Jump to content

55555stitch55555

Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by 55555stitch55555

  1. I appreciate the assistance. About when Malwarebytes crashes, it seems to crash right after you click on the "Update Now>>" button. It fades out and says Malwarebytes has stopped working then closes out.
  2. We did find some proxy settings and have removed them but still no luck... FRST.txt Addition.txt CheckResults.txt
  3. And... mbam-check result log version: 2.1.0.0002======================================== User Account type: AdministratorOS: Windows 7 64 bit Operating SystemCurrent Build Number: 7600Current Version Number: 6.1Current CSDVersion: Malwarebytes Anti-Malware: 2.0.2.1012Installed On: 2014/07/01Malware Database: 2014.03.a04.09Rootkit Database: 2014.02.20.01Remediation Database: 2013.10.16.01IP Database: 0000.00.00.00Domain Database: 0000.00.00.00License: FreeMalware Protection: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtectorMalicious Website Protection: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMWebAccessControlChameleon: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleonLog Created: 2014/07/01 16:07:22Compatibility Flag Settings:================================= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\LayersSIGN.MEDIA=FE8F60 setup.exe REG_SZ WINXPSP2C:\Program Files\auto cad\acad.exeREG_SZ DISABLEUSERCALLBACKEXCEPTION Malwarebytes Anti-Malware Shell Extension Block Check:====================================================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked: MBAM Startup Entries: =====================HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnceBrowser Guardian REG_DWORD 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceNCPluginUpdater REG_SZ "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update Malwarebytes Anti-Malware Service and Driver Status:======================================================= --------------Driver File Info:--------------C:\Windows\system32\drivers\mbam.sysFile Size: 25816 BYTES FileVersion: 0.1.13.0 MD5: [283f3371f0f1d2a4b48cd444f3458e56]C:\Windows\system32\drivers\mwac.sysFile Size: 63704 BYTES FileVersion: 1.0.1.0 MD5: [fca94ae3e87bd2f18c12371d97479231]C:\Windows\system32\drivers\mbamswissarmy.sysFile Size: 119000 BYTES FileVersion: 0.1.3.0 MD5: [b429327b1ccd987efd87fa603870827d]C:\Windows\system32\drivers\mbamchameleon.sysFile Size: 91352 BYTES FileVersion: 1.0.4.0 MD5: [881f6206d3a8065e42118df11f90fe06] --------------MBAMProtector:--------------Type: N/AState: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtectorWIN32_EXIT_CODE: N/ASERVICE_EXIT_CODE: N/ACHECKPOINT: N/AWAIT_HINT: N/A --------------MBAMService:--------------Type: N/AState: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMServiceWIN32_EXIT_CODE: N/ASERVICE_EXIT_CODE: N/ACHECKPOINT: N/AWAIT_HINT: N/A --------------MBAMScheduler:--------------Type: N/AState: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMSchedulerWIN32_EXIT_CODE: N/ASERVICE_EXIT_CODE: N/ACHECKPOINT: N/AWAIT_HINT: N/A --------------MBAMChameleon:--------------Type: N/AState: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleonWIN32_EXIT_CODE: N/ASERVICE_EXIT_CODE: N/ACHECKPOINT: N/AWAIT_HINT: N/A --------------MBAMWebAccessControl:--------------Type: N/AState: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControlWIN32_EXIT_CODE: N/ASERVICE_EXIT_CODE: N/ACHECKPOINT: N/AWAIT_HINT: N/A Required Dependencies:====================== --------------BFE:--------------Type: N/AState: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: BFEWIN32_EXIT_CODE: N/ASERVICE_EXIT_CODE: N/ACHECKPOINT: N/AWAIT_HINT: N/A --------------fltmgr:--------------Type: 2State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)WIN32_EXIT_CODE: 0SERVICE_EXIT_CODE: 0CHECKPOINT: 0WAIT_HINT: 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgrAttachWhenLoaded REG_DWORD 1DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001Group REG_SZ FSFilter InfrastructureImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sysDescription REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000ErrorControl REG_DWORD 3Start REG_DWORD 0Tag REG_DWORD 1Type REG_DWORD 2HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum0 REG_SZ Root\LEGACY_FLTMGR\0000Count REG_DWORD 1NextInstance REG_DWORD 1 C:\Windows\system32\drivers\fltmgr.sysFile Size: 290368 BYTES FileVersion: 6.1.7600.16385 MD5: [f7866af72abbaf84b1fa5aa195378c59]C:\Windows\SysWOW64\comctl32.ocxFile Size: 608448 BYTES FileVersion: 6.0.81.5 MD5: [eb5f811c1f78005b3c147599a0cccf51]C:\Windows\SysWOW64\mscomctl.ocxFile Size: 1066176 BYTES FileVersion: 6.0.88.62 MD5: [714cf24fc19a20ae0dc701b48ded2cf6]C:\Windows\SysWOW64\olepro32.dllFile Size: 90112 BYTES FileVersion: 6.1.7600.16385 MD5: [c10459dbdc2099c5a8428cb7d87db85f] MBAM Registry Settings and License Info:========================================--------------Settings:--------------Advanced: AutomaticQuarantine: true AutostartProtection: true LimitedMode: false StartSilentMode: false StartupDelay: 0 ApplicationState: First-Run-After-Installation: false General: DaysUntilNotifyExpiration: 5 Language: en RightClickAccess: false SilentErrors: false Logging: ExportLog: true Notification: ProtectionTray: DisplayMilliseconds: 7000 ScanHistory: Duration_Driver: 0 Duration_Filesystem: 96000 Duration_Heuristics: 8000 Duration_Loading: 0 Duration_MasterBootRecord: 0 Duration_Memory: 40000 Duration_PreScan: 44000 Duration_Registry: 3000 Duration_Sector: 0 Duration_Startup: 7000 ItemCount_Driver: 0 ItemCount_Filesystem: 6890 ItemCount_Heuristics: 108509 ItemCount_Loading: 0 ItemCount_MasterBootRecord: 0 ItemCount_Memory: 2797 ItemCount_PreScan: 0 ItemCount_Registry: 38948 ItemCount_Sector: 0 ItemCount_Startup: 447 LastScanDateEpoch: 0 LastScanType: 0 (No Previous Scans)Update: NotifyInstallReady: true NotifyOutdatedDatabase: 1 ProxyPassword: ProxyPort: 0 ProxyServer: ProxyUsername: UseProxy: false UseProxyAuthentication: false --------------Account:-------------- Account Status: Free Expiration Time: Activation Time: Trial Used: false --------------Access Policies:-------------- Scheduler Queue:================ Pending File Rename Operations: ================================If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.Pending File Rename Operations: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations REG_MULTI_SZ \??\C:\Users\George\AppData\Local\Temp\nsvEFF.tmp\nsProcess.dll MBAMProtector Registry Values:============================== MBAMService Registry Values:============================ MBAMScheduler Registry Values:============================== Terminal Services Status for (null) entries in PM logs and GetUserToken errors:=============================================================================== --------------TERMService:--------------Type: 32State: 1 (The service is not running.) (State is stopped)WIN32_EXIT_CODE: 1077SERVICE_EXIT_CODE: 0CHECKPOINT: 0WAIT_HINT: 0 TermService Start is set to: 3 (Manual Startup) Proxy Status: Proxy is Set <--PROXY IS SET FOR INTERNET SETTINGS Proxy Server: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer REG_SZ http=127.0.0.1:3128 Proxy Override: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride REG_SZ <-loopback> LAN Settings:============= only 'Use a proxy server for your LAN' is selected SystemPartition:================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition REG_SZ \Device\HarddiskVolume2 Balloon Tips Status:==================== Enabled Time Format Settings:===================== Should be:h:mm:ss ttAM PM : Currently:REG_SZ h:mm:ss ttREG_SZ AMREG_SZ PMREG_SZ : Language and Regional Settings:=============================== ACP: Language is English (United States)MACCP: Language is English (United States)OEMCP: Language is English (United States) Startup Folders for Error_Expanding_Variables Check:==================================================== All Users Startup Folder Exists.Current User's Startup Folder Exists. Context Menu Entries:===================== List of MBAM Related Directories:================================= C:\Program Files (x86)\Malwarebytes Anti-Malware\7z.dll File Size: 920888 BYTES FileVersion: 9.20.0.0 MD5: [aa82857a35dfb4d0f99ed2009b30c830]changes.txt File Size: 2261 BYTES FileVersion: N/A MD5: [af70267bdf9a37a96f1a79a5c3720ae6]license.rtf File Size: 39478 BYTES FileVersion: N/A MD5: [8627b31943a534aad30d154c2b2c1aaf]master.conf File Size: 1258 BYTES FileVersion: N/A MD5: [9702ca5e82d3756c6d8af34a2ababaea]mbam.dll File Size: 579896 BYTES FileVersion: 1.0.7.0 MD5: [a10321662c4fb2726615bea7d10cf32d]mbam.exe File Size: 6970168 BYTES FileVersion: 1.0.0.532 MD5: [92a70eadc9ac6b02e49e6ac9f309f9a4]mbamcore.dll File Size: 1680696 BYTES FileVersion: 1.0.11.0 MD5: [f598e8dd3eee6466e0a45a4fd08b5136]mbamdor.exe File Size: 54072 BYTES FileVersion: 1.0.1.0 MD5: [a67e07737f8e8a21306a5f6a5f01e2ca]mbamext.dll File Size: 184632 BYTES FileVersion: 3.0.4.0 MD5: [c12706c0a683c88813d3cb5d8852569a]mbampt.exe File Size: 39736 BYTES FileVersion: 1.0.0.0 MD5: [b18ff4e30636cf7a0afc0148b8e41999]mbamscheduler.exe File Size: 1809720 BYTES FileVersion: 3.0.2.0 MD5: [aabac37acaa1f25d18f1b24f4c9aaa2c]mbamservice.exe File Size: 860472 BYTES FileVersion: 3.0.2.0 MD5: [f683d469fca8dd31a234ad784ceea5a6]mbamsrv.dll File Size: 4437816 BYTES FileVersion: 1.1.0.0 MD5: [6986487982ef74c2a0f5d7e00a7c8617]msvcp100.dll File Size: 421688 BYTES FileVersion: 10.0.40219.325 MD5: [2d4ee528fb5564b6d124a01da469000f]msvcr100.dll File Size: 774456 BYTES FileVersion: 10.0.40219.325 MD5: [aec1bf70e7f56883a7a88a63f1c57056]QtCore4.dll File Size: 2732856 BYTES FileVersion: 4.8.4.0 MD5: [afb6f2eda95849f32ae4eff2178dc01b]QtGui4.dll File Size: 8575288 BYTES FileVersion: 4.8.4.0 MD5: [5903e1e9faaab499a21a02d176fcdc93]QtNetwork4.dll File Size: 909112 BYTES FileVersion: 4.8.4.0 MD5: [3cc76ae3c0be1f02a58543ca774b45d4]unins000.dat File Size: 23383 BYTES FileVersion: N/A MD5: [c8a11a1601106c418081750b89bcbbe8]unins000.exe File Size: 718037 BYTES FileVersion: 51.52.0.0 MD5: [d2796ecf50731e696f0c065d24c0827a] C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windowschameleon.chm File Size: 235882 BYTES FileVersion: N/A MD5: [c4190b71f037714aa77aba294434ba5b]firefox.com File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [5597e8dfe73d7492b8f052106cd0615d]firefox.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [5597e8dfe73d7492b8f052106cd0615d]firefox.pif File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [5597e8dfe73d7492b8f052106cd0615d]firefox.scr File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [5597e8dfe73d7492b8f052106cd0615d]iexplore.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [5597e8dfe73d7492b8f052106cd0615d]mbam-chameleon.com File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [5597e8dfe73d7492b8f052106cd0615d]mbam-chameleon.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [5597e8dfe73d7492b8f052106cd0615d]mbam-chameleon.pif File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [5597e8dfe73d7492b8f052106cd0615d]mbam-chameleon.scr File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [5597e8dfe73d7492b8f052106cd0615d]mbam-killer.exe File Size: 1181496 BYTES FileVersion: N/A MD5: [79f920356c1ea6e778b0323f3eea5fec]rundll32.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [5597e8dfe73d7492b8f052106cd0615d]svchost.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [5597e8dfe73d7492b8f052106cd0615d]windows.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [5597e8dfe73d7492b8f052106cd0615d]winlogon.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [5597e8dfe73d7492b8f052106cd0615d] C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformatsqgif4.dll File Size: 32568 BYTES FileVersion: 4.8.4.0 MD5: [8f364b442b18875d98382e2b25074b5e] C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languageslang_bg.qm File Size: 144048 BYTES FileVersion: N/A MD5: [9ccb79999432d56b9843a3e2b2c90325]lang_bs.qm File Size: 145523 BYTES FileVersion: N/A MD5: [6ab7a6274d4f9f7553c944f5c66201ba]lang_ca.qm File Size: 132254 BYTES FileVersion: N/A MD5: [68a83ec63b6e7bc5dbdd412bcc49c6ce]lang_cs.qm File Size: 141243 BYTES FileVersion: N/A MD5: [6b8acee7f461fa69b83d2c45c3725427]lang_da.qm File Size: 130101 BYTES FileVersion: N/A MD5: [8539796784746218b229419e99ab308d]lang_de.qm File Size: 149462 BYTES FileVersion: N/A MD5: [fcd3bc376ad219396e8c7d3c87cd8864]lang_el.qm File Size: 149912 BYTES FileVersion: N/A MD5: [74f13f95f63fe96c08e571598df052d6]lang_en.qm File Size: 115961 BYTES FileVersion: N/A MD5: [8c9da1c0ce06b89f8d323bf948bfba4e]lang_es.qm File Size: 130487 BYTES FileVersion: N/A MD5: [33e1c6d40b841cc2e783ec8d8102e66f]lang_et.qm File Size: 138126 BYTES FileVersion: N/A MD5: [aa215b5f37a72a69854c9163ac543b51]lang_fi.qm File Size: 144256 BYTES FileVersion: N/A MD5: [18912c339939c3a6629004ec900f4fe4]lang_fr.qm File Size: 149253 BYTES FileVersion: N/A MD5: [ec2bf2f431c4273f151b8c8a7b84c387]lang_he.qm File Size: 116101 BYTES FileVersion: N/A MD5: [9e692744e77051c6ce14df32f9b71920]lang_hr.qm File Size: 139841 BYTES FileVersion: N/A MD5: [3e3737fe86eb595c5f6817eebf731aa7]lang_hu.qm File Size: 145621 BYTES FileVersion: N/A MD5: [52d3d7fcf8c8db071ef0573a1357c2fd]lang_id.qm File Size: 143102 BYTES FileVersion: N/A MD5: [80473d2c73d2f54f2b23c9316f2d0ceb]lang_it.qm File Size: 146851 BYTES FileVersion: N/A MD5: [7e7aea7d0b433d7e912ed9f0887684a7]lang_ja.qm File Size: 121282 BYTES FileVersion: N/A MD5: [19ac79b7a5e05d665e417c2dd75afc94]lang_ko.qm File Size: 118033 BYTES FileVersion: N/A MD5: [de213178c14490bf452ea45278d3442d]lang_nl.qm File Size: 146325 BYTES FileVersion: N/A MD5: [5aec6f6bdc5e6c28744e6ef374709eeb]lang_no.qm File Size: 142918 BYTES FileVersion: N/A MD5: [4388c08217618af2e24173af6f5d3f97]lang_pl.qm File Size: 145434 BYTES FileVersion: N/A MD5: [699700c889447d1f9b607c04f07fff67]lang_pt_BR.qm File Size: 131739 BYTES FileVersion: N/A MD5: [a3430222223d59da8ec6ea1edae5ee2f]lang_pt_PT.qm File Size: 149128 BYTES FileVersion: N/A MD5: [afdf1907af4c95f9af510d5fc1bb9067]lang_ro.qm File Size: 121166 BYTES FileVersion: N/A MD5: [1672a2b3a9807a1497fe43824c0026c0]lang_ru.qm File Size: 122186 BYTES FileVersion: N/A MD5: [d4dd1eea2b0f52aba2fca4d159c387f7]lang_sk.qm File Size: 119827 BYTES FileVersion: N/A MD5: [8b200d162e8028843e41aa1a927cfd84]lang_sl.qm File Size: 143191 BYTES FileVersion: N/A MD5: [1760a6aa6990b2f0c4c71ec04b25ac9c]lang_sr.qm File Size: 143261 BYTES FileVersion: N/A MD5: [377d15c0da0249f4a7a58978b6307d81]lang_sv.qm File Size: 142525 BYTES FileVersion: N/A MD5: [2587ead21967296fefdd0ee0684fe8b4]lang_tr.qm File Size: 142194 BYTES FileVersion: N/A MD5: [880fcbe97ec6f13ec094f7371b5b295f]lang_vi.qm File Size: 126874 BYTES FileVersion: N/A MD5: [c61281786b5bfec68afc742a19f6abd9]lang_zh_tr.qm File Size: 110870 BYTES FileVersion: N/A MD5: [f223d83580b1ee35edea13293cb2c80d] C:\Program Files (x86)\Malwarebytes Anti-Malware\\Pluginsfixdamage.exe File Size: 821560 BYTES FileVersion: 1.1.0.1010 MD5: [b366caf17832094cffe451c53208c6d5] C:\Users\George\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malwareactions.ref File Size: 314 BYTES FileVersion: N/A MD5: [b26a36c0696e299fdfebe180c09c2737]domains.ref File Size: 38 BYTES FileVersion: N/A MD5: [8c30b536b67543eb68e68b9640d4d498]exclusions.dat File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e]ips.ref File Size: 33 BYTES FileVersion: N/A MD5: [8a1c580788ea8de3f32862c2c1cf373c]rules.ref File Size: 7349775 BYTES FileVersion: N/A MD5: [a4c6832946d2ce099c41d812792259c0]swissarmy.ref File Size: 21081 BYTES FileVersion: N/A MD5: [a6d56a73c602e64853aa689bf3400769] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configurationbuild.conf File Size: 4518 BYTES FileVersion: N/A MD5: [db13f15599e76bf0a3e7dfc3b5874cdb]database.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]gatekeeper.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]license.conf File Size: 23 BYTES FileVersion: N/A MD5: [0ec01df616b565180556881d8042255b]manifest.conf File Size: 1573 BYTES FileVersion: N/A MD5: [5783f572b2f913ca675e1454d95b56ca]marketing.conf File Size: 1434 BYTES FileVersion: N/A MD5: [19533c40d9c9778b2ab423dbcf063d80]net.conf File Size: 6074 BYTES FileVersion: N/A MD5: [866688a6887d125ff074f93367ad93ef]notifications.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]scheduler.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]settings.conf File Size: 1866 BYTES FileVersion: N/A MD5: [3c9f137698ad300d150ec205ccc27073]statistics.conf File Size: 173 BYTES FileVersion: N/A MD5: [142a25b6fb71ade7f64dcc0357e4c84b] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine Malware Exclusions:===================Web Exclusions:================Quarantined Items:==================================================================================END OF FILE
  4. Sorry i took so long to reply. The computer we saw this on was no longer in our possession when I saw this reply. Here is the contents of the log file... Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-06-2014 Ran by George (administrator) on GEORGE-HP on 01-07-2014 15:46:46Running from C:\Users\George\DesktopPlatform: Windows 7 Home Premium (X64) OS Language: English (United States)Internet Explorer Version 8Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe() C:\Program Files\pcmax\pcmax.exe(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe() C:\Program Files (x86)\48A0C3FC-2898-45E4-B2B9-147D27D29D45\SupraSavingsService64.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe() C:\Program Files (x86)\Bench\Proxy\pwdg.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1589104 2013-03-26] (FileOpen Systems Inc.)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)HKLM-x32\...\Run: [bench Communicator Watcher] => C:\Program Files (x86)\Bench\Proxy\pwdg.exe [113152 2014-06-17] ()HKLM-x32\...\Run: [bench Settings Cleaner] => C:\Program Files (x86)\Bench\Proxy\cl.exe [55296 2014-06-17] ()HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-24] (Hewlett-Packard)HKLM-x32\...\Runonce: [browser Guardian] - [X]Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [NoControlPanel] 0HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKLM\...\Policies\Explorer: [HideSCAHealth] 1HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe [535216 2014-05-14] (Adobe Systems Incorporated)HKU\S-1-5-21-304265352-2529404635-3209431853-1000\...\Run: [AdobeBridge] => [X]HKU\S-1-5-21-304265352-2529404635-3209431853-1000\...\Policies\Explorer: [HideSCAHealth] 1HKU\S-1-5-21-304265352-2529404635-3209431853-1000\...\Policies\Explorer: [NoFolderOptions] 0HKU\S-1-5-21-304265352-2529404635-3209431853-1000\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-21-304265352-2529404635-3209431853-1000\...\MountPoints2: {515464fc-fe7c-11e0-a302-6c626dba1323} - J:\VZAccess_Manager.exe /z detectHKU\S-1-5-21-304265352-2529404635-3209431853-1000\...\MountPoints2: {db9f71e2-faec-11e0-b688-6c626dba1323} - J:\VZAccess_Manager.exe /z detectStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=DesktopsSearchScopes: HKLM-x32 - DefaultScope value is missing.SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=DesktopsSearchScopes: HKCU - DefaultScope {45D62A98-3E69-4CD8-BF9B-9E80F55E8355} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US747&p={SearchTerms}SearchScopes: HKCU - {45D62A98-3E69-4CD8-BF9B-9E80F55E8355} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US747&p={SearchTerms}SearchScopes: HKCU - {899B35FF-D18B-8FBB-580A-E99390A9E0B2} URL = http://www.bing.com/search?q={searchTerms}&pc=Z129&form=ZGAIDF&install_date=20111214&iesrc={referrer:source}SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=DesktopsToolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No FileHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)Tcpip\Parameters: [DhcpNameServer] 10.1.10.2 FireFox:========FF ProfilePath: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\uq0nh8ss.defaultFF DefaultSearchEngine: Secure SearchFF SearchEngineOrder.1: Secure SearchFF SelectedSearchEngine: Secure SearchFF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&type=A111US747&p=FF NetworkProxy: "type", 0FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @winzip.com/Winzip Courier - C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\uq0nh8ss.default\searchplugins\startnow.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xmlFF Extension: EpicPlay Games - C:\Users\George\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com [2011-12-14]FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisorFF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-08-12]FF HKLM-x32\...\Firefox\Extensions: [{74c841e3-b59f-479e-8d7a-e26a942a87c8}] - C:\Program Files (x86)\WinZip Courier\FFExtFF Extension: WinZip Courier - C:\Program Files (x86)\WinZip Courier\FFExt [2011-01-02]FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpiFF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: =======CHR HomePage: hxxp://www.google.com/CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=6A55159D-9E75-4299-B0BE-499A1E8E21E4"CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-06-18] ==================== Services (Whitelisted) ================= S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [85096 2011-09-06] (Autodesk)R2 DcomLaunch; C:\Windows\system32\rpcss.dll [518144 2009-07-13] (Microsoft Corporation) [File not signed]R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [337264 2013-03-19] (FileOpen Systems Inc.)R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)R2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.) [File not signed]R2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [241344 2014-05-29] ()R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)R2 RpcSs; C:\Windows\system32\rpcss.dll [518144 2009-07-13] (Microsoft Corporation) [File not signed]R2 SupraSavingsService64; C:\Program Files (x86)\48A0C3FC-2898-45E4-B2B9-147D27D29D45\SupraSavingsService64.exe [172544 2014-06-25] () [File not signed]S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]S2 0033821404239571mcinstcleanup; C:\Windows\TEMP\003382~1.EXE -cleanup -nolog [X] ==================== Drivers (Whitelisted) ==================== S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-01] (Malwarebytes Corporation)R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-07-20] (support.com, Inc)S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-11-14] (Anchorfree Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-01 15:46 - 2014-07-01 15:47 - 00017613 _____ () C:\Users\George\Desktop\FRST.txt2014-07-01 15:46 - 2014-07-01 15:46 - 02083328 _____ (Farbar) C:\Users\George\Desktop\FRST64.exe2014-07-01 15:46 - 2014-07-01 15:46 - 00000000 ____D () C:\FRST2014-07-01 15:38 - 2014-07-01 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee2014-07-01 15:32 - 2014-07-01 15:47 - 00000003 _____ () C:\Users\George\AppData\Local\proxy.log2014-07-01 15:32 - 2014-07-01 15:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-01 15:32 - 2014-07-01 15:32 - 00265752 _____ (Secure By Design Inc.) C:\Users\George\Downloads\Ninite 7Zip Firefox Malwarebytes NET Reader Installer.exe2014-07-01 15:32 - 2014-07-01 15:32 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-01 15:32 - 2014-07-01 15:32 - 00000346 _____ () C:\Windows\Tasks\bench-sys.job2014-07-01 15:32 - 2014-07-01 15:32 - 00000346 _____ () C:\Windows\Tasks\bench-S-1-5-21-304265352-2529404635-3209431853-1000.job2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Guardian2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Users\George\AppData\Local\Browser Guardian2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Users\George\AppData\Local\BenchUpdater2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Program Files (x86)\Bench2014-07-01 15:32 - 2014-05-12 08:05 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-07-01 15:32 - 2014-05-12 08:05 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-07-01 15:32 - 2014-05-12 08:05 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-07-01 15:31 - 2014-07-01 15:31 - 00095512 _____ () C:\Users\George\AppData\Local\GDIPFONTCACHEV1.DAT2014-07-01 15:30 - 2014-07-01 15:30 - 04979904 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-01 15:30 - 2014-07-01 15:30 - 00000356 _____ () C:\Windows\PFRO.log2014-07-01 15:30 - 2014-07-01 15:30 - 00000056 _____ () C:\Windows\setupact.log2014-07-01 15:30 - 2014-07-01 15:30 - 00000022 _____ () C:\Windows\S.dirmngr2014-07-01 15:30 - 2014-07-01 15:30 - 00000000 _____ () C:\Windows\setuperr.log2014-07-01 11:21 - 2014-07-01 11:21 - 00000000 ____D () C:\Users\George\AppData\Roaming\Hard Disk Sentinel2014-07-01 11:17 - 2014-07-01 11:17 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC2014-07-01 11:17 - 2014-07-01 11:17 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-07-01 11:17 - 2014-07-01 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-01 11:17 - 2014-07-01 11:17 - 00000000 ____D () C:\Program Files\CCleaner2014-07-01 11:16 - 2014-07-01 11:16 - 03736040 _____ (Piriform Ltd) C:\Users\George\Downloads\ccsetup415_slim.exe2014-07-01 11:06 - 2014-07-01 11:06 - 00000000 ____D () C:\Program Files\SupraSavings2014-07-01 11:04 - 2014-07-01 11:05 - 00000000 ____D () C:\AdwCleaner2014-07-01 11:04 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-07-01 10:53 - 2014-07-01 10:53 - 00000000 ____D () C:\Windows\ERUNT2014-06-30 18:55 - 2014-06-30 18:55 - 00016384 _____ () C:\BCD_backup2014-06-30 18:55 - 2014-06-30 18:55 - 00013312 ___SH () C:\BCD_backup.LOG2014-06-30 18:53 - 2009-07-13 21:38 - 00383562 __RSH () C:\bootmgr2014-06-30 10:50 - 2014-06-30 10:50 - 00000000 ___HD () C:\ProgramData\Backup2014-06-26 15:27 - 2014-06-30 16:09 - 00000000 ____D () C:\Program Files (x86)\48A0C3FC-2898-45E4-B2B9-147D27D29D452014-06-13 15:12 - 2014-06-17 07:50 - 00026624 _____ () C:\Users\George\Documents\Drawing1_recover.dwg2014-06-12 15:05 - 2014-06-12 15:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys2014-06-10 08:47 - 2014-06-10 08:47 - 00000000 ____D () C:\Users\George\AppData\Roaming\QuickScan2014-06-10 08:46 - 2014-06-10 08:52 - 00000000 ____D () C:\ProgramData\SmartPCScan2014-06-10 08:29 - 2014-06-10 08:29 - 01831520 _____ (iyogi) C:\Users\George\Downloads\iyogi-scc-w0yc301gghghg758z1d1g65g6xwxygwexzg8jic40jc90.exe2014-06-10 08:28 - 2014-06-10 09:07 - 00000000 ____D () C:\Program Files (x86)\iYogi Support Dock2014-06-09 16:45 - 2014-06-10 09:15 - 00037376 _____ () C:\Windows\system32\mzusel.gey2014-06-09 16:42 - 2014-06-09 16:42 - 00000000 ____D () C:\Windows\Sun2014-06-06 13:39 - 2014-06-06 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus2014-06-06 13:39 - 2014-06-06 13:39 - 00000000 ____D () C:\Program Files\McAfee Security Scan2014-06-05 12:32 - 2014-06-30 16:09 - 00000000 ____D () C:\Program Files\pcmax2014-06-05 12:32 - 2014-06-05 12:32 - 00003694 _____ () C:\Windows\System32\Tasks\pcreg2014-06-05 12:31 - 2014-06-05 12:31 - 00509232 _____ (App.install) C:\Users\George\Downloads\Autodesk%20DWG%20Trueview.exe2014-06-05 12:28 - 2014-06-05 12:28 - 00311884 _____ () C:\Users\George\Downloads\X-PLANS.dwg2014-06-04 13:50 - 2014-06-30 19:28 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGeorge2014-06-04 13:50 - 2014-06-30 19:28 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForGeorge.job2014-06-04 05:56 - 2014-06-04 05:56 - 00000218 _____ () C:\Users\George\AppData\Local\recently-used.xbel ==================== One Month Modified Files and Folders ======= 2014-07-01 15:47 - 2014-07-01 15:46 - 00017613 _____ () C:\Users\George\Desktop\FRST.txt2014-07-01 15:47 - 2014-07-01 15:32 - 00000003 _____ () C:\Users\George\AppData\Local\proxy.log2014-07-01 15:46 - 2014-07-01 15:46 - 02083328 _____ (Farbar) C:\Users\George\Desktop\FRST64.exe2014-07-01 15:46 - 2014-07-01 15:46 - 00000000 ____D () C:\FRST2014-07-01 15:46 - 2011-08-26 15:03 - 00000000 ____D () C:\Users\George\AppData\Local\CrashDumps2014-07-01 15:38 - 2014-07-01 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee2014-07-01 15:38 - 2011-08-12 16:27 - 00001846 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk2014-07-01 15:38 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-01 15:38 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-01 15:34 - 2010-12-27 16:18 - 01465952 _____ () C:\Windows\WindowsUpdate.log2014-07-01 15:33 - 2014-07-01 15:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-01 15:32 - 2014-07-01 15:32 - 00265752 _____ (Secure By Design Inc.) C:\Users\George\Downloads\Ninite 7Zip Firefox Malwarebytes NET Reader Installer.exe2014-07-01 15:32 - 2014-07-01 15:32 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-01 15:32 - 2014-07-01 15:32 - 00000346 _____ () C:\Windows\Tasks\bench-sys.job2014-07-01 15:32 - 2014-07-01 15:32 - 00000346 _____ () C:\Windows\Tasks\bench-S-1-5-21-304265352-2529404635-3209431853-1000.job2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Guardian2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Users\George\AppData\Local\Browser Guardian2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Users\George\AppData\Local\BenchUpdater2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Program Files (x86)\Bench2014-07-01 15:32 - 2011-12-14 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip2014-07-01 15:32 - 2011-12-14 09:38 - 00000000 ____D () C:\Program Files (x86)\7-Zip2014-07-01 15:32 - 2011-08-12 13:41 - 00000000 ____D () C:\temp2014-07-01 15:31 - 2014-07-01 15:31 - 00095512 _____ () C:\Users\George\AppData\Local\GDIPFONTCACHEV1.DAT2014-07-01 15:30 - 2014-07-01 15:30 - 04979904 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-01 15:30 - 2014-07-01 15:30 - 00000356 _____ () C:\Windows\PFRO.log2014-07-01 15:30 - 2014-07-01 15:30 - 00000056 _____ () C:\Windows\setupact.log2014-07-01 15:30 - 2014-07-01 15:30 - 00000022 _____ () C:\Windows\S.dirmngr2014-07-01 15:30 - 2014-07-01 15:30 - 00000000 _____ () C:\Windows\setuperr.log2014-07-01 15:30 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-07-01 15:17 - 2013-03-26 17:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-07-01 15:02 - 2013-09-04 08:03 - 00000000 ____D () C:\Windows\Minidump2014-07-01 15:02 - 2011-01-01 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\ExpressFiles2014-07-01 15:02 - 2009-07-24 15:22 - 00000000 ____D () C:\Windows\Panther2014-07-01 14:32 - 2011-08-12 12:56 - 00000000 ____D () C:\Program Files (x86)\McAfee2014-07-01 11:21 - 2014-07-01 11:21 - 00000000 ____D () C:\Users\George\AppData\Roaming\Hard Disk Sentinel2014-07-01 11:21 - 2014-05-12 09:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-07-01 11:17 - 2014-07-01 11:17 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC2014-07-01 11:17 - 2014-07-01 11:17 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-07-01 11:17 - 2014-07-01 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-01 11:17 - 2014-07-01 11:17 - 00000000 ____D () C:\Program Files\CCleaner2014-07-01 11:16 - 2014-07-01 11:16 - 03736040 _____ (Piriform Ltd) C:\Users\George\Downloads\ccsetup415_slim.exe2014-07-01 11:06 - 2014-07-01 11:06 - 00000000 ____D () C:\Program Files\SupraSavings2014-07-01 11:05 - 2014-07-01 11:04 - 00000000 ____D () C:\AdwCleaner2014-07-01 10:55 - 2009-07-14 01:13 - 00727334 _____ () C:\Windows\system32\PerfStringBackup.INI2014-07-01 10:53 - 2014-07-01 10:53 - 00000000 ____D () C:\Windows\ERUNT2014-07-01 10:14 - 2014-04-07 14:52 - 00000084 _____ () C:\Windows\system32\vtkycg.fno2014-07-01 10:10 - 2010-12-27 16:29 - 00000000 ____D () C:\ProgramData\PDFC2014-07-01 02:00 - 2011-12-14 10:09 - 00000000 ____D () C:\Users\George\AppData\Local\Adobe2014-06-30 19:28 - 2014-06-04 13:50 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGeorge2014-06-30 19:28 - 2014-06-04 13:50 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForGeorge.job2014-06-30 18:55 - 2014-06-30 18:55 - 00016384 _____ () C:\BCD_backup2014-06-30 18:55 - 2014-06-30 18:55 - 00013312 ___SH () C:\BCD_backup.LOG2014-06-30 18:45 - 2013-06-20 08:00 - 00000000 ____D () C:\ProgramData\Recovery2014-06-30 16:09 - 2014-06-26 15:27 - 00000000 ____D () C:\Program Files (x86)\48A0C3FC-2898-45E4-B2B9-147D27D29D452014-06-30 16:09 - 2014-06-05 12:32 - 00000000 ____D () C:\Program Files\pcmax2014-06-30 16:09 - 2010-12-27 16:29 - 00000000 ____D () C:\ProgramData\RoxioNow2014-06-30 16:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration2014-06-30 14:57 - 2011-08-09 13:09 - 00000000 ____D () C:\Users\George2014-06-30 13:29 - 2009-07-14 03:44 - 00000000 ___RD () C:\Users\Public\Recorded TV2014-06-30 10:50 - 2014-06-30 10:50 - 00000000 ___HD () C:\ProgramData\Backup2014-06-25 15:50 - 2011-08-09 14:11 - 00000000 ____D () C:\Users\George\Documents\elevator2014-06-25 15:40 - 2011-09-23 15:50 - 00014137 _____ () C:\Users\George\Documents\plot.log2014-06-25 13:27 - 2011-11-02 12:33 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-06-25 13:27 - 2011-08-10 17:33 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2014-06-19 12:00 - 2012-05-03 10:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-06-18 03:02 - 2013-08-14 16:39 - 00000000 ____D () C:\Windows\system32\MRT2014-06-18 03:00 - 2011-08-12 08:17 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-06-17 07:50 - 2014-06-13 15:12 - 00026624 _____ () C:\Users\George\Documents\Drawing1_recover.dwg2014-06-17 07:50 - 2011-09-06 08:34 - 00000383 _____ () C:\Users\George\Documents\acad.err2014-06-12 15:05 - 2014-06-12 15:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys2014-06-10 09:15 - 2014-06-09 16:45 - 00037376 _____ () C:\Windows\system32\mzusel.gey2014-06-10 09:15 - 2014-04-07 14:42 - 00000105 _____ () C:\Windows\system32\pzlgy.dxi2014-06-10 09:07 - 2014-06-10 08:28 - 00000000 ____D () C:\Program Files (x86)\iYogi Support Dock2014-06-10 08:52 - 2014-06-10 08:46 - 00000000 ____D () C:\ProgramData\SmartPCScan2014-06-10 08:47 - 2014-06-10 08:47 - 00000000 ____D () C:\Users\George\AppData\Roaming\QuickScan2014-06-10 08:29 - 2014-06-10 08:29 - 01831520 _____ (iyogi) C:\Users\George\Downloads\iyogi-scc-w0yc301gghghg758z1d1g65g6xwxygwexzg8jic40jc90.exe2014-06-09 16:42 - 2014-06-09 16:42 - 00000000 ____D () C:\Windows\Sun2014-06-06 13:39 - 2014-06-06 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus2014-06-06 13:39 - 2014-06-06 13:39 - 00000000 ____D () C:\Program Files\McAfee Security Scan2014-06-06 13:39 - 2013-03-26 17:02 - 00001933 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk2014-06-06 13:39 - 2013-03-26 17:02 - 00000000 ____D () C:\ProgramData\McAfee Security Scan2014-06-05 12:32 - 2014-06-05 12:32 - 00003694 _____ () C:\Windows\System32\Tasks\pcreg2014-06-05 12:31 - 2014-06-05 12:31 - 00509232 _____ (App.install) C:\Users\George\Downloads\Autodesk%20DWG%20Trueview.exe2014-06-05 12:28 - 2014-06-05 12:28 - 00311884 _____ () C:\Users\George\Downloads\X-PLANS.dwg2014-06-05 09:19 - 2011-10-13 03:19 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGEORGE-HP$2014-06-05 09:19 - 2011-10-13 03:19 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForGEORGE-HP$.job2014-06-04 05:56 - 2014-06-04 05:56 - 00000218 _____ () C:\Users\George\AppData\Local\recently-used.xbel2014-06-04 05:56 - 2014-04-07 08:36 - 00000000 ____D () C:\Users\George\AppData\Local\gtk-2.02014-06-04 05:53 - 2014-04-07 08:24 - 00000000 ____D () C:\Users\George\AppData\Roaming\gnupg ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll[2009-07-13 20:00] - [2009-07-13 21:41] - 0518144 ____A (Microsoft Corporation) BD3275F3ED33E7E1A6C2319373EB3B5C ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-30 15:16 ==================== End Of Log ============================
  5. I am a computer tech in SW Florida and myself and another technician have run into the same problem. After installing and opening the latest version of Malwarebytes it tries to update and crashes saying "Malwarebytes has stopped working, Windows is searching for a solution...". Windows doesn't find anything and so it closes. We have tried many things including; running the latest mbam-clean.exe, manualy removing left over files from app data and program data, Installing Windows updates, and running CCleaner after the removal but nothing seems to work. Every time Malwarebytes is opened and tries to update it crashes. When checking the Event Viewer logs we found this error associated with the crash. Any other ideas? We like the program and would like to continue to use it in the future...
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.