: [63ce66ef2b30a09308eafe29baec6a75]
mbamdor.exe                             File Size: 55264     BYTES FileVersion:  1.0.2.0        MD5: [297c1bdcc26adb339d4c0f0550e434d6]
mbamext.dll                             File Size: 431072    BYTES FileVersion:  3.1.1.0        MD5: [67a6ec1735c77c2623b49cc1f284c8a0]
mbampt.exe                               File Size: 40928     BYTES FileVersion:  1.0.57.0       MD5: [04d0b942b0ad4a5d2eee45d9b7d6545b]
mbamresearch.exe                         File Size: 1949152   BYTES FileVersion:  1.1.1.0        MD5: [e601f9ca6a72493bc8185bedda17eee8]
mbamscheduler.exe                       File Size: 1514464   BYTES FileVersion:  3.1.7.0        MD5: [9611577752e293259c7dce19e9026362]
mbamservice.exe                         File Size: 1136608   BYTES FileVersion:  3.2.21.0       MD5: [f1a89a34388b5626f1548d393b23ecb1]
mbamsrv.dll                             File Size: 3863008   BYTES FileVersion:  2.1.10.0       MD5: [a33629c51295570fe9f252a39ddcea93]
msvcp100.dll                             File Size: 422880    BYTES FileVersion:  10.0.40219.325 MD5: [53a5f1b984f585997968cd0dfb27400c]
msvcr100.dll                             File Size: 775648    BYTES FileVersion:  10.0.40219.325 MD5: [dc0213118e61e5ca865092109860792c]
Qt5Core.dll                             File Size: 4646880   BYTES FileVersion:  5.4.1.0        MD5: [91c7c50b2a290b82604163b5a679ea24]
Qt5Gui.dll                               File Size: 4640224   BYTES FileVersion:  5.4.1.0        MD5: [1d59b3e632aef8e24cc1707fd411113b]
Qt5Network.dll                           File Size: 673248    BYTES FileVersion:  5.4.1.0        MD5: [e089635a8cbed229ec30cdbe29748c08]
Qt5Widgets.dll                           File Size: 4474848   BYTES FileVersion:  5.4.1.0        MD5: [33881dda0ccc3898facadf1e4d1df237]
unins000.dat                             File Size: 37369     BYTES FileVersion:  N/A            MD5: [53fef6df6462be6195a569c51b8b704e]
unins000.exe                             File Size: 720085    BYTES FileVersion:  51.52.0.0      MD5: [f1505d347325c77e3eeef418495e1f57]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                           File Size: 235882    BYTES FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                             File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.exe                             File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.pif                             File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.scr                             File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
iexplore.exe                             File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.com                       File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.exe                       File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.pif                       File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.scr                       File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-killer.exe                         File Size: 1504736   BYTES FileVersion:  3.0.15.0       MD5: [b79d3c2fca170c4dd15d7316067a1fd3]
rundll32.exe                             File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
svchost.exe                             File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
windows.exe                             File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
winlogon.exe                             File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
qgif.dll                                 File Size: 29664     BYTES FileVersion:  5.4.1.0        MD5: [0b528e4c9bbd9efdea9bc8ac6a967d6d]
qico.dll                                 File Size: 29664     BYTES FileVersion:  5.4.1.0        MD5: [7b36d94db81b8b0dfd9323228dd96b51]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_ar.qm                               File Size: 87404     BYTES FileVersion:  N/A            MD5: [269d3107ca72a75fe154ce4ff718af50]
lang_bg.qm                               File Size: 133911    BYTES FileVersion:  N/A            MD5: [376ad1e4ad206bc32da09b12b564ecc4]
lang_ca.qm                               File Size: 92634     BYTES FileVersion:  N/A            MD5: [2d35f58b0c2db44ad2717f4a4526a085]
lang_cs.qm                               File Size: 105193    BYTES FileVersion:  N/A            MD5: [2c191de828d5e05fd7afa27ee1245023]
lang_da.qm                               File Size: 88039     BYTES FileVersion:  N/A            MD5: [f8a4941d5d388160d252832a77ab584f]
lang_de.qm                               File Size: 139276    BYTES FileVersion:  N/A            MD5: [b55f37281f0fcadfae67aecf0bf4cca5]
lang_el.qm                               File Size: 126897    BYTES FileVersion:  N/A            MD5: [bd671253e071bac626beea63393abcda]
lang_en.qm                               File Size: 3081      BYTES FileVersion:  N/A            MD5: [e2790b3cd9fdd9d3e266e9623fe477af]
lang_es.qm                               File Size: 138468    BYTES FileVersion:  N/A            MD5: [cc4f3aab63d933d5964e2bba62df4277]
lang_et.qm                               File Size: 107794    BYTES FileVersion:  N/A            MD5: [aa4845cd64b20377cea0ebc66eed4a42]
lang_fi.qm                               File Size: 130793    BYTES FileVersion:  N/A            MD5: [00653d1fb2f790817aef991025c176aa]
lang_fr.qm                               File Size: 141996    BYTES FileVersion:  N/A            MD5: [e06db8ef6b826b75ec5859913651ed44]
lang_he.qm                               File Size: 98928     BYTES FileVersion:  N/A            MD5: [2954e902664f2e129f8a8d8238e90552]
lang_hu.qm                               File Size: 132359    BYTES FileVersion:  N/A            MD5: [6bf3b8c78fd393ef2811a19742518b9a]
lang_id.qm                               File Size: 129135    BYTES FileVersion:  N/A            MD5: [6be058072a90897595c6f097a3caa797]
lang_it.qm                               File Size: 134154    BYTES FileVersion:  N/A            MD5: [183990148beec433023688db65a7bf2e]
lang_ja.qm                               File Size: 73762     BYTES FileVersion:  N/A            MD5: [f6bfd643cb92fa760ae6ec64344ee7e1]
lang_ko.qm                               File Size: 85731     BYTES FileVersion:  N/A            MD5: [53b5a94eb309d69993a5bc3cd43a85e4]
lang_lt.qm                               File Size: 90799     BYTES FileVersion:  N/A            MD5: [eecd8edca1fb068ad3bd88aa711bdae2]
lang_lv.qm                               File Size: 90659     BYTES FileVersion:  N/A            MD5: [683950904e725821740217824df440ff]
lang_nl.qm                               File Size: 133514    BYTES FileVersion:  N/A            MD5: [442a6cf7e07e6f676d8b5ae41637549c]
lang_no.qm                               File Size: 129833    BYTES FileVersion:  N/A            MD5: [8949e21e367e5a32ca9f36d8d22c9771]
lang_pl.qm                               File Size: 133827    BYTES FileVersion:  N/A            MD5: [48379f4ac164adfc8d448bf53c8e2df8]
lang_pt_BR.qm                           File Size: 136918    BYTES FileVersion:  N/A            MD5: [b1ea2002cf5362b24ca0a026f448e3f1]
lang_pt_PT.qm                           File Size: 136982    BYTES FileVersion:  N/A            MD5: [5e23b66cb6d8d9894b991cc8f33658af]
lang_ro.qm                               File Size: 90458     BYTES FileVersion:  N/A            MD5: [bcf524020255c4f7a6fdbae8df2bfe81]
lang_ru.qm                               File Size: 137874    BYTES FileVersion:  N/A            MD5: [5e28394fbd12f21301e2b7e1a9dbac94]
lang_sk.qm                               File Size: 131080    BYTES FileVersion:  N/A            MD5: [68e0e95e7131d101188a57e3a413dee5]
lang_sl.qm                               File Size: 107631    BYTES FileVersion:  N/A            MD5: [83755001a3f1bd527d0b4b7a77d0b37d]
lang_sv.qm                               File Size: 129135    BYTES FileVersion:  N/A            MD5: [b3c38242beb63f895fabcc14bbc6807a]
lang_tr.qm                               File Size: 88838     BYTES FileVersion:  N/A            MD5: [1e4a3c0dcd7074ad4a3971ce67762cda]
lang_vi.qm                               File Size: 133386    BYTES FileVersion:  N/A            MD5: [586de19c023986bf884ad56fc29c8f5e]
lang_zh_TW.qm                           File Size: 87797     BYTES FileVersion:  N/A            MD5: [e120a014cf077bdcbcdcbf98c3438188]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\platforms
qwindows.dll                             File Size: 929760    BYTES FileVersion:  5.4.1.0        MD5: [6c54d2ebeaacbe9b56816536041c8281]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                           File Size: 823776    BYTES FileVersion:  1.4.0.1001     MD5: [bbfc25590af3e45d8cca1fab95648b40]
 
C:\Users\Blekus\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                             File Size: 8123      BYTES FileVersion:  N/A            MD5: [40b607f02e52755e5cbee4bed846db9a]
akadomains.ref                           File Size: 92        BYTES FileVersion:  N/A            MD5: [73d5774cbd8df165274a0691ae264808]
akaips.ref                               File Size: 92        BYTES FileVersion:  N/A            MD5: [2a6869d1f91f0a0b87b1d27bd30ccc5c]
domains.ref                             File Size: 622517    BYTES FileVersion:  N/A            MD5: [f0f476519a54bd7c644a4ac6384c49d6]
exclusions.dat                           File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref                                 File Size: 134102    BYTES FileVersion:  N/A            MD5: [c47a6252cca0df31402e476d5c1a2d90]
rules.ref                               File Size: 9495845   BYTES FileVersion:  N/A            MD5: [fc509ac7f295e4871d94fb33d8621b6d]
S-1-5-18-0-ntuser.dat                   S-1-5-18-0-ntuser.dat.LOG1              S-1-5-18-0-ntuser.dat.LOG2              S-1-5-18-0-ntuser.dat{e5ef6635-3138-11e6-81aa-8c89a565447f}.TM.blfS-1-5-18-0-ntuser.dat{e5ef6635-3138-11e6-81aa-8c89a565447f}.TMContainer00000000000000000001.regtrans-msS-1-5-18-0-ntuser.dat{e5ef6635-3138-11e6-81aa-8c89a565447f}.TMContainer00000000000000000002.regtrans-msS-1-5-19-0-ntuser.dat                   S-1-5-19-0-ntuser.dat.LOG1              S-1-5-19-0-ntuser.dat.LOG2              S-1-5-19-0-ntuser.dat{e5ef663b-3138-11e6-81aa-8c89a565447f}.TM.blfS-1-5-19-0-ntuser.dat{e5ef663b-3138-11e6-81aa-8c89a565447f}.TMContainer00000000000000000001.regtrans-msS-1-5-19-0-ntuser.dat{e5ef663b-3138-11e6-81aa-8c89a565447f}.TMContainer00000000000000000002.regtrans-msS-1-5-20-0-ntuser.dat                   S-1-5-20-0-ntuser.dat.LOG1              S-1-5-20-0-ntuser.dat.LOG2              S-1-5-20-0-ntuser.dat{e5ef6641-3138-11e6-81aa-8c89a565447f}.TM.blfS-1-5-20-0-ntuser.dat{e5ef6641-3138-11e6-81aa-8c89a565447f}.TMContainer00000000000000000001.regtrans-msS-1-5-20-0-ntuser.dat{e5ef6641-3138-11e6-81aa-8c89a565447f}.TMContainer00000000000000000002.regtrans-msS-1-5-21-2593232439-704201975-2027473013-1001-0-ntuser.datS-1-5-21-2593232439-704201975-2027473013-1001-0-ntuser.dat.LOG1S-1-5-21-2593232439-704201975-2027473013-1001-0-ntuser.dat.LOG2S-1-5-21-2593232439-704201975-2027473013-1001-0-ntuser.dat{e5ef6647-3138-11e6-81aa-8c89a565447f}.TM.blfS-1-5-21-2593232439-704201975-2027473013-1001-0-ntuser.dat{e5ef6647-3138-11e6-81aa-8c89a565447f}.TMContainer00000000000000000001.regtrans-msS-1-5-21-2593232439-704201975-2027473013-1001-0-ntuser.dat{e5ef6647-3138-11e6-81aa-8c89a565447f}.TMContainer00000000000000000002.regtrans-msS-1-5-21-2593232439-704201975-2027473013-1001-0-UsrClass.datS-1-5-21-2593232439-704201975-2027473013-1001-0-UsrClass.dat.LOG1S-1-5-21-2593232439-704201975-2027473013-1001-0-UsrClass.dat.LOG2S-1-5-21-2593232439-704201975-2027473013-1001-0-UsrClass.dat{e5ef6649-3138-11e6-81aa-8c89a565447f}.TM.blfS-1-5-21-2593232439-704201975-2027473013-1001-0-UsrClass.dat{e5ef6649-3138-11e6-81aa-8c89a565447f}.TMContainer00000000000000000001.regtrans-msS-1-5-21-2593232439-704201975-2027473013-1001-0-UsrClass.dat{e5ef6649-3138-11e6-81aa-8c89a565447f}.TMContainer00000000000000000002.regtrans-msswissarmy.ref                           File Size: 28249     BYTES FileVersion:  N/A            MD5: [796931ca33465057e4349a3844809397]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                               File Size: 4597      BYTES FileVersion:  N/A            MD5: [4c5b19709c7bb438b8e621aface6627e]
database.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 1612      BYTES FileVersion:  N/A            MD5: [76d225f6948c0155f413a5422f674bd9]
manifest.conf                           File Size: 3409      BYTES FileVersion:  N/A            MD5: [dd8be8a096e362f46ce89cf0f16406b9]
marketing.conf                           File Size: 7326      BYTES FileVersion:  N/A            MD5: [54343a1a2ab9a1af8b5742a67ca35c07]
net.conf                                 File Size: 7337      BYTES FileVersion:  N/A            MD5: [61d2d8c4d9d04576ab4c12b404f65abb]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 2201      BYTES FileVersion:  N/A            MD5: [64c9658c2fa4519c26c2b14891eb2a5c]
settings.conf                           File Size: 2133      BYTES FileVersion:  N/A            MD5: [276036bca82de3f563944a79e1192640]
statistics.conf                         File Size: 513       BYTES FileVersion:  N/A            MD5: [f63bf264ec13ec9b702216bb690dc562]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore
build.conf                               File Size: 4179      BYTES FileVersion:  N/A            MD5: [20d9566b3cf94f1e395de8f40046fc68]
database.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 23        BYTES FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                           File Size: 3171      BYTES FileVersion:  N/A            MD5: [a6e5576f7723acab40490fb9e64dfc1c]
marketing.conf                           File Size: 6974      BYTES FileVersion:  N/A            MD5: [53bbca93e7bbeb7f5dca1ef9419ccb28]
net.conf                                 File Size: 6530      BYTES FileVersion:  N/A            MD5: [9fb4acfdc11c7af48a760db4c7bfebf0]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                           File Size: 1724      BYTES FileVersion:  N/A            MD5: [e27b42126b89352fdaae8f1630b9a8d8]
statistics.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
protection-log-2016-06-13.xml           File Size: 3879      BYTES FileVersion:  N/A            MD5: [9a1aba25fa461d2a6cff8392254d818d]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
0365343170.data                         File Size: 888       BYTES FileVersion:  N/A            MD5: [16df8f02463734318addc5904325c201]
2987637177.data                         File Size: 876       BYTES FileVersion:  N/A            MD5: [f2d4d33baa8642819e9387fc5d719107]
3540471679.data                         File Size: 761       BYTES FileVersion:  N/A            MD5: [73f9b744ed6e1d531205c649ae985cf6]
3540471679.quar                         File Size: 506       BYTES FileVersion:  N/A            MD5: [28e2b1f06a65d2eadef51a749137a81c]
6302668201.data                         File Size: 727       BYTES FileVersion:  N/A            MD5: [c5dc7f462c367b6beca9e74d080c6987]
6302668201.quar                         File Size: 4021049   BYTES FileVersion:  N/A            MD5: [67e29ca94267d48e375cc40a044ad0f0]
7731885863.data                         File Size: 749       BYTES FileVersion:  N/A            MD5: [a8d67042882486ef769ac392a4576e87]
7731885863.quar                         File Size: 482       BYTES FileVersion:  N/A            MD5: [6a0328a1d38893cc9684c1edb2082721]
 
Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
Vendor: PUP.Optional.IFEO, Date: 2016/06/09 09:47:51, Type: Registry Value, Location: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\TEAMVIEWER.EXE|Debugger
Vendor: PUP.Optional.IFEO, Date: 2016/06/09 09:47:51, Type: Registry Value, Location: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\TEAMVIEWER.EXE|Debugger
Vendor: PUP.Optional.IFEO, Date: 2016/06/09 09:47:51, Type: Registry Key, Location: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\TEAMVIEWER.EXE
Vendor: HackTool.Agent, Date: 2016/06/09 09:47:51, Type: File, Location: C:\$Recycle.Bin\S-1-5-21-2593232439-704201975-2027473013-1001\$RKNFQ6S.exe
Vendor: PUP.Optional.IFEO, Date: 2016/06/09 09:47:51, Type: Registry Key, Location: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\TEAMVIEWER.EXE
===============================================================
END OF FILE
 
i couldn't post it,but now i can.


#12 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,675 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:15 PM

Posted 13 June 2016 - 10:15 AM

Did you restart the computer after Malwarebytes completed the scan?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#13 rih23

rih23
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 13 June 2016 - 02:00 PM

Don't remember cause it was 5 days ago,but i stoped getting those captcha messages for atleast now i see.I will see if it happens again.


Edited by rih23, 13 June 2016 - 02:03 PM.


#14 rih23

rih23
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 14 June 2016 - 02:02 AM

Google captcha appeared just now.



#15 HairyApricot

HairyApricot

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 14 June 2016 - 05:51 AM

I have gotten that captcha on my home PC once and several times on my work PC. It does in no way indicate malware, especially if there is no strange network activity turning up in resource monitor. Sometimes and extension causes it, sometimes having cookies or javascript disabled, or hitting the same site too many times. Sometimes its just random.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users