Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MALWARE NIGHTMARE!


  • Please log in to reply
4 replies to this topic

#1 adamdenne

adamdenne

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 18 June 2016 - 09:56 PM

Hey guys,
 
I am new to the forum but have been creeping around looking for help for a few days now. I had my business/personal laptop that I used as download pig/media center server taken over by malware. I got a bad file that continuously installed programs such as toolbars and pointless applications to the point that it would lock up my i7 processor and cause the computer to overheat and crash. I was able to create a bootable flash drive of avira to stop it from installing but now have major issues. 
 
Current problems:
 
Windows Genuine Advantage (Shows not genuine copy)
Very slow boot up (even after removing much of the software through the control panel then clearing msconfig of all bloat) [Once booted and windows loads desktop and all startup programs runs normal speed]
Cant connect to the internet (Continuously tries to identify connection [wireless] or when hooked up lan doesnt recognize a connection at all.)
dnsapi.dll, netiohlp.dll, nshipsec.dll - missing (along with other .dll's for winsock reset) [winsockfix.bat didnt work either]
 
Have ran CCleaner, Malwarebytes, Spybot S&D, Superanti spyware, Microsoft security essentials, ADW Cleaner, and kingsoft antivirus. (All have come up with problems and supposedly fixed them)
 
I have run out of ideas and need some serious help!

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

Edit: Thank you animal for relocating for best help - Adamdenne


Edited by adamdenne, 18 June 2016 - 10:08 PM.


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:55 PM

Posted 19 June 2016 - 09:53 AM

Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  
 
mbam1_zps98e7fba9.png
 
3)  Click on Settings, you will see a image like the one below.
 
malware%20settings_zpsixkea5sd.png
 
When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.
 
4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.
 
5)  When the scan is complete the results will be displayed.  Click on Delete All.
 
malwarenew_zps34b58fdc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the log in your topic.
 
 

Please run AdwCleaner
 
Please download AdwCleaner and install it.
 
When AdwCleaner opens you will see an image like the one below.
 
adwcleaner11_zps48314883.png
 
Click on Scan to start the scan.
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.
 
If there are no malicious programs are found you will receive the following message.
 
adwcleaner%20111_zpsiduqrrrp.png
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.



Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
    here
    .
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by dc3, 19 June 2016 - 09:53 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 adamdenne

adamdenne
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 19 June 2016 - 11:22 AM

dc3 - I dont know if you posted this as a standard reply or if you just didnt read my post at all. I have already ran these with the exception of ESET. I am currently unable to connect to my network. I am going to maunually update mbam with the latest definitions. I will redo all these steps you have outlined here and post the log files.


Edited by adamdenne, 19 June 2016 - 01:08 PM.


#4 adamdenne

adamdenne
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 19 June 2016 - 12:45 PM

mbam-check result log version:     2.3.2.0
========================================
 
User Account type:                 Administrator
DomainComputer:                    No
OS:                                Windows 7 Service Pack 1 Service Pack 1 64 bit Operating System
Current Version and Build:         6.1.7601 
Malwarebytes Anti-Malware:         2.2.1.1043
Installed On:                      2016/06/18
Malware Database:                  2016.06.16.03
Rootkit Database:                  2016.05.27.01
Remediation Database:              2016.06.16.01
IP Database:                       2016.06.16.04
Domain Database:                   2016.06.16.07
License:                           Free
Malware Protection:                1 (The service is not running.)
Malicious Website Protection:      1 (The service is not running.)
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2016/06/19 12:34:30
 
User Information for Local System:
===========================================
User Account: Administrator
Account Level: Admin
User Account: DENNE
Account Level: Admin
User Account: Guest
Account Level: Guest
User Account: HomeGroupUser$
Account Level: Guest
Total # of user entries: 4
 
UAC Settings:
===================
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
DWORD 1 Status: ON
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
DWORD 5 Status: ON
 
AntiVirus Information:
===================
AntiVirus Software Installed: "Microsoft Security Essentials"
AntiVirus Software Installed: "Kingsoft AntiVirus Auto-Protect"
 
FireWall Information:
===================
NO 3rd Party Firewall Software Installed
 
AntiSpyware Information:
===================
AntiSpyware Software Installed: "Windows Defender"
AntiSpyware Software Installed: "Spybot - Search and Destroy"
AntiSpyware Software Installed: "Microsoft Security Essentials"
 
Machine Information
===============================================
Machine ID: d98c28b62df822774a82f6cea0e29afb03ecfbc8
Installation Token: WrYF5XZPC12pKvJzdT99
System has been up for: 0.0519444 Hours
System has been booted within the last hour
Current Date: 2016-Jun-19 17:34:33.247928
Date Booted: 2016-Jun-19 17:34:33.247928
 
Detection and Protection Settings
===============================================
Use Advanced Heuristics Engine (Shuriken):            true
Scan for rootkits:                                    true
Scan within archives:                                 true
PUP (Potentially Unwanted Program) detections:        Treat Detections as Malware
PUM (Potentially Unwanted Modification) detections:   Treat Detections as Malware
 
Compatibility Flag Settings:
=================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
C:\Program Files (x86)\VAP11G_SETUP\VAP11G_Setup.exeREG_SZ WINXPSP2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
 
 
Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:
 
MBAM Startup Entries: 
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Malwarebytes Anti-Malware (cleanup)REG_SZ "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
 
Malwarebytes Anti-Malware Service and Driver Status:
=======================================================
 
--------------Driver File Info:--------------
C:\Windows\system32\drivers\mbam.sys
File Size: 27008     BYTES FileVersion: 0.1.16.0 MD5: [78bff5425e044086e74e78650a359fbb]
C:\Windows\system32\drivers\mwac.sys
File Size: 64896     BYTES FileVersion: 1.0.6.0 MD5: [452acb7a9914398d9e18cccffcf92208]
C:\Windows\system32\drivers\mbamswissarmy.sys
File Size: 119000    BYTES FileVersion: 0.1.3.0 MD5: [b429327b1ccd987efd87fa603870827d]
C:\Windows\system32\drivers\mbamchameleon.sys
File Size: 140672    BYTES FileVersion: 1.1.22.0 MD5: [1239597bab7eed2bb16d035af87e65d9]
 
--------------MBAMProtector:--------------
Type:                   2
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1084
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
--------------MBAMService:--------------
Type:                   16
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1084
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
--------------MBAMScheduler:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMWebAccessControl:--------------
Type:                   2
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
Required Dependencies:
======================
 
--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
DisplayName                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1001
Group                         REG_SZ NetworkProvider
ImagePath                     REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Description                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1002
ObjectName                    REG_SZ NT AUTHORITY\LocalService
ErrorControl                  REG_DWORD 1
Start                         REG_DWORD 2
Type                          REG_DWORD 32
DependOnService               REG_MULTI_SZ RpcSs
 
ServiceSidType                REG_DWORD 3
RequiredPrivileges            REG_MULTI_SZ SeAuditPrivilege
 
FailureActions                REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
ServiceDll                    REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
ServiceDllUnloadOnStop        REG_DWORD 1
ServiceMain                   REG_SZ BfeServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data
 
{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data
 
{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data
 
{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data
 
{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data
 
{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data
 
{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data
 
{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data
 
{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data
 
{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data
 
{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data
 
{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data
 
{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data
 
{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
{b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY Binary Data
 
{d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY Binary Data
 
{8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY Binary Data
 
{4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY Binary Data
 
{3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY Binary Data
 
{17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY Binary Data
 
{567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY Binary Data
 
{4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY Binary Data
 
{3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY Binary Data
 
{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data
 
{f444c576-6e60-4ea2-9faa-80d57ed12cd2}REG_BINARY Binary Data
 
{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data
 
{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data
 
{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data
 
{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data
 
{4d9581d2-aef8-4993-84cd-b986ced80d42}REG_BINARY Binary Data
 
{be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}REG_BINARY Binary Data
 
{716b48eb-0a35-4a76-92ab-1d987230d288}REG_BINARY Binary Data
 
{1165065e-4996-4338-abaf-4b8556b4d431}REG_BINARY Binary Data
 
{07a24961-a760-4e80-b263-6d275e1b09cb}REG_BINARY Binary Data
 
{5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}REG_BINARY Binary Data
 
{b6b2ca61-fb98-4422-adc2-e7cf56b3680c}REG_BINARY Binary Data
 
{0aa7fff8-919f-453c-928c-28a12122ba38}REG_BINARY Binary Data
 
{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data
 
{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data
 
{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data
 
{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data
 
{91ffecf0-0a9e-4572-95f1-a7111af86967}REG_BINARY Binary Data
 
{64e55933-15a5-495d-a928-ccca43d44875}REG_BINARY Binary Data
 
{13bfd422-6f75-4408-8924-9400ec0cb19c}REG_BINARY Binary Data
 
{cbfb56db-3c85-4543-9bc2-76ea28cdd74e}REG_BINARY Binary Data
 
{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data
 
{375fb39b-08c6-40f2-bdf2-08fa63f970a2}REG_BINARY Binary Data
 
{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data
 
{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data
 
{b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY Binary Data
 
{3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY Binary Data
 
{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data
 
{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data
 
{4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data
 
{1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data
 
{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data
 
{d4bd4a0f-7591-4da2-ae67-3aa97c3c34c2}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
{b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data
 
{b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data
 
{9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Security
Security                      REG_BINARY Binary Data
 
--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
AttachWhenLoaded              REG_DWORD 1
DisplayName                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
Group                         REG_SZ FSFilter Infrastructure
ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys
Description                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
ErrorControl                  REG_DWORD 3
Start                         REG_DWORD 0
Tag                           REG_DWORD 1
Type                          REG_DWORD 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
0                             REG_SZ Root\LEGACY_FLTMGR\0000
Count                         REG_DWORD 1
NextInstance                  REG_DWORD 1
 
 
C:\Windows\system32\drivers\fltmgr.sys
File Size: 289664    BYTES FileVersion: 6.1.7601.17514 MD5: [da6b67270fd9db3697b20fce94950741]
C:\Windows\SysWOW64\comctl32.ocx
File Size: 608448    BYTES FileVersion: 6.0.81.5 MD5: [eb5f811c1f78005b3c147599a0cccf51]
C:\Windows\SysWOW64\mscomctl.ocx
File Size: 1066176   BYTES FileVersion: 6.0.88.62 MD5: [714cf24fc19a20ae0dc701b48ded2cf6]
C:\Windows\SysWOW64\olepro32.dll
File Size: 90112     BYTES FileVersion: 6.1.7601.17514 MD5: [703ffd301ab900b047337c5d40fd6f96]
 
 
MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced: 
    AutomaticQuarantine:                                       true 
    AutostartProtection:                                       true 
    LimitedMode:                                               false 
    SelfProtection:                                            false 
    StartSilentMode:                                           false 
    StartupDelay:                                              -15 
ApplicationState: 
    First-Run-After-Installation:                              false 
General: 
    DaysUntilNotifyExpiration:                                 5 
    Language:                                                  en 
    RightClickAccess:                                          true 
    SilentErrors:                                              false 
Logging: 
    ExportLog:                                                 true 
Marketing: 
    LastPostScanMarketingIndex:                                3 
Notification: 
ProtectionTray: 
    DisplayMilliseconds:                                       3000 
ScanHistory: 
    Duration_Complete:                                         433079 
    Duration_Driver:                                           17258 
    Duration_Filesystem:                                       44 
    Duration_Heuristics:                                       1357768 
    Duration_Loading:                                          0 
    Duration_MasterBootRecord:                                 238 
    Duration_Memory:                                           40000 
    Duration_PreScan:                                          14764 
    Duration_Registry:                                         25434 
    Duration_Sector:                                           0 
    Duration_Startup:                                          10193 
    ItemCount_Complete:                                        241353 
    ItemCount_Driver:                                          369 
    ItemCount_Filesystem:                                      49587 
    ItemCount_Heuristics:                                      23659 
    ItemCount_Loading:                                         0 
    ItemCount_MasterBootRecord:                                6 
    ItemCount_Memory:                                          2797 
    ItemCount_PreScan:                                         0 
    ItemCount_Registry:                                        707 
    ItemCount_Sector:                                          0 
    ItemCount_Startup:                                         225 
    LastRemovalRequiredDOR:                                    true 
    LastScanDateEpoch:                                         1466355197005 
    LastScanType:                                              1 (Threat Scan)
    QuarantineCompletedCount:                                  65 
Update: 
    LastUpdate:                                                2015-09-01T22:47:33 
    NotifyInstallReady:                                        true 
    NotifyOutdatedDatabase:                                    7 
    ProxyPassword:                                              
    ProxyPort:                                                 0 
    ProxyServer:                                                
    ProxyUsername:                                              
    UseProxy:                                                  false 
    UseProxyAuthentication:                                    false 
    CheckProgramUpdates:         true
--------------Account:--------------
  Account Status:                                              Free 
  Expiration Time:                                             2015/09/01 20:10:05 
  Activation Time:                                             2015/08/18 15:10:06 
  Trial Used:                                                  true 
--------------Access Policies:--------------
 
Scheduler Queue:
================
 
tasks: 
    036fa026-e930-4f97-84df-fa399ee1dabd:                       
      parameters:                                               
        NotifyWhenUpdateCompletes:                             false 
        ProcessLaunchedFromScheduler:                          true 
        TaskType:                                              3 
      triggers:                                                 
        80b90336-00d5-4b4f-ab23-bd19c45ebaf4:                   
          dateinterval:                                        0:0:0 (Days:Months:Years) 
          lastscheduled:                                       Sun, 19 Jun 2016 11:46:04.460414 -0500 
          lasttriggered:                                       Tue, 01 Sep 2015 17:47:06.527552 -0500 
          nextscheduled:                                       Sun, 19 Jun 2016 12:46:04.460414 -0500 
          recovery:                                            00:00:00 (Hours:Minutes:Seconds) 
          start:                                               Tue, 18 Aug 2015 15:46:04.460414 -0500 
          timeinterval:                                        01:00:00 (Hours:Minutes:Seconds) 
          type:                                                Hourly 
          uuid:                                                80b90336-00d5-4b4f-ab23-bd19c45ebaf4 
      type:                                                    update 
      uuid:                                                    036fa026-e930-4f97-84df-fa399ee1dabd 
    5ceab2d8-49cd-427d-9790-594bf9d22072:                       
      parameters:                                               
        AutoDelete:                                            false 
        CheckForUpdatesBeforeScanStart:                        true 
        ScanConfig:                                             
          ExportLog:                                           true 
          FileSystemOption:                                    true 
          Quarantine:                                          Prompt 
          RebootSystemWhenMalwareDetected:                     false 
          ScanArchives:                                        true 
          ScanExtra:                                           true 
          ScanHeuristic:                                       true 
          ScanMemoryObjects:                                   true 
          ScanPUM:                                             Treat Detections as Malware 
          ScanPUP:                                             Warn User About Detections 
          ScanRegistry:                                        true 
          ScanRootkits:                                        false 
          ScanSource:                                          1 
          ScanStartup:                                         true 
          ScanTargets:                                          
          ScanType:                                            1 (Threat Scan)
          Silent:                                              true 
        StartTaskFromSystemAccount:                            false 
        TaskType:                                              0 
      triggers:                                                 
        45d30f0b-ee57-460c-844d-6a852ac3d0c5:                   
          dateinterval:                                        1:0:0 (Days:Months:Years) 
          lastscheduled:                                       Sun, 19 Jun 2016 03:07:59 -0500 
          lasttriggered:                                       Tue, 01 Sep 2015 03:08:46.029388 -0500 
          nextscheduled:                                       Mon, 20 Jun 2016 03:07:59 -0500 
          recovery:                                            23:00:00 (Hours:Minutes:Seconds) 
          start:                                               Wed, 19 Aug 2015 03:07:59 -0500 
          timeinterval:                                        00:00:00 (Hours:Minutes:Seconds) 
          type:                                                Daily 
          uuid:                                                45d30f0b-ee57-460c-844d-6a852ac3d0c5 
      type:                                                    scan 
      uuid:                                                    5ceab2d8-49cd-427d-9790-594bf9d22072 
 
Pending File Rename Operations: 
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
 
MBAMProtector Registry Values:
==============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
Type                          REG_DWORD 2
Start                         REG_DWORD 3
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ \??\C:\Windows\system32\drivers\mbam.sys
Group                         REG_SZ FSFilter Anti-Virus
DependOnService               REG_MULTI_SZ FltMgr
 
WOW64                         REG_DWORD 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
DefaultInstance               REG_SZ MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
Altitude                      REG_SZ 328800
Flags                         REG_DWORD 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters
PassThruFile                  REG_SZ mbampt.exe
ProductPath                   REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum
0                             REG_SZ Root\LEGACY_MBAMPROTECTOR\0000
Count                         REG_DWORD 1
NextInstance                  REG_DWORD 1
 
MBAMService Registry Values:
============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
Type                          REG_DWORD 16
Start                         REG_DWORD 2
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
DependOnService               REG_MULTI_SZ MBAMProtector
 
WOW64                         REG_DWORD 1
ObjectName                    REG_SZ LocalSystem
Description                   REG_SZ Malwarebytes Anti-Malware service
DelayedAutostart              REG_DWORD 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Security
Security                      REG_BINARY Binary Data
 
 
MBAMScheduler Registry Values:
==============================
 
 
 
Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================
 
--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1084
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
TermService Start is set to: 2 (Automatic Startup)
 
Proxy Status: No proxy is Set
 
LAN Settings:
=============
 
only 'Automatically detect settings' is selected
 
SystemPartition:
================
 
HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SystemPartition REG_SZ \Device\HarddiskVolume1
 
Balloon Tips Status:
====================
 
Enabled
 
Time Format Settings:
=====================
 
Should be:
h:mm:ss tt
AM 
PM 
:
 
Currently:
REG_SZ h:mm:ss tt
REG_SZ AM
REG_SZ PM
REG_SZ :
 
Language and Regional Settings:
===============================
 
ACP: Language is English (United States)
MACCP: Language is English (United States)
OEMCP: Language is English (United States)
 
Startup Folders for Error_Expanding_Variables Check:
====================================================
 
All Users Startup Folder Exists.
Current User's Startup Folder Exists.
 
 
Context Menu Entries:
=====================
 
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
(Default):                    REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
(Default):                    REG_SZ MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
(Default):                    REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 
 
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
(Default):                    REG_SZ IMBAMShlExt
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
(Default):                    REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
(Default):                    REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
Version                       REG_SZ 1.0
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
(Default):                    REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
ThreadingModel                REG_SZ Apartment
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
(Default):                    REG_SZ MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
(Default):                    REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
(Default):                    REG_SZ MBAMExt.MBAMShlExt
 
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
(Default):                    REG_SZ MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
(Default):                    REG_SZ 0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
(Default):                    REG_SZ MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
(Default):                    REG_SZ 0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware
 
 
List of MBAM Related Directories:
=================================
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll                                   File Size: 922080    BYTES FileVersion:  9.20.0.0       MD5: [14079a2411fa2bb7f78bc100c92bbcc2]
changes.txt                             File Size: 1596      BYTES FileVersion:  N/A            MD5: [09371a0c8bd9e9554571da257d554d3e]
cloud-enumeration.dll                   File Size: 287200    BYTES FileVersion:  1.0.1.0        MD5: [84ac20b9327dbd4d94039be93384dad5]
cloud.dll                               File Size: 352736    BYTES FileVersion:  1.0.1.0        MD5: [5659790448fb136a80be407c4a0dbb50]
IS-3JGPK.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-43V38.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-44DEL.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-4MUC3.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-7O6TP.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-8P5VL.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-BLQ66.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-EN416.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-G6Q6N.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-ILA4S.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-JGIBP.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-JM6A6.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-L7EOS.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-M0HNM.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-ML335.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-P2Q02.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-QPGJ4.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-UCKF3.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-UVDA8.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
license.rtf                             File Size: 38870     BYTES FileVersion:  N/A            MD5: [ed36ea764c3a452334416713c8cf1eed]
master.conf                             File Size: 1258      BYTES FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                 File Size: 609760    BYTES FileVersion:  1.0.40.0       MD5: [c4a51c1cb174066fdaf383c09f0d574b]
mbam.exe                                 File Size: 9926112   BYTES FileVersion:  2.3.173.0      MD5: [8e98e3ec16d2641005b4748cd330fb45]
mbamcore.dll                             File Size: 2127840   BYTES FileVersion:  1.3.24.0       MD5: [63ce66ef2b30a09308eafe29baec6a75]
mbamdor.exe                             File Size: 55264     BYTES FileVersion:  1.0.2.0        MD5: [297c1bdcc26adb339d4c0f0550e434d6]
mbamext.dll                             File Size: 431072    BYTES FileVersion:  3.1.1.0        MD5: [67a6ec1735c77c2623b49cc1f284c8a0]
mbampt.exe                               File Size: 40928     BYTES FileVersion:  1.0.57.0       MD5: [04d0b942b0ad4a5d2eee45d9b7d6545b]
mbamresearch.exe                         File Size: 1949152   BYTES FileVersion:  1.1.1.0        MD5: [e601f9ca6a72493bc8185bedda17eee8]
mbamscheduler.exe                       File Size: 1514464   BYTES FileVersion:  3.1.7.0        MD5: [9611577752e293259c7dce19e9026362]
mbamservice.exe                         File Size: 1136608   BYTES FileVersion:  3.2.21.0       MD5: [f1a89a34388b5626f1548d393b23ecb1]
mbamsrv.dll                             File Size: 3863008   BYTES FileVersion:  2.1.10.0       MD5: [a33629c51295570fe9f252a39ddcea93]
msvcp100.dll                             File Size: 422880    BYTES FileVersion:  10.0.40219.325 MD5: [53a5f1b984f585997968cd0dfb27400c]
msvcr100.dll                             File Size: 775648    BYTES FileVersion:  10.0.40219.325 MD5: [dc0213118e61e5ca865092109860792c]
Qt5Core.dll                             File Size: 4646880   BYTES FileVersion:  5.4.1.0        MD5: [91c7c50b2a290b82604163b5a679ea24]
Qt5Gui.dll                               File Size: 4640224   BYTES FileVersion:  5.4.1.0        MD5: [1d59b3e632aef8e24cc1707fd411113b]
Qt5Network.dll                           File Size: 673248    BYTES FileVersion:  5.4.1.0        MD5: [e089635a8cbed229ec30cdbe29748c08]
Qt5Widgets.dll                           File Size: 4474848   BYTES FileVersion:  5.4.1.0        MD5: [33881dda0ccc3898facadf1e4d1df237]
unins000.dat                             File Size: 37280     BYTES FileVersion:  N/A            MD5: [ae4c052085e1733eab31fa5138357913]
unins000.exe                             File Size: 720085    BYTES FileVersion:  51.52.0.0      MD5: [f1505d347325c77e3eeef418495e1f57]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                           File Size: 235882    BYTES FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                             File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.exe                             File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.pif                             File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.scr                             File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
iexplore.exe                             File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
IS-06C5G.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-1O64K.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-21708.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-3SEED.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-7JD48.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-95ED4.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-F0ONL.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-GV6AK.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-KBE7S.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-LIJE8.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-NFIVD.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-NOIER.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-OFSET.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-SF8NU.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
mbam-chameleon.com                       File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.exe                       File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.pif                       File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.scr                       File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-killer.exe                         File Size: 1504736   BYTES FileVersion:  3.0.15.0       MD5: [b79d3c2fca170c4dd15d7316067a1fd3]
rundll32.exe                             File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
svchost.exe                             File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
windows.exe                             File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
winlogon.exe                             File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
IS-CRT54.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
IS-S8V3H.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
qgif.dll                                 File Size: 29664     BYTES FileVersion:  5.4.1.0        MD5: [0b528e4c9bbd9efdea9bc8ac6a967d6d]
qico.dll                                 File Size: 29664     BYTES FileVersion:  5.4.1.0        MD5: [7b36d94db81b8b0dfd9323228dd96b51]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_ar.qm                               File Size: 87404     BYTES FileVersion:  N/A            MD5: [269d3107ca72a75fe154ce4ff718af50]
lang_bg.qm                               File Size: 133911    BYTES FileVersion:  N/A            MD5: [376ad1e4ad206bc32da09b12b564ecc4]
lang_ca.qm                               File Size: 92634     BYTES FileVersion:  N/A            MD5: [2d35f58b0c2db44ad2717f4a4526a085]
lang_cs.qm                               File Size: 105193    BYTES FileVersion:  N/A            MD5: [2c191de828d5e05fd7afa27ee1245023]
lang_da.qm                               File Size: 88039     BYTES FileVersion:  N/A            MD5: [f8a4941d5d388160d252832a77ab584f]
lang_de.qm                               File Size: 139276    BYTES FileVersion:  N/A            MD5: [b55f37281f0fcadfae67aecf0bf4cca5]
lang_el.qm                               File Size: 126897    BYTES FileVersion:  N/A            MD5: [bd671253e071bac626beea63393abcda]
lang_en.qm                               File Size: 3081      BYTES FileVersion:  N/A            MD5: [e2790b3cd9fdd9d3e266e9623fe477af]
lang_es.qm                               File Size: 138468    BYTES FileVersion:  N/A            MD5: [cc4f3aab63d933d5964e2bba62df4277]
lang_et.qm                               File Size: 107794    BYTES FileVersion:  N/A            MD5: [aa4845cd64b20377cea0ebc66eed4a42]
lang_fi.qm                               File Size: 130793    BYTES FileVersion:  N/A            MD5: [00653d1fb2f790817aef991025c176aa]
lang_fr.qm                               File Size: 141996    BYTES FileVersion:  N/A            MD5: [e06db8ef6b826b75ec5859913651ed44]
lang_he.qm                               File Size: 98928     BYTES FileVersion:  N/A            MD5: [2954e902664f2e129f8a8d8238e90552]
lang_hu.qm                               File Size: 132359    BYTES FileVersion:  N/A            MD5: [6bf3b8c78fd393ef2811a19742518b9a]
lang_id.qm                               File Size: 129135    BYTES FileVersion:  N/A            MD5: [6be058072a90897595c6f097a3caa797]
lang_it.qm                               File Size: 134154    BYTES FileVersion:  N/A            MD5: [183990148beec433023688db65a7bf2e]
lang_ja.qm                               File Size: 73762     BYTES FileVersion:  N/A            MD5: [f6bfd643cb92fa760ae6ec64344ee7e1]
lang_ko.qm                               File Size: 85731     BYTES FileVersion:  N/A            MD5: [53b5a94eb309d69993a5bc3cd43a85e4]
lang_lt.qm                               File Size: 90799     BYTES FileVersion:  N/A            MD5: [eecd8edca1fb068ad3bd88aa711bdae2]
lang_lv.qm                               File Size: 90659     BYTES FileVersion:  N/A            MD5: [683950904e725821740217824df440ff]
lang_nl.qm                               File Size: 133514    BYTES FileVersion:  N/A            MD5: [442a6cf7e07e6f676d8b5ae41637549c]
lang_no.qm                               File Size: 129833    BYTES FileVersion:  N/A            MD5: [8949e21e367e5a32ca9f36d8d22c9771]
lang_pl.qm                               File Size: 133827    BYTES FileVersion:  N/A            MD5: [48379f4ac164adfc8d448bf53c8e2df8]
lang_pt_BR.qm                           File Size: 136918    BYTES FileVersion:  N/A            MD5: [b1ea2002cf5362b24ca0a026f448e3f1]
lang_pt_PT.qm                           File Size: 136982    BYTES FileVersion:  N/A            MD5: [5e23b66cb6d8d9894b991cc8f33658af]
lang_ro.qm                               File Size: 90458     BYTES FileVersion:  N/A            MD5: [bcf524020255c4f7a6fdbae8df2bfe81]
lang_ru.qm                               File Size: 137874    BYTES FileVersion:  N/A            MD5: [5e28394fbd12f21301e2b7e1a9dbac94]
lang_sk.qm                               File Size: 131080    BYTES FileVersion:  N/A            MD5: [68e0e95e7131d101188a57e3a413dee5]
lang_sl.qm                               File Size: 107631    BYTES FileVersion:  N/A            MD5: [83755001a3f1bd527d0b4b7a77d0b37d]
lang_sv.qm                               File Size: 129135    BYTES FileVersion:  N/A            MD5: [b3c38242beb63f895fabcc14bbc6807a]
lang_tr.qm                               File Size: 88838     BYTES FileVersion:  N/A            MD5: [1e4a3c0dcd7074ad4a3971ce67762cda]
lang_vi.qm                               File Size: 133386    BYTES FileVersion:  N/A            MD5: [586de19c023986bf884ad56fc29c8f5e]
lang_zh_TW.qm                           File Size: 87797     BYTES FileVersion:  N/A            MD5: [e120a014cf077bdcbcdcbf98c3438188]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\platforms
IS-HA2BR.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
qwindows.dll                             File Size: 929760    BYTES FileVersion:  5.4.1.0        MD5: [6c54d2ebeaacbe9b56816536041c8281]
 
C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                           File Size: 823776    BYTES FileVersion:  1.4.0.1001     MD5: [bbfc25590af3e45d8cca1fab95648b40]
IS-FM8VM.TMP                             File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                             File Size: 8257      BYTES FileVersion:  N/A            MD5: [b18747cb9032853653f1a6b00842d070]
akadomains.ref                           File Size: 92        BYTES FileVersion:  N/A            MD5: [73d5774cbd8df165274a0691ae264808]
akaips.ref                               File Size: 92        BYTES FileVersion:  N/A            MD5: [2a6869d1f91f0a0b87b1d27bd30ccc5c]
cleanup.dat                             File Size: 725       BYTES FileVersion:  N/A            MD5: [045b7bd34198dcaeb145188b94780b67]
CLEANUP.DLL                             File Size: 2127840   BYTES FileVersion:  1.3.24.0       MD5: [63ce66ef2b30a09308eafe29baec6a75]
domains.ref                             File Size: 633205    BYTES FileVersion:  N/A            MD5: [d4f429abb7a31d97ba07f0623e967b1d]
exclusions.dat                           File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref                                 File Size: 134160    BYTES FileVersion:  N/A            MD5: [ea81a848a2a3bbf2821e4fc0c46d2b8d]
mbamdor.exe                             File Size: 55264     BYTES FileVersion:  1.0.2.0        MD5: [297c1bdcc26adb339d4c0f0550e434d6]
queue.mbam                               File Size: 1302      BYTES FileVersion:  N/A            MD5: [232246eff969450805509f116f30fccf]
rules.ref                               File Size: 9537840   BYTES FileVersion:  N/A            MD5: [9f6ba9110a641003aed00f4911559bf7]
swissarmy.ref                           File Size: 28249     BYTES FileVersion:  N/A            MD5: [796931ca33465057e4349a3844809397]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                               File Size: 4596      BYTES FileVersion:  N/A            MD5: [ea2e3812459eb90002425aa1e72ca15c]
database.conf                           File Size: 384       BYTES FileVersion:  N/A            MD5: [ed13782cbb2ffdcf120d3f2269da2675]
gatekeeper.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 1485      BYTES FileVersion:  N/A            MD5: [9756d2432592fa24d9397fd74b9f963d]
manifest.conf                           File Size: 3080      BYTES FileVersion:  N/A            MD5: [35c55cf0618284ad32667547aacf65e2]
marketing.conf                           File Size: 7333      BYTES FileVersion:  N/A            MD5: [5d5d9ad33c40cc9307077237b899a3c1]
net.conf                                 File Size: 7336      BYTES FileVersion:  N/A            MD5: [25a112a6b34e8e21db2a99b3aaeb09da]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 2153      BYTES FileVersion:  N/A            MD5: [f732d6506f9841393b0cab451f831dee]
settings.conf                           File Size: 2151      BYTES FileVersion:  N/A            MD5: [43e75eec60f5038ffca465c102e0e665]
statistics.conf                         File Size: 513       BYTES FileVersion:  N/A            MD5: [fc3dbd4024d793c22da1a9b7f73e2a6e]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore
build.conf                               File Size: 4179      BYTES FileVersion:  N/A            MD5: [20d9566b3cf94f1e395de8f40046fc68]
database.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 23        BYTES FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                           File Size: 3171      BYTES FileVersion:  N/A            MD5: [a6e5576f7723acab40490fb9e64dfc1c]
marketing.conf                           File Size: 6974      BYTES FileVersion:  N/A            MD5: [53bbca93e7bbeb7f5dca1ef9419ccb28]
net.conf                                 File Size: 6530      BYTES FileVersion:  N/A            MD5: [9fb4acfdc11c7af48a760db4c7bfebf0]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                           File Size: 1724      BYTES FileVersion:  N/A            MD5: [e27b42126b89352fdaae8f1630b9a8d8]
statistics.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
mbam-log-2016-06-18 (18-48-17).xml       File Size: 31414     BYTES FileVersion:  N/A            MD5: [424aec19da0a10f1f4eb715846ed9c83]
mbam-log-2016-06-19 (11-50-07).xml       File Size: 2572      BYTES FileVersion:  N/A            MD5: [fefdf53f3a3e47c306b3786436a8318f]
mbam-log-2016-06-19 (11-53-16).xml       File Size: 3736      BYTES FileVersion:  N/A            MD5: [9cb35a0fda7975a46f884c78fd2ad182]
protection-log-2015-08-18.xml           File Size: 7829      BYTES FileVersion:  N/A            MD5: [ed374ee04a4969a8fa7484e1c4b7ffad]
protection-log-2015-08-19.xml           File Size: 16917     BYTES FileVersion:  N/A            MD5: [5df806f74220e0222df3cf94214606b3]
protection-log-2015-08-20.xml           File Size: 19434     BYTES FileVersion:  N/A            MD5: [f53479b085351bc92a9d973a87382b2f]
protection-log-2015-08-21.xml           File Size: 20453     BYTES FileVersion:  N/A            MD5: [48deb7195fa803c786ceba14633ea2bb]
protection-log-2015-08-22.xml           File Size: 10743     BYTES FileVersion:  N/A            MD5: [d6cba3526c97bcbf6b5eb9101137ebc0]
protection-log-2015-08-23.xml           File Size: 9916      BYTES FileVersion:  N/A            MD5: [5a4d339000286d879afb9bc5e17e6751]
protection-log-2015-08-24.xml           File Size: 22116     BYTES FileVersion:  N/A            MD5: [da679090153ff0c0ee7e721720ecf5ab]
protection-log-2015-08-25.xml           File Size: 19229     BYTES FileVersion:  N/A            MD5: [c4a5bb3371ede15ca31ac5dfd1431f71]
protection-log-2015-08-26.xml           File Size: 13938     BYTES FileVersion:  N/A            MD5: [edc4538f3c2a8ee7ed961b15ab00ffa8]
protection-log-2015-08-27.xml           File Size: 7840      BYTES FileVersion:  N/A            MD5: [270347298b643bea56820cedc204d032]
protection-log-2015-08-28.xml           File Size: 6372      BYTES FileVersion:  N/A            MD5: [cbf42e2aa8d0ca0ea6b7cc3fd05ae326]
protection-log-2015-08-29.xml           File Size: 5203      BYTES FileVersion:  N/A            MD5: [1a47d3ddce59aa323f8ddec2d0ab47ed]
protection-log-2015-08-30.xml           File Size: 915       BYTES FileVersion:  N/A            MD5: [9d91ba20a5d60772c8ec35aa4dbe2512]
protection-log-2015-08-31.xml           File Size: 6922      BYTES FileVersion:  N/A            MD5: [a4eebbf2026fb518899badc26e9b34c1]
protection-log-2015-09-01.xml           File Size: 8632      BYTES FileVersion:  N/A            MD5: [8aaca8cc813f388efde40111b16b7d44]
protection-log-2016-06-18.xml           File Size: 1004      BYTES FileVersion:  N/A            MD5: [aa6538a9fd89128deca4ba3bfb073f88]
protection-log-2016-06-19.xml           File Size: 1946      BYTES FileVersion:  N/A            MD5: [352b5a51b3b66640b1a158b60ea8cc38]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
0134386119.data                         File Size: 881       BYTES FileVersion:  N/A            MD5: [0106c07fcee512446a907062db0f31a1]
0303234150.data                         File Size: 742       BYTES FileVersion:  N/A            MD5: [909f9e1a2c9cb7f9cd8db49e18fe57ac]
0303234150.quar                         File Size: 1960      BYTES FileVersion:  N/A            MD5: [3cc565d757181385f6cc34b747c17508]
0399549041.data                         File Size: 755       BYTES FileVersion:  N/A            MD5: [2858a2b216dc96e7d14b4551d4b81bae]
0399549041.quar                         File Size: 878       BYTES FileVersion:  N/A            MD5: [0eb0cd6f9494b518a567f11a8112170e]
1124249569.data                         File Size: 742       BYTES FileVersion:  N/A            MD5: [31e23c9850f3076d9ac8a84430b0a0a9]
1124249569.quar                         File Size: 1960      BYTES FileVersion:  N/A            MD5: [75f693080bb0e1993f3e959c195371f8]
1499029950.data                         File Size: 843       BYTES FileVersion:  N/A            MD5: [7384b45c417a8e724cbe20515bb634ab]
1499029950.quar                         File Size: 47702     BYTES FileVersion:  N/A            MD5: [cf270b0028885e3b1fe04ead09840866]
1553647036.data                         File Size: 736       BYTES FileVersion:  N/A            MD5: [e3b667636424c3b9dbcbcbe5a034f808]
1553647036.quar                         File Size: 1186      BYTES FileVersion:  N/A            MD5: [fa350abaa8653531d2858e9ded37d1b7]
1564459828.data                         File Size: 710       BYTES FileVersion:  N/A            MD5: [bd19fa928e805f5d16684afc3670503c]
1564459828.quar                         File Size: 273165    BYTES FileVersion:  N/A            MD5: [37c2b6f1c85b3a16b16d81b2bf342720]
1622738462.data                         File Size: 806       BYTES FileVersion:  N/A            MD5: [f28f25a48f84c07c629690fd6d213249]
1663619412.data                         File Size: 787       BYTES FileVersion:  N/A            MD5: [f05f8482fa4a12af79dd13de0ae17a30]
1698214846.data                         File Size: 711       BYTES FileVersion:  N/A            MD5: [ece0c783c8f72a594bd26e1225927a40]
1698214846.quar                         File Size: 61344     BYTES FileVersion:  N/A            MD5: [eaeae8f1c043713953df244405096a67]
1750289643.data                         File Size: 829       BYTES FileVersion:  N/A            MD5: [13741eedd3c9b6712e5645f8012f1527]
1750289643.quar                         File Size: 38564     BYTES FileVersion:  N/A            MD5: [d866a027503c7a4307b118db054d8b74]
1805552423.data                         File Size: 752       BYTES FileVersion:  N/A            MD5: [276848437f66c777548f972a5186338d]
1805552423.quar                         File Size: 928880    BYTES FileVersion:  N/A            MD5: [673aa16633a59fe729f59f4b4d38c41d]
1886580879.data                         File Size: 752       BYTES FileVersion:  N/A            MD5: [8948bc6c28000cd350c74e5a7d6eb2da]
1886580879.quar                         File Size: 928880    BYTES FileVersion:  N/A            MD5: [673aa16633a59fe729f59f4b4d38c41d]
1906296259.data                         File Size: 734       BYTES FileVersion:  N/A            MD5: [6e04736dc60a685dc40f71620a685b6b]
1906296259.quar                         File Size: 1182      BYTES FileVersion:  N/A            MD5: [201ebdf46c1a14625c26dd2710d3fad8]
1956835480.data                         File Size: 698       BYTES FileVersion:  N/A            MD5: [461ef0238d5fe3de8b769ce68d2db750]
1956835480.quar                         File Size: 34720     BYTES FileVersion:  N/A            MD5: [1a734c0a3405de3d17ef5e7f06ee3e27]
2008926324.data                         File Size: 742       BYTES FileVersion:  N/A            MD5: [9dde43c9af9597cd15c98b98220f15fc]
2008926324.quar                         File Size: 1960      BYTES FileVersion:  N/A            MD5: [23360c31a01130b8475e799def041c7b]
2233650090.data                         File Size: 768       BYTES FileVersion:  N/A            MD5: [a4d2b2f2f62116d26c4f2098b2bee134]
2233650090.quar                         File Size: 432       BYTES FileVersion:  N/A            MD5: [acce5c90a0ea25e50974762ec4e8a23a]
2347256630.data                         File Size: 730       BYTES FileVersion:  N/A            MD5: [5fb48e67312883c700da210b5521155c]
2351998716.data                         File Size: 752       BYTES FileVersion:  N/A            MD5: [4dc72e991ad5251672edcad6fb36c310]
2351998716.quar                         File Size: 928880    BYTES FileVersion:  N/A            MD5: [673aa16633a59fe729f59f4b4d38c41d]
2399806574.data                         File Size: 727       BYTES FileVersion:  N/A            MD5: [9fb452233206c77f7a9b68c397b7b0b4]
2399806574.quar                         File Size: 30720     BYTES FileVersion:  N/A            MD5: [ac1c10998714d9adeeebde434371529f]
2412539621.data                         File Size: 829       BYTES FileVersion:  N/A            MD5: [0107f3cc362379e1983378a1fc114da6]
2516643671.data                         File Size: 780       BYTES FileVersion:  N/A            MD5: [d55a4d26c241d756d529fff719e8140c]
2520386055.data                         File Size: 748       BYTES FileVersion:  N/A            MD5: [13bf7f4c0754fb27c125cdc4a17d7fd1]
2520386055.quar                         File Size: 586       BYTES FileVersion:  N/A            MD5: [f48f6d6c5a240d0ab69b27f84d02612f]
2735889693.data                         File Size: 854       BYTES FileVersion:  N/A            MD5: [e44b6ad03efe3ff6530f328fd1ed0cee]
2841922451.data                         File Size: 829       BYTES FileVersion:  N/A            MD5: [c4385b33301de530eb1bc5cfc1c5ac28]
3101165088.data                         File Size: 752       BYTES FileVersion:  N/A            MD5: [5b2d38154604408975976bbafc0904f2]
3101165088.quar                         File Size: 928880    BYTES FileVersion:  N/A            MD5: [673aa16633a59fe729f59f4b4d38c41d]
3104755517.data                         File Size: 840       BYTES FileVersion:  N/A            MD5: [5777440f4d7e59cbe3da54b400fcdeb5]
3104755517.quar                         File Size: 1150      BYTES FileVersion:  N/A            MD5: [0ee13ae8ca6fe861b9ec5b5fe92776e9]
3440442004.data                         File Size: 863       BYTES FileVersion:  N/A            MD5: [57565e119fb780122c02c54698b94243]
3456928531.data                         File Size: 764       BYTES FileVersion:  N/A            MD5: [23f0e4b5675e4df1a7f2ba5aa61782e2]
3456928531.quar                         File Size: 448       BYTES FileVersion:  N/A            MD5: [a1954d36fe56ff989b7774fb8127a96b]
3469657952.data                         File Size: 707       BYTES FileVersion:  N/A            MD5: [21e6f2483518ff02535fe44a6f3cf237]
3519990163.data                         File Size: 730       BYTES FileVersion:  N/A            MD5: [ecd02e7cbd944bfd99ddc329655261ce]
3519990163.quar                         File Size: 356       BYTES FileVersion:  N/A            MD5: [9a77bf24e294fbc42d25a828e14e20c4]
3663928983.data                         File Size: 730       BYTES FileVersion:  N/A            MD5: [d9f1a9b05688b30a9ad90f8c4e7b2078]
3663928983.quar                         File Size: 356       BYTES FileVersion:  N/A            MD5: [4ee36f6b6ffb468235d3a505ca5b0c49]
3765156811.data                         File Size: 744       BYTES FileVersion:  N/A            MD5: [11f22a050874364df58a77ba0d2aefb0]
3765156811.quar                         File Size: 860       BYTES FileVersion:  N/A            MD5: [1681021a8e7354a3346f649ccaf0fa84]
3766340784.data                         File Size: 703       BYTES FileVersion:  N/A            MD5: [4ab6f63ad6eb9ea1c51d62d6e0c546f7]
3766340784.quar                         File Size: 826       BYTES FileVersion:  N/A            MD5: [dbd68171ff106ad8db0c3316098cdd20]
4278294132.data                         File Size: 735       BYTES FileVersion:  N/A            MD5: [d0728dfee5ab5c4c3565d3bce7895b28]
4278294132.quar                         File Size: 48744     BYTES FileVersion:  N/A            MD5: [7b11353ad57a0e5a376b73ebb46d100e]
4388728322.data                         File Size: 753       BYTES FileVersion:  N/A            MD5: [e44fee10807f44ce1d6472c9bb60b02e]
4388728322.quar                         File Size: 1166      BYTES FileVersion:  N/A            MD5: [23fe839bc903e4b4771975ae453cb2c3]
4531757881.data                         File Size: 695       BYTES FileVersion:  N/A            MD5: [6c30b2f94fa7f8370f42447f0dfb12fe]
4531757881.quar                         File Size: 61344     BYTES FileVersion:  N/A            MD5: [eaeae8f1c043713953df244405096a67]
4643726358.data                         File Size: 742       BYTES FileVersion:  N/A            MD5: [b3b3d5914897b62ad34af0ae30bf5ac9]
4643726358.quar                         File Size: 1960      BYTES FileVersion:  N/A            MD5: [e4b66cee949b3d33561a894e82e7f067]
5030303820.data                         File Size: 829       BYTES FileVersion:  N/A            MD5: [b42750ff2f4f4ad2cb8d664d1431d0a2]
5136241078.data                         File Size: 741       BYTES FileVersion:  N/A            MD5: [818494a6cf3741c6dd5cba208ad2aecf]
5211355991.data                         File Size: 731       BYTES FileVersion:  N/A            MD5: [136b51b36171f2b5cea0a70a426b1acc]
5211355991.quar                         File Size: 280       BYTES FileVersion:  N/A            MD5: [9f38f80f94fe5d84b1adbb1d64d8390c]
5256048047.data                         File Size: 730       BYTES FileVersion:  N/A            MD5: [eab1d727e181d620f3596967486f589c]
5256048047.quar                         File Size: 356       BYTES FileVersion:  N/A            MD5: [c2602ad2fbc2897e8d47772bc2cb913c]
5281671736.data                         File Size: 724       BYTES FileVersion:  N/A            MD5: [9650edc12c6854c1af61e573896d0b5f]
5281671736.quar                         File Size: 306       BYTES FileVersion:  N/A            MD5: [b813b83c58763b4de66a415a64fb32fe]
5441765012.data                         File Size: 707       BYTES FileVersion:  N/A            MD5: [59848f2e69455a21f0cec1c0ee0982d5]
5441765012.quar                         File Size: 832       BYTES FileVersion:  N/A            MD5: [d6cbf5cdb280e862eb0ebeece549680f]
5561435801.data                         File Size: 790       BYTES FileVersion:  N/A            MD5: [fc69a974f30c4852b4b3678b7db699b9]
5571538821.data                         File Size: 735       BYTES FileVersion:  N/A            MD5: [7bdf752ffbaeb0f1141a18dcb618a3e3]
5571538821.quar                         File Size: 48744     BYTES FileVersion:  N/A            MD5: [c4e2d0c89627523757a26bac2959b796]
5599523415.data                         File Size: 735       BYTES FileVersion:  N/A            MD5: [091e0ef156dc450fda2f53f046652a8b]
5599523415.quar                         File Size: 276       BYTES FileVersion:  N/A            MD5: [2092cf797b49e5728f3597a5c9e5109c]
5608572031.data                         File Size: 704       BYTES FileVersion:  N/A            MD5: [5e2e138a5a7e9b59142e0fd188611949]
5608572031.quar                         File Size: 1616      BYTES FileVersion:  N/A            MD5: [c2ad5179945dca0b70925760d3ed4662]
5702810573.data                         File Size: 752       BYTES FileVersion:  N/A            MD5: [4184eaeac48c88ebc8428ea70b6a824e]
5702810573.quar                         File Size: 928880    BYTES FileVersion:  N/A            MD5: [673aa16633a59fe729f59f4b4d38c41d]
5782583212.data                         File Size: 729       BYTES FileVersion:  N/A            MD5: [e31edae3b2951303b976ec1f056d59ac]
6040081200.data                         File Size: 707       BYTES FileVersion:  N/A            MD5: [74c8c362e271d26261b89f560e67f755]
6040081200.quar                         File Size: 832       BYTES FileVersion:  N/A            MD5: [1bcfc6a1883ca04ee0fc1e8288abbbb3]
6072038220.data                         File Size: 807       BYTES FileVersion:  N/A            MD5: [d040f39a17669c106a648fdc56af6afe]
6072038220.quar                         File Size: 748       BYTES FileVersion:  N/A            MD5: [f92e0a0b17cdd19bb96adac31f03949d]
6122557052.quar                         File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
6160086499.data                         File Size: 742       BYTES FileVersion:  N/A            MD5: [8874faf9a6e97c8ee9b3a31bed97d9a9]
6160086499.quar                         File Size: 1960      BYTES FileVersion:  N/A            MD5: [ac3fe476929a7302d2dfcaeaf8301df7]
6466132225.data                         File Size: 752       BYTES FileVersion:  N/A            MD5: [1acfdd0eaf57124a6cb133dc6a519529]
6466132225.quar                         File Size: 928880    BYTES FileVersion:  N/A            MD5: [673aa16633a59fe729f59f4b4d38c41d]
6668067501.data                         File Size: 742       BYTES FileVersion:  N/A            MD5: [12caca3fe4ef5488d49718dd59b47d5f]
6668067501.quar                         File Size: 1960      BYTES FileVersion:  N/A            MD5: [db95da70d8a40a290f117e956217b248]
6841703598.data                         File Size: 724       BYTES FileVersion:  N/A            MD5: [4b229717eebafcdc244206207b2fb142]
6841703598.quar                         File Size: 1693024   BYTES FileVersion:  N/A            MD5: [910b5153c78aafb91b814b2b0d02207e]
6863259237.data                         File Size: 686       BYTES FileVersion:  N/A            MD5: [d8e1d60c767b6138c4630e415d30686b]
6863259237.quar                         File Size: 596       BYTES FileVersion:  N/A            MD5: [22e59f8776a5847352b5313ee5693f61]
7161363449.quar                         File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
7238363632.data                         File Size: 851       BYTES FileVersion:  N/A            MD5: [4f2a4e5aed85fb072826443796076f15]
7238363632.quar                         File Size: 2100      BYTES FileVersion:  N/A            MD5: [1d32a84451bd2be25e5c6f6e4b8167b5]
7530814153.data                         File Size: 846       BYTES FileVersion:  N/A            MD5: [9a2ac23e9d8de0457a488467ab1c8294]
7530814153.quar                         File Size: 937       BYTES FileVersion:  N/A            MD5: [b8f247f6e5c0cf9160297c28614f53b3]
7714390150.data                         File Size: 867       BYTES FileVersion:  N/A            MD5: [ebb3da3c037187d7cbc43a03806a35a9]
7764402353.data                         File Size: 705       BYTES FileVersion:  N/A            MD5: [14b0728197e60996aa59bf91ebb4955e]
7982824848.data                         File Size: 735       BYTES FileVersion:  N/A            MD5: [bb87b43b3cdde63ed3eac7baa42cb2e6]
7982824848.quar                         File Size: 48744     BYTES FileVersion:  N/A            MD5: [4abd4de708f1b5376350881c26188f32]
8115033315.data                         File Size: 732       BYTES FileVersion:  N/A            MD5: [75b72737c1015a86210443db372d0c88]
8115033315.quar                         File Size: 274       BYTES FileVersion:  N/A            MD5: [5ecb239e7b83b2ea9b0b223f098b8ebb]
8174522910.data                         File Size: 706       BYTES FileVersion:  N/A            MD5: [be1ad93e2416d9bfcfc3286c4c3314e1]
8617484575.data                         File Size: 728       BYTES FileVersion:  N/A            MD5: [a6a083a2bae7facc7e389f841b7c6427]
8617484575.quar                         File Size: 276       BYTES FileVersion:  N/A            MD5: [2092cf797b49e5728f3597a5c9e5109c]
8720802495.data                         File Size: 1025      BYTES FileVersion:  N/A            MD5: [d501e7c01b5540c8cf7bcc236b25eccd]
8748730411.data                         File Size: 735       BYTES FileVersion:  N/A            MD5: [3cd0504a8b5aef4767a24bcc00545cf0]
8748730411.quar                         File Size: 48744     BYTES FileVersion:  N/A            MD5: [cc5f5cfcfbe491da8e9b531f811fc9b0]
8758934706.data                         File Size: 893       BYTES FileVersion:  N/A            MD5: [57995a0a70d497a87e6a42c2f7517a7b]
8793899550.data                         File Size: 732       BYTES FileVersion:  N/A            MD5: [8c181c30e5e1bd017b11cf3ddf6d4a3a]
8793899550.quar                         File Size: 280       BYTES FileVersion:  N/A            MD5: [25a71d1e0b8db3b2290be31956ad82d0]
9402827692.data                         File Size: 735       BYTES FileVersion:  N/A            MD5: [65cb8c6ca703674dee6ffeb0049b6938]
9402827692.quar                         File Size: 48744     BYTES FileVersion:  N/A            MD5: [feb71d707ed1f169f6925d558923543e]
9557021218.data                         File Size: 765       BYTES FileVersion:  N/A            MD5: [a995e8cf2cf94e100ca81bea2269e47e]
9557021218.quar                         File Size: 1166      BYTES FileVersion:  N/A            MD5: [bdc2b0f68316a2603c900e15f651308e]
9675908435.data                         File Size: 709       BYTES FileVersion:  N/A            MD5: [6901c2670546f4892dc831d51fda3c45]
9680366477.data                         File Size: 835       BYTES FileVersion:  N/A            MD5: [e8b331a51ec7ec235501ef9628a87a56]
9680366477.quar                         File Size: 27815     BYTES FileVersion:  N/A            MD5: [c5f7fc3c1d5699b33488e80e4e3c2ede]
9696079374.data                         File Size: 735       BYTES FileVersion:  N/A            MD5: [abac44ef25f4cecece3ff2206e1c96f1]
9696079374.quar                         File Size: 48744     BYTES FileVersion:  N/A            MD5: [354733581f06fb605489606b56d7389f]
9790024742.data                         File Size: 753       BYTES FileVersion:  N/A            MD5: [028a45881e63c2ba6300385331396104]
9790024742.quar                         File Size: 45        BYTES FileVersion:  N/A            MD5: [6994acda9b9afbbc5fd836bdea048240]
 
Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
Vendor: PUP.Optional.Shopperz.BrwsrFlsh, Date: 2016/06/18 23:48:17, Type: Registry Value, Location: HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{D650069B-3B59-428C-86EC-EA20DC9F6FAD}
Vendor: PUP.Optional.BrowseFox, Date: 2016/06/18 23:48:17, Type: Registry Key, Location: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{f958abdb-efb6-4ba4-a88c-c3a7c4b7db85}Gw64
Vendor: PUP.Optional.SimpleMediaPlayer, Date: 2016/06/18 23:48:17, Type: File, Location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple Media Player\Uninstall.lnk
Vendor: PUP.Optional.BrowseFox, Date: 2016/06/18 23:48:17, Type: Registry Key, Location: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{ec939cc5-4795-452a-be8a-038ce48176ea}Gw64
Vendor: PUP.Optional.uTorrentTB.A, Date: 2015/08/19 20:45:13, Type: File, Location: C:\Users\DENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\Search\NewTabPages\API\MostVisited.js
Vendor: PUP.Optional.Yontoo, Date: 2016/06/18 23:48:17, Type: Registry Key, Location: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Update Oasis Space
Vendor: PUP.Optional.PennyBee, Date: 2016/06/18 23:48:17, Type: File, Location: C:\Program Files\shopperz211120152144\unins000.exe
Vendor: PUP.Optional.SpaceSoundPro, Date: 2016/06/18 23:48:17, Type: Registry Value, Location: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\zz.9413.sp|DisplayName
Vendor: PUP.Optional.ConsumerInput, Date: 2016/06/18 23:48:17, Type: Registry Value, Location: HKU\S-1-5-21-2677709072-2034913955-4064115373-1000\SOFTWARE\CITADEX|
Vendor: PUP.Optional.Shopperz.BrwsrFlsh, Date: 2016/06/18 23:48:17, Type: File, Location: C:\Windows\System32\drivers\cherimoya.sys
Vendor: PUP.Optional.uTorrentTB.A, Date: 2015/08/19 20:44:26, Type: File, Location: C:\Users\DENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\js\communicator.back.js
Vendor: PUP.Optional.Spigot.SID, Date: 2015/08/20 08:17:17, Type: File, Location: C:\Users\DENNE\AppData\Roaming\Settings Manager\SettingsManager.exe
Vendor: PUP.Optional.Spigot.SID, Date: 2015/08/23 00:50:55, Type: File, Location: C:\Users\DENNE\AppData\Roaming\Settings Manager\SettingsManager.exe
Vendor: PUP.Optional.Yontoo, Date: 2016/06/18 23:48:17, Type: Registry Key, Location: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Util Oasis Space
Vendor: Rootkit.Komodia.PUA, Date: 2016/06/18 23:48:17, Type: File, Location: C:\Windows\System32\drivers\bsdriver.sys
Vendor: PUP.Optional.BrowseFox, Date: 2016/06/18 23:48:17, Type: Registry Key, Location: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{6a8dc96b-863b-45c3-bd7e-f21a476ac24d}Gw64
Vendor: PUP.Optional.Shopperz.BrwsrFlsh, Date: 2016/06/18 23:48:17, Type: Registry Key, Location: HKU\S-1-5-21-2677709072-2034913955-4064115373-1000\SOFTWARE\{3BC88568-686C-4A8B-89CA-C2E45582B790}
Vendor: PUP.Optional.Managera, Date: 2016/06/18 23:48:17, Type: Folder, Location: C:\Users\DENNE\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42
Vendor: PUP.Optional.Spigot.SID, Date: 2015/08/19 16:43:32, Type: File, Location: C:\Users\DENNE\AppData\Roaming\Settings Manager\SettingsManager.exe
Vendor: PUP.Optional.CrossAd, Date: 2016/06/18 23:48:17, Type: File, Location: C:\Users\DENNE\AppData\Local\Extension Car\zBin\extensioncar.dll.vir
Vendor: PUP.Optional.Shopperz.BrwsrFlsh, Date: 2016/06/18 23:48:17, Type: Registry Value, Location: HKU\S-1-5-19\SOFTWARE\{3BC88568-686C-4A8B-89CA-C2E45582B790}|Name
Vendor: PUP.Optional.PCAcceleratePro, Date: 2016/06/18 23:48:17, Type: Registry Value, Location: HKU\S-1-5-21-2677709072-2034913955-4064115373-1000\SOFTWARE\APTAB|hb
Vendor: PUP.Optional.GetSavin, Date: 2016/06/18 23:48:17, Type: Registry Key, Location: HKU\S-1-5-21-2677709072-2034913955-4064115373-1000\SOFTWARE\APPDATALOW\SOFTWARE\GetSavin
Vendor: PUP.Optional.Tuto4PC, Date: 2016/06/18 23:48:17, Type: Registry Value, Location: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|oasi_en_320010107
Vendor: PUP.Optional.Shopperz.BrwsrFlsh, Date: 2016/06/18 23:48:17, Type: Registry Value, Location: HKU\S-1-5-20\SOFTWARE\{3BC88568-686C-4A8B-89CA-C2E45582B790}|Name
Vendor: PUP.Optional.Spigot.SID, Date: 2015/08/25 02:49:12, Type: File, Location: C:\Users\DENNE\AppData\Roaming\Settings Manager\SettingsManager.exe
Vendor: PUP.Optional.uTorrentTB.A, Date: 2015/08/19 20:46:00, Type: File, Location: C:\Users\DENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\Search\NewTabPages\img\favicon.ico
Vendor: PUP.Optional.VBates, Date: 2016/06/19 16:53:16, Type: Registry Value, Location: HKU\S-1-5-21-2677709072-2034913955-4064115373-1000_Classes\SOFTWARE\{3BC88568-686C-4A8B-89CA-C2E45582B790}|Name
Vendor: PUP.Optional.VBates, Date: 2016/06/19 16:53:16, Type: Registry Key, Location: HKU\S-1-5-21-2677709072-2034913955-4064115373-1000_Classes\SOFTWARE\{3BC88568-686C-4A8B-89CA-C2E45582B790}
Vendor: PUP.Optional.Shopperz.BrwsrFlsh, Date: 2016/06/18 23:48:17, Type: Folder, Location: C:\Program Files\shopperz211120152144
Vendor: PUP.Optional.Shopperz.BrwsrFlsh, Date: 2016/06/18 23:48:17, Type: Registry Key, Location: HKU\S-1-5-18\SOFTWARE\{3BC88568-686C-4A8B-89CA-C2E45582B790}
Vendor: PUP.Optional.Shopperz.BrwsrFlsh, Date: 2016/06/18 23:48:17, Type: Registry Key, Location: HKU\S-1-5-20\SOFTWARE\{3BC88568-686C-4A8B-89CA-C2E45582B790}
Vendor: PUP.Optional.SpaceSoundPro, Date: 2016/06/18 23:48:17, Type: Registry Key, Location: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ZZ.9413.SP
Vendor: PUP.Optional.SolidSavings, Date: 2016/06/18 23:48:17, Type: Registry Key, Location: HKLM\SOFTWARE\WOW6432NODE\Solid Savings
Vendor: PUP.Optional.BrowseFox, Date: 2016/06/18 23:48:17, Type: File, Location: C:\Windows\System32\drivers\{ec939cc5-4795-452a-be8a-038ce48176ea}Gw64.sys
Vendor: PUP.Optional.SimpleMediaPlayer, Date: 2016/06/18 23:48:17, Type: File, Location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple Media Player\Website.lnk
Vendor: Rootkit.Agent.A, Date: 2016/06/18 23:48:17, Type: File, Location: C:\Windows\System32\drivers\cherimoya.sys
Vendor: PUP.Optional.BrowseFox, Date: 2016/06/18 23:48:17, Type: Registry Key, Location: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{3017beda-3a20-4072-bf32-afc5993ff422}Gw64
Vendor: PUP.Optional.Shopperz.BrwsrFlsh, Date: 2016/06/18 23:48:17, Type: Registry Value, Location: HKU\S-1-5-18\SOFTWARE\{3BC88568-686C-4A8B-89CA-C2E45582B790}|Name
Vendor: PUP.Optional.SimpleMediaPlayer, Date: 2016/06/18 23:48:17, Type: Folder, Location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple Media Player
Vendor: PUP.Optional.InstantSupport, Date: 2016/06/18 23:48:17, Type: Registry Key, Location: HKU\S-1-5-21-2677709072-2034913955-4064115373-1000\SOFTWARE\ISTab
Vendor: PUP.Optional.Shopperz.BrwsrFlsh, Date: 2016/06/18 23:48:17, Type: Registry Key, Location: HKU\S-1-5-19\SOFTWARE\{3BC88568-686C-4A8B-89CA-C2E45582B790}
Vendor: PUP.Optional.VBates, Date: 2016/06/18 23:48:17, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\CLSID\{08ACFB57-8187-47f0-AF93-56360D03634A}
Vendor: PUP.Optional.DeskBar, Date: 2016/06/18 23:48:17, Type: Registry Key, Location: HKLM\SOFTWARE\MICROSOFT\TRACING\DeskBar_RASAPI32
Vendor: PUP.Optional.GamesDesktop, Date: 2016/06/18 23:48:17, Type: Registry Value, Location: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_us_005010153
Vendor: PUP.Optional.BrowseFox, Date: 2016/06/18 23:48:17, Type: File, Location: C:\Windows\System32\drivers\{3017beda-3a20-4072-bf32-afc5993ff422}Gw64.sys
Vendor: PUP.Optional.VBates, Date: 2016/06/18 23:48:17, Type: File, Location: C:\Users\DENNE\AppData\LocalLow\Company\Product\1.0\localStorageIE_backup.txt
Vendor: PUP.Optional.HijackHosts.Gen, Date: 2016/06/18 23:48:17, Type: File, Location: C:\Windows\System32\ciff\acen\oku.dat
Vendor: PUP.Optional.Spigot.SID, Date: 2015/08/19 15:00:26, Type: File, Location: C:\Users\DENNE\AppData\Roaming\Settings Manager\SettingsManager.exe
Vendor: PUP.Optional.ExTutil, Date: 2016/06/18 23:48:17, Type: Folder, Location: C:\Users\DENNE\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B
Vendor: PUP.Optional.DeskBar, Date: 2016/06/18 23:48:17, Type: Registry Key, Location: HKLM\SOFTWARE\MICROSOFT\TRACING\DeskBar_RASMANCS
Vendor: PUP.Optional.FeedNotifier, Date: 2016/06/18 23:48:17, Type: Registry Key, Location: HKU\S-1-5-21-2677709072-2034913955-4064115373-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\462AF913_0
Vendor: PUP.Optional.BrowseFox, Date: 2016/06/18 23:48:17, Type: Registry Key, Location: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{4570eb54-29c2-4259-9afb-c7566ebd0b63}Gw64
Vendor: PUP.Optional.Spigot.SID, Date: 2015/08/25 16:51:31, Type: File, Location: C:\Users\DENNE\AppData\Roaming\Settings Manager\SettingsManager.exe
Vendor: PUP.Optional.BrowseFox, Date: 2016/06/18 23:48:17, Type: Registry Key, Location: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{eeea1470-a34b-421d-8578-085229e78f50}Gw64
Vendor: PUP.Optional.OpenCandy, Date: 2016/06/18 23:48:17, Type: File, Location: C:\Users\DENNE\AppData\Roaming\uTorrent\updates\3.4.3_40760.exe
Vendor: PUP.Optional.TaskRNDM, Date: 2016/06/18 23:48:17, Type: File, Location: C:\Windows\SysWOW64\sc.bat
Vendor: PUP.Optional.uTorrentTB.A, Date: 2015/08/19 20:43:39, Type: File, Location: C:\Users\DENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\Search\NewTabPages\html\NewTabBackground.html
Vendor: PUP.Optional.uTorrentTB.A, Date: 2015/08/19 20:47:36, Type: File, Location: C:\Users\DENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\tb\al\wa\APPLICATION_BUTTON\Js\bgpage.js
Vendor: PUP.Optional.Shopperz.BrwsrFlsh, Date: 2016/06/18 23:48:17, Type: Registry Value, Location: HKU\S-1-5-21-2677709072-2034913955-4064115373-1000\SOFTWARE\{3BC88568-686C-4A8B-89CA-C2E45582B790}|Name
Vendor: PUP.Optional.VBates, Date: 2016/06/18 23:48:17, Type: Folder, Location: C:\Users\DENNE\AppData\LocalLow\Company\Product
Vendor: PUP.Optional.BrowseFox, Date: 2016/06/18 23:48:17, Type: File, Location: C:\Windows\System32\drivers\{6a8dc96b-863b-45c3-bd7e-f21a476ac24d}Gw64.sys
Vendor: PUP.Optional.ConsumerInput, Date: 2016/06/18 23:48:17, Type: Registry Key, Location: HKU\S-1-5-21-2677709072-2034913955-4064115373-1000\SOFTWARE\CITADEX
Vendor: PUP.Optional.SolidSavings, Date: 2016/06/18 23:48:17, Type: Folder, Location: C:\Users\DENNE\AppData\Local\Solid Savings
Vendor: PUP.Optional.VBates, Date: 2016/06/18 23:48:17, Type: File, Location: C:\Users\DENNE\AppData\LocalLow\Company\Product\1.0\localStorageIE.txt
Vendor: PUP.Optional.FeedNotifier, Date: 2016/06/18 23:48:17, Type: Registry Value, Location: HKU\S-1-5-21-2677709072-2034913955-4064115373-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\462af913_0|
Vendor: PUP.Optional.BrowseFox, Date: 2016/06/18 23:48:17, Type: File, Location: C:\Windows\System32\drivers\{eeea1470-a34b-421d-8578-085229e78f50}Gw64.sys
Vendor: PUP.Optional.Shopperz.BrwsrFlsh, Date: 2016/06/18 23:48:17, Type: Registry Value, Location: HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{D650069B-3B59-428C-86EC-EA20DC9F6FAD}
Vendor: PUP.Optional.PCAcceleratePro, Date: 2016/06/18 23:48:17, Type: Registry Key, Location: HKU\S-1-5-21-2677709072-2034913955-4064115373-1000\SOFTWARE\APTAB
Vendor: PUP.Optional.BrowseFox, Date: 2016/06/18 23:48:17, Type: File, Location: C:\Windows\System32\drivers\{f958abdb-efb6-4ba4-a88c-c3a7c4b7db85}Gw64.sys
Vendor: PUP.Optional.SimpleMediaPlayer, Date: 2016/06/18 23:48:17, Type: File, Location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple Media Player\Simple Media Player.lnk
Vendor: PUP.Optional.VBates, Date: 2016/06/18 23:48:17, Type: Folder, Location: C:\Users\DENNE\AppData\LocalLow\Company\Product\1.0
Vendor: PUP.Optional.uTorrentTB.A, Date: 2015/08/19 20:46:48, Type: File, Location: C:\Users\DENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.31.4.510_0\tb\al\wa\WEATHER\js\gadget.js
Vendor: PUP.Optional.BrowseFox, Date: 2016/06/18 23:48:17, Type: File, Location: C:\Windows\System32\drivers\{4570eb54-29c2-4259-9afb-c7566ebd0b63}Gw64.sys
Vendor: PUM.Optional.FireFoxSearchOverride, Date: 2016/06/18 23:48:17, Type: File, Location: C:\Users\DENNE\AppData\Roaming\Mozilla\Firefox\Profiles\36bv88m1.default\user.js
===============================================================
END OF FILE
 
# AdwCleaner v5.200 - Logfile created 19/06/2016 at 12:36:19
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-14.1 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : DENNE - DENNE-HP
# Running from : J:\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
!! File Missing : C:\Windows\System32\dnsapi.dll !!
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [15517 bytes] - [18/06/2016 18:21:55]
C:\AdwCleaner\AdwCleaner[C2].txt - [1168 bytes] - [19/06/2016 11:34:13]
C:\AdwCleaner\AdwCleaner[S1].txt - [18255 bytes] - [18/06/2016 18:20:09]
C:\AdwCleaner\AdwCleaner[S2].txt - [997 bytes] - [19/06/2016 11:31:06]
C:\AdwCleaner\AdwCleaner[S3].txt - [966 bytes] - [19/06/2016 12:36:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1038 bytes] ##########
 


#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:55 PM

Posted 25 June 2016 - 11:00 AM

What about the ESET Online scanner?

 

I hope you restarted the computer after running Malwarebytes, this is required to remove the item found.

 

 
 

emsisoft%201_zpsoqojjiws.png
 
Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note:  This option is only available if malicious objects were detected during the scan.  If this is the case select Delete selected.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

  • Edited by dc3, 25 June 2016 - 11:01 AM.

    Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

     

     

     

     





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users