Updated Malware bytes to the newer version-suddenly blue screen crashes and slow run time. Any Help?

[computerconfusion]

Hi all,

 I've been using Malware bytes as my primary source of anti-malware/ anti-virus other than Windows security essentials for several years. My initial problems started when I was attempting to update Malware bytes since I hadn't scanned in a few weeks. Upon initial attempt malware bytes froze and closed itself, I attempted to update multiple times to no avail. At this point I attempted to run the MBAM chameleon as I had been instructed in the past when I had a potential rootkit virus that wouldn't allow me to open MBAM at all. A great guy from this forum helped me through all those issues about a year ago, and the system has been running fine since then, up until about two weeks ago. Originally the issue appeared to me that it may have been a space issue on my hard disk causing lag and slow boot time, however then when MBAM would not update I ran the chameleon which did allow the program to take over- open and update; however, now I'm receiving blue screen crashes about once a day. Only happened once while I was attempting to navigate the system. The computer seems to operate "okay" as far as simple docs, surfing the web and other simple tasks without any real issues or lag, the main times there appears to be issues is when the computer is left open to run a deep scan, say overnight. Each morning the computer is frozen in a sleep state, having to shutdown by power button, then try to reopen normally in order to find the issue. Mini dump logs have been located but I was unable to open them(?) for whatever reason. I don't know a whole lot about IT but through the help of this website and forum and my little understanding I have been able to "service" my system for the most part in the past. At this point I feel sort of lost as to what to do but was hoping, in reading some other posts that maybe my issue lies in the malwarebytes updated version. I understand the great effort you all take to insure proper explanations and debugging operations. I would be most greatful to receive some one on one help, in hopes to get my system back in shape. From the information I read, I was unable to understand which three scans and logs I needed to upload initially.

 

Thanks in advance for all the moderators hard work on this site and forum!!

FRST.txt

Addition.txt

[gringo_pr]

Hello

I am very sorry for the delay in coming to reply to you but I would like to know at this time if you still need help with this?

Gringo

[gringo_pr]

Hello

48 Hour bump

It has been more than 48 hours since my last post.

• do you still need help with this?
• do you need more time?
• are you having problems following my instructions?
• if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

[computerconfusion]

Hi gringo, thanks for the reply I'm away from home until the 17th at which time i would greatly appreciate your help. This has been an intermit issue, from what i gather,.is likely related to a driver? At any rate, i would be so thankful to be able to have you look at it when i get home. Thanks!

[gringo_pr]

No problem and I will check again with you later

gringo

[computerconfusion]

Thank you

[gringo_pr]

No problem

gringo

[gringo_pr]

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

[gringo_pr]

Hello

48 Hour bump

It has been more than 48 hours since my last post.

• do you still need help with this?
• do you need more time?
• are you having problems following my instructions?
• if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

[gringo_pr]

Hello computerconfusion

Lets start by getting a new report from frst

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Gringo

[computerconfusion]

Hi Gringo, I ran the Frst scan, as far as I can tell It only produced one log which was the frst,txt but not the attachment, Just as the scan finished the computer blue screened however, so I'm not sure if that interfered. Here is the log it produced

FRST.txt

[gringo_pr]

Hello computerconfusion

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[s1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo

[computerconfusion]

Hi Gringo, System seems to be running fine, as to say- there have been no blue screens since yesterday.. and it booted a little faster than normal; however, typically I receive the blue screen when the computer is in use for longer periods or during actions like defrag or deep scan. Here are the logs from the above actions.

JRT.txt

AdwCleanerS1.txt

[gringo_pr]

Hello computerconfusion

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

• Link 1

  Link 2

  Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
• Log from Combofix
• let me know of any problems you may have had
• How is the computer doing now?

Gringo

[computerconfusion]

Hi Gringo,

 I've been having very few issues, I did have one instance of a minor freeze of the chrome browser and then I was prompted by task manager to end task. I was able to reopen the browser and it recovered pages; I was able to surf normally at that point. I haven't had any other issues and scans seem to be running in good time and did not reboot during scan process. I did wonder should I turn my security defender and firewall back on at this point?  The log is attached below. Thanks for all the support, thus far.

ComboFix.txt

[gringo_pr]

Hello computerconfusion

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

[computerconfusion]

Hi Gringo,

 

When I opened the computer this morning from "sleep" mode it was just a black screen- ive had this happen in the past as if it froze in the sleep state- when I rebooted it said it had restarted to complete windows updates, I'm assuming it didn't reboot correctly causing the black screen other than that I've had no real issues other than some lag in browser while on heavily trafficked sites.

 

Also I wondered,

+there are two programs in my program panel which are related to coupons which my mom downloaded at some point, we've since discussed appropriate sites and have an understanding- however I can't seem to remove these programs by means of uninstall one says the path to uninstall cannot be recognized, the other gives no option to "change, move or uninstall" like programs usually do.

 

+Should windows defender be working or is Windows security essentials the "new" windows defender?

 

+ is malwarebytes an appropriate anti-virus by itself or should I be using something in addition?

 

+should I resume windows defender and my firewall at this point?

 

The CFscript seemed to run fine in combo fix and I've had no other issues. Log is attached. 

 

Thanks again for all your help!

log.txt

[gringo_pr]

Hello

Windows security essentials the "new" windows defender? - MSE will turn off windows defender as it is built into it

+ is malwarebytes an appropriate anti-virus by itself or should I be using something in addition? - it needs an antivirus it is not an antivirus but an antimalware

+should I resume windows defender and my firewall at this point? - yes that is fine

I would like to see a report that combofix makes.

extra combofix report

• push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
• please copy and past the following into the box

C:\Qoobox\Add-Remove Programs.txt

• click ok

copy and paste the report into this topic for me to review

Gringo

[gringo_pr]

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

[computerconfusion]

Hi gringo, I was finally able to log onto the forum site without receiving error message, I attempted to email you from the reply post in my email but im unsure if you received it. I was getting a message that said "site has certificate errors that could mean hackers are trying to steal information" Im not sure what the issue was but when I attempted to log in this afternoon it appeared to have corrected itself. I will be completing requested tasks this evening and will post back. Thank you for your continued support.

[computerconfusion]

Hi Gringo, I was able to complete the log and i will paste it to this reply. I would greatly appreciate you helping me to understand if I have an unusual amount of unnecessary programs, or what I should get rid of. Thanks again!

 

 Update for Microsoft Office 2007 (KB2508958)

Acrobat.com

Adobe AIR

Adobe Flash Player 14 ActiveX

Adobe Reader X (10.1.10)

Apple Application Support

Apple Software Update

Camera Assistant Software for Gateway

Catalina Savings Printer

Compatibility Pack for the 2007 Office system

CyberLink Power2Go

D3DX10

Dell Toolbar

FrostWire 5.3.2

Gateway Recovery Management

GearDrvs

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Deskjet 3050 J610 series Help

HP Photo Creations

HP Update

Java 7 Update 60

Java Auto Updater

Malwarebytes Anti-Malware version 2.0.2.1012

Microsoft Money Essentials

Microsoft Money Shared Libraries

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access 2007

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Standard 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Mozilla Firefox 23.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

QuickTime

Revo Uninstaller 1.95

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition 

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition 

Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition 

Segoe UI

Smart Defrag 2

Spelling Dictionaries Support For Adobe Reader 9

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

Wiley CulinarE-Companion

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

[computerconfusion]

Also I've attempted to remove frostwire and all of its "extras" for almost two years now, I do not- nor have I in the past used these, a friend downloaded it and I have been trying to remove it since- until seeing this log I was unaware any parts still existed. 

[gringo_pr]

Hello computerconfusion

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

• Programs to remove

  • FrostWire 5.3.2

    Java 7 Update 60

Please download and install Revo Uninstaller Free

• Double click Revo Uninstaller to run it.
• From the list of programs double click on The Program to remove
• When prompted if you want to uninstall click Yes.
• Be sure the Moderate option is selected then click Next.
• The program will run, If prompted again click Yes
• when the built-in uninstaller is finished click on Next.
• Once the program has searched for leftovers click Next.
• Check/tick the bolded items only on the list then click Delete
• when prompted click on Yes and then on next.
• put a check on any folders that are found and select delete
• when prompted select yes then on next
• Once done click Finish.

.

Install Java:

Please go here to install Java

• click on the Free Java Download Button
• click on Agree and start Free download
• click on Run
• click on run again
• click on install
• when install is complete click on close

Clean Out Temp Files

• This small application you may want to keep and use once a week to keep the computer clean.

  Download CCleaner from here CCleaner

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. default settings are fine
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a threat scan

1.On the Dashboard, click the 'Update Now >>' link

2.After the update completes, click the 'Scan Now >>' button.

Or, on the Dashboard, click the Scan Now >> button.

3.If an update is available, click the Update Now button.

4.A Threat Scan will begin.

5.When the scan is complete, if there have been detections, click "Quarantine all" to allow MBAM to clean what was detected.

6.In most cases, a restart will be required.

7.Wait for the prompt to restart the computer to appear, then click on Yes.

Get the report

1.After the restart once you are back at your desktop, open MBAM once more.

2.Click on the History tab at the top

3. Click on the Application Logs at the left

4.Double click on the scan log which shows the Date and time of the scan just performed.

5.Click 'Export'.

6.Click 'Text file (*.txt)'

7.In the Save File dialog box which appears, click on Desktop.

8.In the File name: box type a name for your scan log.

9.A message box named 'File Saved' should appear stating "Your file has been successfully exported".

10.Click Ok

11. Attach that saved log to your next reply.

Download HijackThis

• Go Here to download HijackThis program
• Save HijackThis to your desktop.
• Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
• Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
• copy and paste hijackthis report into the topic

"information and logs"

• In your next post I need the following
  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

[gringo_pr]

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo