Jump to content

Malwarebytes crashes

mytyfyn

By mytyfyn
in Resolved Malware Removal Logs

 Share

Recommended Posts

mytyfyn

mytyfyn

Posted
Posted

Windows 7, 64 bit, home premium

 

1. Windows updated won't retrieve or download.

2. system restore from a backuop fails

3. downloaded Malwarebytes and ran it 3X ... here's what happens:

 

It gets all the way to Hueritics and finds some 900 of the following:

 

PUP.Optional.ConduitTB

PUP.Optional.PriceGong

PUP.Optional.ValueApps

 

 ... then I get a windows popup that states: Maywarebytes has stopped running, and in taskmanager it shows it as not responding. Any Ideas what I should do?

 

Thanks in advance,

 

~Bill

 

 

Link to post
Share on other sites
  • Replies 93
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

kevinf80

kevinf80

Posted
Posted

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...
 

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt)  Please attach those logs to your reply.


 

Let me see those logs....

 

Thank you,

 

Kevin

Link to post
Share on other sites
mytyfyn

mytyfyn

Posted
  • Author
Posted

Thank you Kevin - here goes ... 

 

FRST.txt:

------------

fScan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by AJ (administrator) on AJ-PC (06-02-2016 12:15:44)
Running from C:\Users\AJ\Downloads
Loaded Profiles: AJ (Available Profiles: AJ)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Check Point Software Technologies LTD) C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(j2 Global Communications, Inc.) C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(WinZip Computing, Inc.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
(j2 Global Communications, Inc.) C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\Temp\97337A1E-E09D-4F41-A7C2-8F8EDBE5857B\DismHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [309760 2009-03-10] (Alps Electric Co., Ltd.)
HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-06-15] (Intel Corporation)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [2115664 2009-03-26] (Dell Inc.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-11-01] (Sun Microsystems, Inc.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [iSW] => C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1123320 2010-09-02] (Check Point Software Technologies)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] ()
HKLM-x32\...\Run: [DellSupportCenter] => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [250192 2009-04-24] (Microsoft Corporation)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [uVS11 Preload] => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11 SE DVD\uvPL.exe [341488 2007-04-12] (InterVideo Digital Technology Corporation)
HKLM-x32\...\Run: [ZoneAlarm Client] => C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe [1043968 2010-09-02] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-07-16] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4229636126-1243680032-3862171919-1000\...\Run: [EPSON WorkForce 600(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEKA.EXE [221696 2008-03-04] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4229636126-1243680032-3862171919-1000\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\S-1-5-21-4229636126-1243680032-3862171919-1000\...\Run: [eFax 4.4] => C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe [95744 2010-07-02] (j2 Global Communications, Inc.)
HKU\S-1-5-21-4229636126-1243680032-3862171919-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\Users\AJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk [2011-04-04]
ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
Startup: C:\Users\AJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2009-11-26]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\AJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2010-06-14]
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2011-01-26]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2014-03-23]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-10-13]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-10-13]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BEC8F987-F074-4F06-9269-C169A6147DE9}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-4229636126-1243680032-3862171919-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com
HKU\S-1-5-21-4229636126-1243680032-3862171919-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com
HKU\S-1-5-21-4229636126-1243680032-3862171919-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://dell.msn.com/
HKU\S-1-5-21-4229636126-1243680032-3862171919-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.bing.com
HKU\S-1-5-21-4229636126-1243680032-3862171919-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com
URLSearchHook: HKLM-x32 - ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-4229636126-1243680032-3862171919-1000 - ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
SearchScopes: HKU\S-1-5-21-4229636126-1243680032-3862171919-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=DLCDF7&q={searchTerms}&src={referrer:source?}&PC=MDDC
SearchScopes: HKU\S-1-5-21-4229636126-1243680032-3862171919-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=DLCDF7&q={searchTerms}&src={referrer:source?}&PC=MDDC
SearchScopes: HKU\S-1-5-21-4229636126-1243680032-3862171919-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
BHO: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-09-02] (Check Point Software Technologies)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-01] (Sun Microsystems, Inc.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2010-10-15] (Yahoo! Inc.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19] (Microsoft Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-09-02] (Check Point Software Technologies)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: ZoneAlarm Security Toolbar -> {91da5e8a-3318-4f8c-b67e-5964de3ab546} -> C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll [2010-06-13] (Conduit Ltd.)
BHO-x32: MSN Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13] (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-02] (Sun Microsystems, Inc.)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2010-10-15] (Yahoo! Inc)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-09-02] (Check Point Software Technologies)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13] (Microsoft Corp.)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll [2010-06-13] (Conduit Ltd.)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-09-02] (Check Point Software Technologies)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2010-10-15] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-4229636126-1243680032-3862171919-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-4229636126-1243680032-3862171919-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-4229636126-1243680032-3862171919-1000 -> ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-09-02] (Check Point Software Technologies)
Toolbar: HKU\S-1-5-21-4229636126-1243680032-3862171919-1000 -> No Name - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} -  No File
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
 
FireFox:
========
FF ProfilePath: C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\6efnprz3.default
FF DefaultSearchUrl: hxxp://www.bing.com/search?FORM=IEFM1&q=
FF SelectedSearchEngine: Amazon.com
FF Homepage: hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF Session Restore: -> is enabled.
FF Keyword.URL: hxxp://www.bing.com/search?FORM=IEFM1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-10-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll [2010-09-02] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2010-08-12] (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4229636126-1243680032-3862171919-1000: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\AJ\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-10-19] (Yahoo! Inc.)
FF user.js: detected! => C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\6efnprz3.default\user.js [2011-04-07]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll [2009-09-23] (NOS Microsystems Ltd.)
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\6efnprz3.default\Extensions\LogMeInClient@logmein.com [2011-04-05] [not signed]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\6efnprz3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-03-10] [not signed]
FF Extension: Yahoo! Toolbar - C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\6efnprz3.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2016-02-04] [not signed]
FF Extension: CCC001  - C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\6efnprz3.default\Extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546} [2016-02-04] [not signed]
FF Extension: Adobe DLM (powered by getPlus®) - C:\Users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\6efnprz3.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009-11-18] [not signed]
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013-09-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010-09-23] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-10]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [823288 2010-09-02] (Check Point Software Technologies)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
R2 vsmon; C:\Windows\SysWOW64\ZoneLabs\vsmon.exe [2435592 2010-09-02] (Check Point Software Technologies LTD)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33528 2010-09-02] (Check Point Software Technologies)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-06] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [458840 2010-05-15] (Check Point Software Technologies LTD)
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-06-24] (CyberLink Corp.)
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-06 12:17 - 2016-02-06 12:17 - 00001155 _____ C:\Users\AJ\Downloads\Downloads - Shortcut.lnk
2016-02-06 12:15 - 2016-02-06 12:16 - 00027362 _____ C:\Users\AJ\Downloads\FRST.txt
2016-02-06 12:15 - 2016-02-06 12:15 - 00000000 ____D C:\FRST
2016-02-06 12:13 - 2016-02-06 12:13 - 02370560 _____ (Farbar) C:\Users\AJ\Downloads\FRST64.exe
2016-02-04 22:39 - 2016-02-04 22:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-04 22:24 - 2016-02-04 22:24 - 00086290 _____ C:\Users\AJ\Desktop\pblm.odm
2016-02-04 18:12 - 2016-02-06 11:54 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-04 18:12 - 2016-02-04 18:12 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-04 18:12 - 2016-02-04 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-04 18:12 - 2016-02-04 18:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-04 18:12 - 2016-02-04 18:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-04 18:12 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-04 18:12 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-02-04 18:12 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-02-04 18:10 - 2016-02-04 18:11 - 22908888 _____ (Malwarebytes ) C:\Users\AJ\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-04 17:23 - 2015-12-25 16:31 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw76C4.tmp
2016-02-04 17:23 - 2015-12-25 16:31 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\asw896F.tmp
2016-02-04 17:23 - 2015-08-10 01:42 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8A2B.tmp
2016-02-04 17:23 - 2015-08-10 01:42 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9083.tmp
2016-02-04 17:23 - 2015-08-10 01:42 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\asw787A.tmp
2016-02-04 17:23 - 2015-08-10 01:42 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\asw85D4.tmp
2016-02-04 17:23 - 2015-08-10 01:42 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\asw86CF.tmp
2016-02-04 17:23 - 2015-08-10 01:42 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7CA0.tmp
2016-02-04 16:48 - 2016-02-04 16:48 - 00277656 _____ C:\Windows\Minidump\020416-33587-01.dmp
2016-02-04 16:43 - 2016-02-04 16:43 - 00319488 _____ C:\Users\AJ\Downloads\Unconfirmed 868912.crdownload
2016-01-18 16:39 - 2016-01-18 16:39 - 00000004 _____ C:\x.bat
2016-01-18 16:11 - 2016-01-18 16:11 - 00277656 _____ C:\Windows\Minidump\011816-26067-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-06 12:20 - 2015-10-11 02:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-06 12:20 - 2009-11-18 11:01 - 00003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{68814078-3F45-451F-81A9-0E25EE889237}
2016-02-06 12:18 - 2010-05-17 10:20 - 00000000 ____D C:\Windows\Internet Logs
2016-02-06 12:10 - 2011-04-04 14:42 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2016-02-06 12:07 - 2011-04-04 14:42 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2016-02-06 12:07 - 2011-04-04 14:42 - 00003436 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2016-02-06 12:03 - 2009-11-18 10:22 - 00011424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-06 12:03 - 2009-11-18 10:22 - 00011424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-06 12:00 - 2009-07-14 00:13 - 00006222 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-06 11:57 - 2010-06-29 17:46 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-06 11:55 - 2011-04-04 14:50 - 00000000 ____D C:\Users\AJ\Documents\eFax Messenger 4.4
2016-02-06 11:53 - 2011-04-04 14:42 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2016-02-06 11:53 - 2010-06-29 17:46 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-06 11:53 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-06 11:52 - 2013-09-14 11:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-04 21:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-02-04 18:01 - 2013-09-14 12:26 - 00002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-04 17:46 - 2015-09-06 19:13 - 00000000 ____D C:\Users\AJ\Desktop\misc desktop stuff
2016-02-04 17:46 - 2015-07-22 01:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-02-04 17:46 - 2015-05-16 15:48 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-04 17:46 - 2015-01-31 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library 2014
2016-02-04 17:46 - 2014-12-23 16:17 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-04 17:46 - 2014-05-22 17:55 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-04 17:46 - 2013-12-26 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-02-04 17:46 - 2013-12-26 16:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-02-04 17:46 - 2013-12-26 16:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-02-04 17:46 - 2011-04-07 10:43 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2016-02-04 17:46 - 2011-01-13 15:53 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-04 17:46 - 2010-09-06 17:22 - 00000000 ____D C:\Windows\Minidump
2016-02-04 17:46 - 2010-02-27 16:55 - 00000000 ____D C:\ProgramData\Ulead Systems
2016-02-04 17:46 - 2010-01-02 15:24 - 00000000 ____D C:\Users\AJ\AppData\Local\Apple
2016-02-04 17:46 - 2009-11-19 15:59 - 00000000 ____D C:\Users\AJ\AppData\Roaming\Arcsoft
2016-02-04 17:46 - 2009-11-18 10:23 - 00000000 ____D C:\Users\AJ
2016-02-04 17:46 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-04 17:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Dism
2016-02-04 17:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-02-04 17:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing
2016-02-04 17:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-02-04 17:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-02-04 17:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2016-02-04 17:46 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-02-04 17:45 - 2015-12-25 16:30 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-02-04 17:45 - 2015-05-16 15:48 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-04 17:45 - 2013-12-26 15:25 - 00000000 ____D C:\Windows\system32\Macromed
2016-02-04 17:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-02-04 17:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-02-04 17:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-02-04 16:52 - 2010-06-29 17:46 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-04 16:52 - 2010-06-29 17:46 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-04 16:52 - 2009-10-13 11:12 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-02-04 16:49 - 2011-04-04 14:42 - 00004254 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2016-02-04 16:47 - 2015-08-10 13:41 - 549473275 _____ C:\Windows\MEMORY.DMP
2016-01-24 02:11 - 2009-11-25 18:41 - 00000203 _____ C:\Users\AJ\BjAuditCalc-props
2016-01-24 01:07 - 2014-03-30 14:30 - 00000000 ____D C:\Users\AJ\AppData\LocalLow\PriceGong
2016-01-18 16:22 - 2009-12-02 19:31 - 00001415 _____ C:\Users\AJ\Desktop\cmd.exe - Shortcut.lnk
2016-01-18 15:18 - 2009-11-23 10:07 - 00000000 ____D C:\Users\AJ\AppData\Local\ElevatedDiagnostics
 
==================== Files in the root of some directories =======
 
2009-12-07 10:34 - 2010-04-14 09:38 - 0000670 _____ () C:\Users\AJ\AppData\Roaming\DataSafeDotNet.exe
2009-10-21 18:54 - 2009-10-26 08:56 - 0002164 _____ () C:\Users\AJ\AppData\Roaming\install.dat
2009-10-29 11:16 - 2010-06-19 16:36 - 0001528 _____ () C:\Users\AJ\AppData\Roaming\wklnhst.dat
2010-06-01 17:48 - 2015-08-10 14:24 - 0007608 _____ () C:\Users\AJ\AppData\Local\Resmon.ResmonCfg
2009-11-18 11:03 - 2009-11-18 11:41 - 0002221 _____ () C:\Users\AJ\AppData\Local\Win7_tmp1.htm
2010-08-27 10:48 - 2010-08-27 10:48 - 0000003 ___RH () C:\ProgramData\LoJackNotifier.txt
 
Some files in TEMP:
====================
C:\Users\AJ\AppData\Local\Temp\_is1238.exe
C:\Users\AJ\AppData\Local\Temp\_is1BAD.exe
C:\Users\AJ\AppData\Local\Temp\_is8806.exe
C:\Users\AJ\AppData\Local\Temp\_isC512.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-04 21:01
 
==================== End of FRST.txt ============================

Addition.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for those logs, continue please:

 

Uninstall Spybot search and destroy, instructions here: http://www.bleepingcomputer.com/forums/t/501751/cant-uninstall-spybot-search-and-destroy/

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
 

Next,

 

Please download MBAM-clean and save it to your desktop.

  •    Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  •    It will ask you to reboot the machine - please do so.
  •    Run the cleaner tool again, re-boot when complete. <<<---do not miss this step



Download & install the newset MBAM version.

Please download 51a46ae42d560-malwarebytes_anti_malware.Malwarebytes Anti-Malware

  •    Install the progam and select update.
  •    Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  •    In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  •    Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  •    If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  •    Upon completion of the scan (or after the reboot), click the History tab.
  •    Click Application Logs and double-click the Scan Log.
  •    At the bottom click Export and choose Text file.


Save the file to your desktop and include its content in your next reply.
 
Next,
 
Download and Save McAfee Stinger to your Desktop from here:

http://downloadcenter.mcafee.com/products/mcafee-avert/Stinger/stinger32.exe

Read the Terms and Conditions, the download tab is at the bottom of the page.
Close all browsers before starting. Disable your antivirus program and anti-malware, if any.
To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs read here:

http://www.bleepingcomputer.com/forums/topic114351.html

On Windows 7, 8, 10 & Vista systems, Right Click on Stinger stinger.jpg and select Run as Administrator.
On XP, double-click to start it.
Click on “I Accept” tab at McAfee end user licence agreement.

Stinger%20a.png

In the new Window select “Advanced” then “Settings”

Stinger%20b.png

The settings window will open, make sure the settings are exactly as shown in the following image, then select “Save” <<------Very Important

Stinger%20c.png

In the new window Click the “Customize my Scan” under the “Scan” button.

Stinger%20f.png

In the new Window select C:\ drive and any other listed Hard Drive, then select “Scan”

Stinger%20g.png

When the scan completes select the “View log” to do that, select “Notepad” if offered in list of choices.

If the log opens in your browser, copy and save to  a file....

I will need a copy of that log.
 
Next,
 
Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!

 

Let me see those logs in your reply..

 

Thank you,

 

Kevin

 

 

Fixlist.txt

Link to post
Share on other sites
mytyfyn

mytyfyn

Posted
  • Author
Posted

kevinf80,

 

Thank you very much for all your help. It is taking me longer to get back to you because I don't have my laptop with me at my job, so I need to do these things in the evening. Also, a couple things happened, and before I proceed I think it might weigh in on what I do next - otherwise I will proceed with the advice you've given:

 

1. I updated both Chrome and Firefox to the latest versions;

2. I had Avast anti virus free version on the laptop, but removed it.

 

After my post back with the log files the other day, I kept working on my laptop. As I was using Chrome, a Chrome popup appeared that said the possible malicious software was running, it mentioned PUP specifically, and it asked me if Chrome should remove it. I specified 'yes', and it came back after about 1 minute and 'said' that it was removed. Immediately after that I got a Windows popup message that stated that there were Windows updates that are ready to be installed. I looked at the detailed list of 67 (I have not been able to get Windows updates for months) updates. I looked at them and they were a combination of Windows 7 updates, Windows 7 security updates, various driver updates and MS works updates, etc. I hit the install button and, after about a half hour or more it completed and stated that 61 successfully were installed and 6 failed. 1 that failed was for MS Works, stating that I needed to insert the CD for it to work. Then it asked me to reboot. I did and when it came back after a few minutes it stated that there were 6 more updates to be installed. I hit the install button and after just a few minutes it came back and stated that 5 installed successfully but one failed. It asked me to reboot again and I did. The laptop is running faster now.

 

But I'm concerned why some of the updates failed. I am also concerned because I tried to back up my system to a USB attached hard drive and it stated that the backup had problems.

 

So, should I go ahead as you stated? Also, you asked me to remove Spybot. But you didn't state if I should re-install it later. Thanks!

 

~Bill

Link to post
Share on other sites
mytyfyn

mytyfyn

Posted
  • Author
Posted

I was following your steps. I ran FRST again with the txt file you att. I att the log. I deleted Malwarebytes, rebooted, deleted again, rebooted. I installed the newest (was the same version I had used - but I used the one I just downloaded from your link anyway - set all the setting as you had them and ran it. I crashed again with the same message - att

Link to post
Share on other sites
mytyfyn

mytyfyn

Posted
  • Author
Posted

Hi Kevin,

 

No I stopped. I was getting very tired, but even more importantly I did not want to do something out of turn ... I'm trying to be very vigilant in following your instructions to the 'T'. I will try stinger then as soon as I can. Thanks! Did the last log file that I posted tell you anything that you can pass on?

 

~Bill

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Double-click RogueKiller.exe to run again. (Vista/7/8/10 right-click and select Run as Administrator)

When "initializing/pre-scan” completes  press the Scan button, this may take a few minutes to complete.

When the scan completes open the Files tab and locate the following detections:

[PUP][Folder] C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3} -> Found
[PUP][Folder] C:\Program Files (x86)\Conduit -> Found

Make sure those entries are Checkmarked (ticked) also ensure that all other entries are not Checkmarked

Hit the Delete button, when complete select "Report" in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference.

 

Next,

 

Boot your system to safe mode, instructions here if needed: http://www.computerhope.com/issues/chsafe.htm

 

Run Malwarebytes with the system in safemode, does it run? if so post that log..

 

Post those logs...

 

Thank you,

 

Kevin...

Link to post
Share on other sites
mytyfyn

mytyfyn

Posted
  • Author
Posted

Hi Kevin,

 

It was late and I was tired, so when rougekiller finished the scan it asked if I wanted to delete the PUP entries. At first I clicked 'NO', but then it came back with a  popup and kind of urged me to delete them, so I did. Hope that's not a problem.

 

Also, I should have thought to try malwarebytes in safe mode - so I will. Thanks!

 

~Bill

Link to post
Share on other sites
mytyfyn

mytyfyn

Posted
  • Author
Posted

Hi Kevin,

 

Okay, so! I ran rougekiller again as you asked and I've attached the log - only one of the two were there to delete and I deleted it.

 

I next rebooted - in between Windows update ran and 9 new ones were added - into safe mode and ran malwarebytes. IT RAN! I've included the log - there where almost 900 PUP entries, and I deleted them all. Let me know what you think when you have the time. Thanks for all your efforts!

 

~Bill

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello Bill..

 

Boot your system to normal mode, run Malwarebytes again with the same settings, post log when complete....

 

Next,

 

Run RogueKiller one more time, we do scan only NO fixes please....

 

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!


 

Let me see those logs in your reply, also give an update of any remaining issues or concerns....

 

Thank you,

 

Kevin..

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Unistall ZoneAlarm Firewall, uninstall tool available here:  http://www.bleepingcomputer.com/download/norton-removal-tool/

 

When ZA removal is complete turn Windows Firewall  http://www.sevenforums.com/tutorials/522-windows-firewall-turn-off.html

 

Next,

 

Set Exclusions for Malwarebytes' Anti-Malware in Avast! Antivirus, go to this link: https://forums.malwarebytes.org/index.php?/topic/10138-common-questions-issues-and-their-solutions/ Scroll to section K and follow those instructions....

 

Re-boot when complete, try Malwarebytes again with your system in Normal mode....

 

Thank you,

 

Kevin

Link to post
Share on other sites
mytyfyn

mytyfyn

Posted
  • Author
Posted

Thanks Kevin,

 

But this last post confuses me some ... I had turned off Windows firewall and Zone alarm firewall each time I ran these as instructed. And the link to uninstall zonealarm only tells how to uninstall Norton software. I had already uninstalled Avast days ago. Am I missing something? ... dumb question, as obviously I am :( ... thanks,

 

~Bill

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.