I didn't realize it but MBAM was still open and showing me a list of things it found, but somehow that crashed and I ended up deciding to terminate it.
I figure there's no harm if I just show you its latest log before proceeding with FRST, as long as I don't yet tell MBAM to do anything, right? Here's MBAM's latest log. Please let me know which of the two following things I should do first: A. click in MBAM on "Apply Actions" (note: right now the default for everything it found is "Ignore Once." Should I change it to "Quarantine?") or B. do nothing with MBAM and just proceed to FRST?
Thanks.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 12/16/2014
Scan Time: 1:54:59 PM
Logfile:
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2014.12.16.04
Rootkit Database: v2014.12.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: David
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 410170
Time Elapsed: 6 min, 25 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 3
PUP.Optional.WebGuard.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WebGuard, , [839ab4afe597171f2d572fa432cfbe42],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, , [0a13352e1666fe38ba7fce0047bd0bf5],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, , [1607e57e2656e3539d9b2ea039cb7b85],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 2
PUP.Optional.WebGuard.A, C:\Users\David\AppData\Local\WebGuard, , [68b5f0734438ee48b2a12638f60d53ad],
PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer, , [54c9382bf488f24437287e0821e2d729],
Files: 12
PUP.Optional.WebGuard.A, C:\ProgramData\cINFpU\dat\dVzZUYtqv.exe, , [c35a224192eafd394c380fc4fe03d927],
PUP.Optional.WebGuard.A, C:\ProgramData\WebGuard\uninstall.exe, , [839ab4afe597171f2d572fa432cfbe42],
PUP.Optional.WebGuard.A, C:\Users\David\AppData\Local\WebGuard\data2.dat, , [68b5f0734438ee48b2a12638f60d53ad],
PUP.Optional.CalcIt.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.calcitapp.info_0.localstorage, , [24f933300973a78fbd6cf57bff048c74],
PUP.Optional.CalcIt.A, C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.calcitapp.info_0.localstorage-journal, , [0a13b9aa631903330227eb85b54e34cc],
PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\ContentExplorer.exe, , [d845b2b1c2bab4820955f98d857eef11],
PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\RootCert.cer, , [54c9382bf488f24437287e0821e2d729],
PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\loader.dat, , [54c9382bf488f24437287e0821e2d729],
PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\makecert.exe, , [54c9382bf488f24437287e0821e2d729],
PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\storage.bin, , [54c9382bf488f24437287e0821e2d729],
PUP.Optional.ContentExplorer.A, C:\Users\David\AppData\Roaming\ContentExplorer\uninstall.exe, , [54c9382bf488f24437287e0821e2d729],
PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, , [d845c3a0a1dbe94ddb61ce0084809868],
Physical Sectors: 0
(No malicious items detected)
(end)