[When I start Malwrebytes I get an error]

I uninstalled MBAM from a new user with Total Uninstall.

After MBAM finished the Uninstall, Total Uninstall found and deleted the remaining items:

I ran MBAM clean.

I installed MBAM.  It installed and ran fine.

I logged off that user and logged into my normal user.  It ran fine.

That seemed to fix the problem. 

I have run the Uninstall procedure exactly as above in my normal user before and it didn't fix the problem.

Thank you very much for discovering the solution.

Docfxit

[When I start Malwrebytes I get an error]

Attached is the file.

Docfxit

Addition.txt

[When I start Malwrebytes I get an error]

Thank you for looking into this further.

Docfxit

FRST.txt

mb-check-results.zip

[When I start Malwrebytes I get an error]

I have done a clean boot.  I am getting the same error when I install Malwarebytes.

Thanks for the help.

Docfxit

[When I start Malwrebytes I get an error]

I ran Malwarebytes Anti-Rootkit. Log files attached.

I ran Clean mbam-clean-2.3.0.1001.exe.

I installed Malwarebytes mb3-setup-consumer-3.2.2.2018.exe

I'm getting an error when I start Malwarebytes:

 

Thanks for the help.

Docfxit

mbar-log-2017-09-01 (05-33-36).txt

system-log.txt

[When I start Malwrebytes I get an error]

I ran FRST as you requested.  I have attached the results in post #8.  I'm waiting for the next instruction from you to get Malwarebytes working. 

Thank you,

Docfxit

[When I start Malwrebytes I get an error]

That's fine. 

What should I do now?

Docfxit

[When I start Malwrebytes I get an error]

I found the following files related to Chrome.  I have removed them.

C:\Programs\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx

C:\Programs\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\com.foxit.chromeaddin-win.json

C:\Programs\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\manifest.json

C:\Programs\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx

C:\Programs\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe

C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301FFFF7706000000000060\11.0.0\wcchromeextn.crx

C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301FFFF7706000000000060\11.0.0\wcchromenativemessaginghost

Docfxit

[When I start Malwrebytes I get an error]

I found in the registry the following entries.  I have removed them.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\CNS\]
"IgnoreGoogleChrome"="False"

[HKEY_CURRENT_USER\Software\Google\Chrome\]

[HKEY_CURRENT_USER\Software\Google\Chrome\\Extensions]

[HKEY_CURRENT_USER\Software\Google\Chrome\\NativeMessagingHosts]

[HKEY_CURRENT_USER\Software\Google\Chrome\\NativeMessagingHosts\com.webex.meeting]
@="C:\\Users\\Gary\\AppData\\Local\\WebEx\\ChromeNativeHost\\manifest.json"

[HKEY_CURRENT_USER\Software\Google\Chrome\\TriggeredReset]
"ToolName"="Microsoft Windows Malicious Software Removal Tool - May 2017  "
"Timestamp"=hex(B):C0,DE,59,BC,67,D7,D2,01

[HKEY_CURRENT_USER\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\]
"ap"="-dev-multi-chrome"

[HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\]
"ap"="2.0-dev-multi-chrome"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IEDevTools\Options\UAString\]
"Chrome"="Mozilla/5.0 (Windows NT 6.2) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Shockwave 12\3rdptycode\DeclineCount\Chrome\]
"count"="12"

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\\Extensions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl]
"update_url"="https://clients2.google.com/service/update2/crx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci]
"version"="8.1.0.1"
"path"="C:\\PROGRAMS\\FOXIT SOFTWARE\\Foxit PhantomPDF\\plugins\\Creator\\ChromeAddin\\ChromeAddin.crx"
"update_url"="https://clients2.google.com/service/update2/crx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
"path"="C:\\Programs\\Adobe\\Acrobat 11.0\\Acrobat\\Browser\\WCChromeExtn\\WCChromeExtn.crx"
"update_url"="https://clients2.google.com/service/update2/crx"
"version"="11.0.6.70"

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\\Extensions\gannpgaobkkhmpomoijebaigcapoeebl]
"update_url"="https://clients2.google.com/service/update2/crx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\\NativeMessagingHosts]

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\\NativeMessagingHosts\com.adobe.acrobat.chrome_webcapture]
@="C:\\Programs\\Adobe\\Acrobat 11.0\\Acrobat\\Browser\\WCChromeExtn\\manifest.json"

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\\NativeMessagingHosts\com.bitdefender.wallet.v19]
@="C:\\Programs\\Bitdefender\\Bitdefender 2017\\bdwtxcr.json"

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\\NativeMessagingHosts\com.foxit.chromeaddin]
@="C:\\PROGRAMS\\FOXIT SOFTWARE\\Foxit PhantomPDF\\plugins\\Creator\\ChromeAddin\\com.foxit.chromeaddin-win.json"

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\No Chrome Offer Until\]
"Irfan Skiljan"=dword:013377BB
"Hewlett-Packard Development Company, LP"=dword:0133C839
"Piriform Ltd"=dword:0133C968
"SUPERAntiSpyware"=dword:0133EC8C

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP LaserJet M603 PCL6 #1\DsDriver\]
"printBinNames"=hex(7):20,00,41,00,75,00,74,00,6F,00,6D,00,61,00,74,00,69,00,63,00,61,00,6C,00,6C,00,79,00,20,00,53,00,65,00,6C,00,65,00,63,00,74,00,00,00,20,00,50,00,72,00,69,00,6E,00,74,00,65,00,72,00,20,00,61,00,75,00,74,00,6F,00,20,00,73,00,65,00,6C,00,65,00,63,00,74,00,00,00,20,00,4D,00,61,00,6E,00,75,00,61,00,6C,00,20,00,46,00,65,00,65,00,64,00,20,00,69,00,6E,00,20,00,54,00,72,00,61,00,79,00,20,00,31,00,00,00,20,00,54,00,72,00,61,00,79,00,20,00,31,00,00,00,20,00,54,00,72,00,61,00,79,00,20,00,32,00,00,00,20,00,45,00,6E,00,76,00,65,00,6C,00,6F,00,70,00,65,00,20,00,46,00,65,00,65,00,64,00,65,00,72,00,00,00,55,00,6E,00,73,00,70,00,65,00,63,00,69,00,66,00,69,00,65,00,64,00,00,00,50,00,6C,00,61,00,69,00,6E,00,00,00,50,00,72,00,65,00,70,00,72,00,69,00,6E,00,74,00,65,00,64,00,00,00,4C,00,65,00,74,00,74,00,65,00,72,00,68,00,65,00,61,00,64,00,00,00,4D,00,6F,00,6E,00,6F,00,63,00,68,00,72,00,6F,00,6D,00,65,00,20,00,4C,00,61,00,73,00,65,00,72,00,20,00,54,00,72,00,61,00,6E,00,73,00,70,00,00,00,50,00,72,00,65,00,70,00,75,00,6E,00,63,00,68,00,65,00,64,00,00,00,4C,00,61,00,62,00,65,00,6C,00,73,00,00,00,42,00,6F,00,6E,00,64,00,00,00,52,00,65,00,63,00,79,00,63,00,6C,00,65,00,64,00,00,00,43,00,6F,00,6C,00,6F,00,72,00,65,00,64,00,00,00,4C,00,69,00,67,00,68,00,74,00,20,00,36,00,30,00,2D,00,37,00,34,00,67,00,00,00,43,00,61,00,72,00,64,00,73,00,74,00,6F,00,63,00,6B,00,20,00,31,00,37,00,36,00,2D,00,32,00,32,00,30,00,67,00,00,00,52,00,6F,00,75,00,67,00,68,00,00,00,48,00,50,00,20,00,45,00,63,00,6F,00,53,00,4D,00,41,00,52,00,54,00,20,00,4C,00,69,00,74,00,65,00,00,00,52,00,65,00,74,00,61,00,69,00,6C,00,20,00,53,00,68,00,65,00,6C,00,66,00,20,00,45,00,64,00,67,00,65,00,20,00,4C,00,61,00,62,00,65,00,6C,00,00,00,45,00,6E,00,76,00,65,00,6C,00,6F,00,70,00,65,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP LaserJet M603 PCL6 #2\DsDriver\]
"printBinNames"=hex(7):20,00,41,00,75,00,74,00,6F,00,6D,00,61,00,74,00,69,00,63,00,61,00,6C,00,6C,00,79,00,20,00,53,00,65,00,6C,00,65,00,63,00,74,00,00,00,20,00,50,00,72,00,69,00,6E,00,74,00,65,00,72,00,20,00,61,00,75,00,74,00,6F,00,20,00,73,00,65,00,6C,00,65,00,63,00,74,00,00,00,20,00,4D,00,61,00,6E,00,75,00,61,00,6C,00,20,00,46,00,65,00,65,00,64,00,20,00,69,00,6E,00,20,00,54,00,72,00,61,00,79,00,20,00,31,00,00,00,20,00,54,00,72,00,61,00,79,00,20,00,31,00,00,00,20,00,54,00,72,00,61,00,79,00,20,00,32,00,00,00,20,00,45,00,6E,00,76,00,65,00,6C,00,6F,00,70,00,65,00,20,00,46,00,65,00,65,00,64,00,65,00,72,00,00,00,55,00,6E,00,73,00,70,00,65,00,63,00,69,00,66,00,69,00,65,00,64,00,00,00,50,00,6C,00,61,00,69,00,6E,00,00,00,50,00,72,00,65,00,70,00,72,00,69,00,6E,00,74,00,65,00,64,00,00,00,4C,00,65,00,74,00,74,00,65,00,72,00,68,00,65,00,61,00,64,00,00,00,4D,00,6F,00,6E,00,6F,00,63,00,68,00,72,00,6F,00,6D,00,65,00,20,00,4C,00,61,00,73,00,65,00,72,00,20,00,54,00,72,00,61,00,6E,00,73,00,70,00,00,00,50,00,72,00,65,00,70,00,75,00,6E,00,63,00,68,00,65,00,64,00,00,00,4C,00,61,00,62,00,65,00,6C,00,73,00,00,00,42,00,6F,00,6E,00,64,00,00,00,52,00,65,00,63,00,79,00,63,00,6C,00,65,00,64,00,00,00,43,00,6F,00,6C,00,6F,00,72,00,65,00,64,00,00,00,4C,00,69,00,67,00,68,00,74,00,20,00,36,00,30,00,2D,00,37,00,34,00,67,00,00,00,43,00,61,00,72,00,64,00,73,00,74,00,6F,00,63,00,6B,00,20,00,31,00,37,00,36,00,2D,00,32,00,32,00,30,00,67,00,00,00,52,00,6F,00,75,00,67,00,68,00,00,00,48,00,50,00,20,00,45,00,63,00,6F,00,53,00,4D,00,41,00,52,00,54,00,20,00,4C,00,69,00,74,00,65,00,00,00,52,00,65,00,74,00,61,00,69,00,6C,00,20,00,53,00,68,00,65,00,6C,00,66,00,20,00,45,00,64,00,67,00,65,00,20,00,4C,00,61,00,62,00,65,00,6C,00,00,00,45,00,6E,00,76,00,65,00,6C,00,6F,00,70,00,65,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP LaserJet M603 PCL6 #3\DsDriver\]
"printBinNames"=hex(7):20,00,41,00,75,00,74,00,6F,00,6D,00,61,00,74,00,69,00,63,00,61,00,6C,00,6C,00,79,00,20,00,53,00,65,00,6C,00,65,00,63,00,74,00,00,00,20,00,50,00,72,00,69,00,6E,00,74,00,65,00,72,00,20,00,61,00,75,00,74,00,6F,00,20,00,73,00,65,00,6C,00,65,00,63,00,74,00,00,00,20,00,4D,00,61,00,6E,00,75,00,61,00,6C,00,20,00,46,00,65,00,65,00,64,00,20,00,69,00,6E,00,20,00,54,00,72,00,61,00,79,00,20,00,31,00,00,00,20,00,54,00,72,00,61,00,79,00,20,00,31,00,00,00,20,00,54,00,72,00,61,00,79,00,20,00,32,00,00,00,20,00,45,00,6E,00,76,00,65,00,6C,00,6F,00,70,00,65,00,20,00,46,00,65,00,65,00,64,00,65,00,72,00,00,00,55,00,6E,00,73,00,70,00,65,00,63,00,69,00,66,00,69,00,65,00,64,00,00,00,50,00,6C,00,61,00,69,00,6E,00,00,00,50,00,72,00,65,00,70,00,72,00,69,00,6E,00,74,00,65,00,64,00,00,00,4C,00,65,00,74,00,74,00,65,00,72,00,68,00,65,00,61,00,64,00,00,00,4D,00,6F,00,6E,00,6F,00,63,00,68,00,72,00,6F,00,6D,00,65,00,20,00,4C,00,61,00,73,00,65,00,72,00,20,00,54,00,72,00,61,00,6E,00,73,00,70,00,00,00,50,00,72,00,65,00,70,00,75,00,6E,00,63,00,68,00,65,00,64,00,00,00,4C,00,61,00,62,00,65,00,6C,00,73,00,00,00,42,00,6F,00,6E,00,64,00,00,00,52,00,65,00,63,00,79,00,63,00,6C,00,65,00,64,00,00,00,43,00,6F,00,6C,00,6F,00,72,00,65,00,64,00,00,00,4C,00,69,00,67,00,68,00,74,00,20,00,36,00,30,00,2D,00,37,00,34,00,67,00,00,00,43,00,61,00,72,00,64,00,73,00,74,00,6F,00,63,00,6B,00,20,00,31,00,37,00,36,00,2D,00,32,00,32,00,30,00,67,00,00,00,52,00,6F,00,75,00,67,00,68,00,00,00,48,00,50,00,20,00,45,00,63,00,6F,00,53,00,4D,00,41,00,52,00,54,00,20,00,4C,00,69,00,74,00,65,00,00,00,52,00,65,00,74,00,61,00,69,00,6C,00,20,00,53,00,68,00,65,00,6C,00,66,00,20,00,45,00,64,00,67,00,65,00,20,00,4C,00,61,00,62,00,65,00,6C,00,00,00,45,00,6E,00,76,00,65,00,6C,00,6F,00,70,00,65,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1EA1613833271DD4F9B087368A178752\]
"68AB67CA3301FFFF7706000000000060"="C:\\Programs\\Adobe\\Acrobat 11.0\\Acrobat\\Browser\\WCChromeExtn\\WCChromeExtn.crx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1EA1613833271DD4F9B087368A178752\68AB67CA3301FFFF7706000000000060\]
"File"="wcchromeextn.crx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1FC30C985A00E31439F18CED70F7C4D2\]
"DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\CadetBlue\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1FC30C985A00E31439F18CED70F7C4D2\]
"1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\CadetBlue\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3067F926ED9912F4391E40C69F477209\]
"DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\Lime\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3067F926ED9912F4391E40C69F477209\]
"1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\Lime\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\33B533CFD632FF7428FB3891655FA451\]
"DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\Yellow\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\33B533CFD632FF7428FB3891655FA451\]
"1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\Yellow\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\343D50647180F14459BFC76A6122977B\]
"DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\Orange\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\343D50647180F14459BFC76A6122977B\]
"1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\Orange\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37DD4111200875F4B8756F5ABD40035E\]
"AB9798B344027E11BAF100C092297F90"="C:\\PROGRAMS\\FOXIT SOFTWARE\\Foxit PhantomPDF\\plugins\\Creator\\ChromeAddin\\com.foxit.chromeaddin-win.json"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CCE4EA4F9F732646AD2A1AA3B087648\]
"DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\Coral\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CCE4EA4F9F732646AD2A1AA3B087648\]
"1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\Coral\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\52A21DC39D4797E4E972C8D885C9B231\]
"DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\LtGreen\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\52A21DC39D4797E4E972C8D885C9B231\]
"1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\LtGreen\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\578936055B216AE4DAFA7DC3EA79B34D\]
"AB9798B344027E11BAF100C092297F90"="02:\\SOFTWARE\\Google\\Chrome\\Extensions\\cifnddnffldieaamihfkhkdgnbhfmaci\\version"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5AFCC90E834E09C45A8DFAB7E2FF5193\]
"DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\Turquoise\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5AFCC90E834E09C45A8DFAB7E2FF5193\]
"1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\Turquoise\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61251F5CF4248F4489B1B7E0C5220BC4\]
"DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\Green\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61251F5CF4248F4489B1B7E0C5220BC4\]
"1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\Green\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\645A167E628A75642BA766D2E84567A8\]
"DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\Violet\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\645A167E628A75642BA766D2E84567A8\]
"1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\Violet\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7A39D73AC12816D47B7EBD74A5067E96\]
"68AB67CA3301FFFF7706000000000060"="C:\\Programs\\Adobe\\Acrobat 11.0\\Acrobat\\Browser\\WCFirefoxExtn\\chrome\\WCFirefoxExtn.jar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F4B94CEDBF699E5C90BC62EAD98988B\]
"3E6B44056D19765469E3842D283A1A78"="C:\\Program Files\\HP\\HP Officejet Pro 8620\\Bin\\HPGoogleChromeLauncher.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8934E9945CB43D94C9EC887EC3C55EA9\]
"DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\Blue\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8934E9945CB43D94C9EC887EC3C55EA9\]
"1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\Blue\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C7377BE780A4884B870276E2535E0D2\]
"AB9798B344027E11BAF100C092297F90"="C:\\PROGRAMS\\FOXIT SOFTWARE\\Foxit PhantomPDF\\plugins\\Creator\\ChromeAddin\\ChromeAddin.crx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ADF62504436AD264FA2F306EA479E133\]
"DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\Fuschia\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ADF62504436AD264FA2F306EA479E133\]
"1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\Fuschia\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA5E0F0678B149145A46218F4B8D793F\]
"DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\DarkGray\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA5E0F0678B149145A46218F4B8D793F\]
"1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\DarkGray\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC014E78EBBAA174094E0E7324C9590D\]
"68AB67CA3301FFFF7706000000000060"="C:\\Programs\\Adobe\\Acrobat 11.0\\Acrobat\\Browser\\WCChromeExtn\\WCChromeNativeMessagingHost.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC014E78EBBAA174094E0E7324C9590D\68AB67CA3301FFFF7706000000000060\]
"File"="wcchromenativemessaginghost."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D640AB7A350A0A2458874CE283D9E054\]
"DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\Purple\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D640AB7A350A0A2458874CE283D9E054\]
"1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\Purple\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED6E53275F6B9934F87DF1325224B8AD\]
"DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\BlueSteel\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED6E53275F6B9934F87DF1325224B8AD\]
"1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\BlueSteel\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC4E4D879034D34A9E3F22C9A93B8EF\]
"DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\Red\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC4E4D879034D34A9E3F22C9A93B8EF\]
"1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\Red\\frameBottom.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTPEnh\OSD\TouchPad\AppProfiles\Google Chrome\]
"AppExe"="chrome.exe"
"AppFriendlyName"="Google Chrome"

[HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTPEnh\PlugInConfig\TouchPad\AppProfiles\Google Chrome\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTPEnh\PlugInConfig\TouchPad\AppProfiles\Google Chrome\\3FingerGestures]
"ConfigID7KeyMacroV001"="ConfigID7KeyMacroBin"
"ConfigID3KeyMacroV001"="ConfigID3KeyMacroBin"
"ConfigID7KeyMacroBin"=hex(3):01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,09,04,09,04,00,00,00,00,09,04,00,00,00,00,00,00,01,00,00,00,00,00,00,00,12,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,01,00,38,20,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,25,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,01,00,4B,21,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,25,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,4B,E1,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,12,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,38,C0,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ConfigID3KeyMacroBin"=hex(3):01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,09,04,09,04,00,00,00,00,09,04,00,00,00,00,00,00,01,00,00,00,00,00,00,00,12,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,01,00,38,20,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,27,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,01,00,4D,21,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,27,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,4D,E1,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,12,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,38,C0,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTPEnh\WindowsDatabase\Chrome_RenderWidgetHostHWND\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTPEnh\WindowsDatabase\Chrome_RenderWidgetHostHWND\\Win8]
"iFlags"=dword:20081002

[HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTP\Defaults\AppProfiles\Google Chrome\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTP\Defaults\AppProfiles\Google Chrome\\3FingerGestures]
"ActionID1"=dword:0000001C
"ActionID3"=dword:0000001C
"ActionID5"=dword:0000001C
"ActionID7"=dword:0000001C

[HKEY_USERS\.DEFAULT\Software\Google\Chrome\]

[HKEY_USERS\.DEFAULT\Software\Google\Chrome\\TriggeredReset]
"ToolName"="Microsoft Windows Malicious Software Removal Tool - May 2017  "
"Timestamp"=hex(B):A6,DB,8B,BC,67,D7,D2,01

[HKEY_USERS\S-1-5-19\Software\Google\Chrome\]

[HKEY_USERS\S-1-5-19\Software\Google\Chrome\\TriggeredReset]
"ToolName"="Microsoft Windows Malicious Software Removal Tool - May 2017  "
"Timestamp"=hex(B):20,40,5C,BC,67,D7,D2,01

[HKEY_USERS\S-1-5-20\Software\Google\Chrome\]

[HKEY_USERS\S-1-5-20\Software\Google\Chrome\\TriggeredReset]
"ToolName"="Microsoft Windows Malicious Software Removal Tool - May 2017  "
"Timestamp"=hex(B):20,40,5C,BC,67,D7,D2,01

[HKEY_USERS\S-1-5-21-33363916-3624155930-1669969999-1003\Software\Google\Chrome\]

[HKEY_USERS\S-1-5-21-33363916-3624155930-1669969999-1003\Software\Google\Chrome\\TriggeredReset]
"ToolName"="Microsoft Windows Malicious Software Removal Tool - May 2017  "
"Timestamp"=hex(B):85,B7,84,BC,67,D7,D2,01

[HKEY_USERS\S-1-5-21-33363916-3624155930-1669969999-1003\Software\TeamViewer\]
"Buddy_QuickPresExclusions"=hex(7):4E,00,65,00,76,00,65,00,72,00,77,00,69,00,6E,00,74,00,65,00,72,00,2E,00,65,00,78,00,65,00,00,00,63,00,68,00,72,00,6F,00,6D,00,65,00,2E,00,65,00,78,00,65,00,00,00,64,00,65,00,76,00,65,00,6E,00,76,00,2E,00,65,00,78,00,65,00,00,00,65,00,76,00,6F,00,6C,00,75,00,74,00,69,00,6F,00,6E,00,2E,00,65,00,78,00,65,00,00,00,6D,00,65,00,64,00,69,00,61,00,6D,00,6F,00,6E,00,6B,00,65,00,79,00,2E,00,65,00,78,00,65,00,00,00,6D,00,73,00,6E,00,6D,00,73,00,67,00,72,00,2E,00,65,00,78,00,65,00,00,00,6F,00,70,00,65,00,72,00,61,00,2E,00,65,00,78,00,65,00,00,00,70,00,73,00,72,00,2E,00,65,00,78,00,65,00,00,00,73,00,75,00,70,00,65,00,72,00,2E,00,65,00,78,00,65,00,00,00,76,00,73,00,77,00,69,00,6E,00,65,00,78,00,70,00,72,00,65,00,73,00,73,00,2E,00,65,00,78,00,65,00,00,00,76,00,77,00,64,00,65,00,78,00,70,00,72,00,65,00,73,00,73,00,2E,00,65,00,78,00,65,00,00,00,77,00,64,00,65,00,78,00,70,00,72,00,65,00,73,00,73,00,2E,00,65,00,78,00,65,00,00,00,77,00,6C,00,6D,00,61,00,69,00,6C,00,2E,00,65,00,78,00,65,00,00,00,77,00,6C,00,78,00,70,00,68,00,6F,00,74,00,6F,00,67,00,61,00,6C,00,6C,00,65,00,72,00,79,00,2E,00,65,00,78,00,65,00,00,00,00,00

[HKEY_USERS\S-1-5-21-33363916-3624155930-1669969999-1004\Software\Google\Chrome\]

[HKEY_USERS\S-1-5-21-33363916-3624155930-1669969999-1004\Software\Google\Chrome\\TriggeredReset]
"ToolName"="Microsoft Windows Malicious Software Removal Tool - May 2017  "
"Timestamp"=hex(B):E3,0D,74,BC,67,D7,D2,01

[HKEY_USERS\S-1-5-21-33363916-3624155930-1669969999-500\Software\Google\Chrome\]

[HKEY_USERS\S-1-5-21-33363916-3624155930-1669969999-500\Software\Google\Chrome\\TriggeredReset]
"ToolName"="Microsoft Windows Malicious Software Removal Tool - May 2017  "
"Timestamp"=hex(B):A2,C5,65,BC,67,D7,D2,01

[HKEY_USERS\S-1-5-21-33363916-3624155930-1669969999-500\Software\TeamViewer\]
"Buddy_QuickPresExclusions"=hex(7):4E,00,65,00,76,00,65,00,72,00,77,00,69,00,6E,00,74,00,65,00,72,00,2E,00,65,00,78,00,65,00,00,00,62,00,63,00,73,00,79,00,73,00,33,00,32,00,2E,00,65,00,78,00,65,00,00,00,63,00,61,00,64,00,76,00,61,00,6E,00,63,00,65,00,2E,00,65,00,78,00,65,00,00,00,63,00,68,00,72,00,6F,00,6D,00,65,00,2E,00,65,00,78,00,65,00,00,00,64,00,65,00,76,00,65,00,6E,00,76,00,2E,00,65,00,78,00,65,00,00,00,65,00,63,00,6C,00,69,00,70,00,73,00,65,00,2E,00,65,00,78,00,65,00,00,00,65,00,76,00,6F,00,6C,00,75,00,74,00,69,00,6F,00,6E,00,2E,00,65,00,78,00,65,00,00,00,6D,00,65,00,64,00,69,00,61,00,6D,00,6F,00,6E,00,6B,00,65,00,79,00,2E,00,65,00,78,00,65,00,00,00,6D,00,73,00,6E,00,6D,00,73,00,67,00,72,00,2E,00,65,00,78,00,65,00,00,00,6F,00,65,00,6D,00,2E,00,65,00,78,00,65,00,00,00,6F,00,70,00,65,00,72,00,61,00,2E,00,65,00,78,00,65,00,00,00,70,00,73,00,72,00,2E,00,65,00,78,00,65,00,00,00,73,00,75,00,70,00,65,00,72,00,2E,00,65,00,78,00,65,00,00,00,74,00,65,00,61,00,6D,00,76,00,69,00,65,00,77,00,65,00,72,00,2E,00,65,00,78,00,65,00,00,00,76,00,73,00,77,00,69,00,6E,00,65,00,78,00,70,00,72,00,65,00,73,00,73,00,2E,00,65,00,78,00,65,00,00,00,76,00,77,00,64,00,65,00,78,00,70,00,72,00,65,00,73,00,73,00,2E,00,65,00,78,00,65,00,00,00,77,00,64,00,65,00,78,00,70,00,72,00,65,00,73,00,73,00,2E,00,65,00,78,00,65,00,00,00,77,00,6C,00,6D,00,61,00,69,00,6C,00,2E,00,65,00,78,00,65,00,00,00,77,00,6C,00,78,00,70,00,68,00,6F,00,74,00,6F,00,67,00,61,00,6C,00,6C,00,65,00,72,00,79,00,2E,00,65,00,78,00,65,00,00,00,00,00

[HKEY_USERS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Software\Google\Chrome\]

[HKEY_USERS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Software\Google\Chrome\\TriggeredReset]
"ToolName"="Microsoft Windows Malicious Software Removal Tool - May 2017  "
"Timestamp"=hex(B):20,40,5C,BC,67,D7,D2,01

 

[When I start Malwrebytes I get an error]

A few days ago I tried uninstalling Google Chrome when you asked it I had installed the developers edition.  I have looked to find it.  I don't see it in Programs and Features to uninstall.  I have done a search for chrome.*, Google.*.  I have have run the chrome_cleanup_tool.exe and found nothing.  Please let me know where it is so I can remove it.

I don't see a Fixlog.txt  any place on my PC. 

I have run FRST with the scan option.  Attached are the logs.

Thank you,

Docfxit

FRST.txt

Addition.txt

[When I start Malwrebytes I get an error]

I do have a lot of programs installed.  I do support a lot of people.

I did not rename FRST.exe

I did configure socks=127.0.0.1 port 1080.  I'm not using it right now.  I use when I go to a public hotspot to SSH into my work desktop.  The work desktop re-routs me out to the internet securely.

I did not opt for Google Chrome Developer build.  I don't like Chrome and I don't want it on this PC.  Where did you find it?

I have Uninstalled:

Absolute Uninstaller 5.3.1.21
Glary Undelete 5.0.1.19
Glary Utilities 5.78

I have followed your instructions for Step #2  Log attached.

I have followed your instructions for Step #3  Log attached.

I have followed your instructions for Step #4  Log attached.

Thank you very much for helping me clean this computer.

Docfxit

FRST.txt

AdwCleaner[C0].txt

log.txt

[When I start Malwrebytes I get an error]

I have finished running Malwarebytes Anti-Rootkit

Thank you,

Docfxit

mbar-log-2017-08-20 (08-57-23).txt

system-log.txt

[When I start Malwrebytes I get an error]

Thank you for working on this for me.

After extracting the files and before running the program I received this window:

I will think I should press Yes.

Docfxit

[When I start Malwrebytes I get an error]

When I try to start Malwarebytes I get this error:

http://

I have tried uninstalling Malwarebytes.  Re-Installing Malwarebytes.

I have tried running the clean program after uninstalling.

I have tried rebooting.

I have downloaded the latest version of Farbar and run the scan.

Please let me know what I should do to get Malwarebytes running.

Thank you,

Docfxit

Addition.txt

FRST.txt

[Can't remove permanently]

I am getting PUP notifications that show up every time I run Malwarebytes even though I select them and remove them.

What can I do to remove them permanently?

Thank you,

Docfxit

mbam-log-2017-01-13 (16-06-20).7z

[pup.optional.resulthunters.a]

I have run MalwareBytes ver. 2.0.4.1028

It found:

pup.optional.resulthunters.a

Location:

C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\eyfni07y.default\prefs.js

 

I would like to know what it is targeting in the prefs.js file.

 

I don't want to delete all of my preferences in Firefox.

 

Thank you,

 

Docfxit

[How to copy the update files to a PC with no internet connection]

This is great information.  And there are times when this information will be very helpful.

 

The situation I run into most often is that I have Malwarebytes installed on my computer and I can usually update it so it includes all the latest updates.  What I would like to know is what files include the latest updates so I can copy them from my updated computer to the infected computer.

 

Thanks,

 

Docfxit

[How to copy the update files to a PC with no internet connection]

I would like to have the capability of having the latest updates with me when I am fased with a computer that can't connect to the internet.  I always have a laptop with me to the current updates.

 

With the old version of Malwarebytes This used to work:

 

Note: Starting with Malwarebytes Anti-Malware 1.60, you must also copy the file database.conf located within the Configuration folder which is in the same folder as rules.ref listed above.

 

Taken from:

https://forums.malwarebytes.org/index.php?/topic/10138-common-questions-issues-and-their-solutions/#entry49525

 

On the latest version of Malwarebytes after I install the program and copy those two files to the correct folders it says they are out of date.

 

What else is required for the current version so I can run with the most up-to-date updates?

 

Thank you,

 

Docfxit

[Windows cannot find the log file]

Hello Docfxit,

Are you able to load the log file when you locate it?

Does this occur on every scan?

Can you include the log file in your next reply please.

Thank you!

Yes. I'm able to load it. It does display fine when it finishes the scan.

Yes this occurs on every scan.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5802

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2/18/2011 2:53:29 PM

mbam-log-2011-02-18 (14-53-29).txt

Scan type: Full scan (C:\|)

Objects scanned: 191332

Time elapsed: 1 hour(s), 23 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Thanks,

Docfxit

[Windows cannot find the log file]

Hello there Docfxit,

Is the log file being created inside the log folders of MBAM?

Log File Locations

• 
  Quick Scan and Full Scan Logs
  
  • Windows 2000 & Windows XP:
    C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
    
  • Windows Vista & Win7:
    C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

If it is please let us know.

Thank you!

Yes. All logs are showing in the logs folder. Including the exact log list in the example jpg I provide.

Docfxit

[Windows cannot find the log file]

I am getting an error in Malwarebytes after the scan is done and after I click on Show Results. It shows me the results and the log file and then it shows me this error. I don't know how to fix it. I have installed a new version of Malwarebytes but I haven't uninstalled it and then re-installed it yet.

[CA Antivirus 2010 removed Malwarebytes]

I'm not sure if there is but there very well could be. Please review the FAQ: http://forums.malwarebytes.org/index.php?showtopic=10138

It has examples of setting up file and folder exclusions for other AV products that do conflict with the program.

Maybe I should be more clear. When I installed CA Antivirus they didn't give me any warning about a conflict.

During the install the window said You have Malwarebytes installed on this computer. The install can not continue unless you remove Malwarebytes. Would you like the install to remove it for you?

Docfxit

[CA Antivirus 2010 removed Malwarebytes]

When I installed the latest version of Computer Associates Antivirus 2010 it wouldn't install unless I allowed it to remove Malwarebytes.

Now that CA Antivirus is installed can I re-install Malwarebytes?

Is there some conflict between the two?

Thanks,

Docfxit

[Run-time Error '372' vbalsgrid6.ocx]

Hello Docfxit,

I've spoken with ShadowPuterDude and he agreed that it would be okay for me to post this.

This is sort of a last ditch effort to attempt to fix your system to a point where he can start to work on the Malware removal again.

Please start NOTEPAD and copy the contents of the CODE box below to a new file. Do a File Save-As and in the drop down box for Save as type: make sure you select All Files and save it as REGDLL.BAT

Then double-click on it to run it. This will go through and re-register all the DLL files in your system folder for those that can be registered.

When it's done please restart your computer and try running the ISeeYouXP.exe again and let us know if you still get the error.

for /f "Tokens=*" %%i in ('dir /B C:\WINDOWS\SYSTEM32\*.DLL') do REGSVR32 /s C:\WINDOWS\SYSTEM32\%%i

ECHO.

ECHO.

ECHO All done updating files. Please restart your computer now.

ECHO.

PAUSE

If you get an error while trying to run this batch file please let me know what the error says.

Basically it should keep running through and showing you that its silently registering all the DLL files.

.

Thank you for trying to help with this.

I ran it and did get some errors. The errors are attached.

After I ran it I re-booted the PC. ISeeYouXP is producing the same errors.

Thank you,

Docfxit

[Run-time Error '372' vbalsgrid6.ocx]

It appears that the Visual Basic Scripting Engine is broken on this system. You were able to successfully run ComboFix, twice, which relies on vbs for several of it's functions.

You haven't been able to run anything that calls VB since.

I've had you register the VB runtimes, rebuild and then reinstall WMI/WBEM to no effect.

I believe it is time for a repair install of the operating system.

I have done an in place install over writing the OS that is there. I have too many programs installed that would have to be re-installed to do a repair install.

If I would do anything along those lines I would opt to do an application migration to a fresh newly installed XP Pro. I realize all applications will not migrate correctly and some may need to be re-installed but at least this way all won't have to be re-installed.

Do you know of a good program to migrate the applications.

Thank you,

Docfxit