Jump to content

MBAM NOT RESPONDING


Recommended Posts

I am having issues with MBAM "not responding" after the heuristic analysis. I have already done a clean uninstall and have reinstalled the program with the same result. I have what appears to be over 50,000+ P.U.P.'s but am unable to quarantine or delete anything as MBAM keeps freezing on me. I had to use MBAM Chameleon before doing a clean uninstall, and am currently unable to use some much needed programs. I have attached the logs below... any help on the matter would be much appreciated... thank you

attach.txt

dds.txt

CheckResults.txt

FRST.txt

Addition.txt

Link to post
Share on other sites

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not be able to help you if you do not follow my instructions.





warning.gif Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
Step 1
 
 
 
remove%20outdated.jpg Uninstall some programs

We need to uninstall some unwanted/unneeded programs.
  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time


The list of programs to uninstall:

  • Strongvault Online Backup
  • Yontoo Layers


After completing uninstalls, please manually reboot your machine!

Note: If you get the message like: An error occurred while trying to uninstall, just press Yes.

 

 

 

Step 2

 

 

 

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.



Please attach it to your reply.

 

fixlist.txt

Link to post
Share on other sites

Thank you for the help thus far... I have removed all of the unwanted "illegal" programs from my computer (please let me know if there is anything I may have missed)... I was able to locate and remove/uninstall Yontoo Layers but I was unable to locate Strong Vault Online Backup (I found it running within my Task Manager_Applications and was able to End Task but that was the extent of it)... I have attached the requested log below... I ended up having some issues with the FRST program freezing up on me but here is the requested information... I look forward to hearing from you... Thanks again

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-05-2015 01
Ran by rawbert at 2015-05-13 22:08:36 Run:2
Running from C:\Users\rawbert\Desktop
Loaded Profiles: rawbert (Available profiles: rawbert)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
closeprocesses:
emptytemp:
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\...\Run: [PhotoGadgetFirstRun] => [X]
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\...\Run: [MusicGadget] => [X]
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\...\Run: [PhotoGadget] => [X]
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\...\Run: [TouchMemo] => [X]
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\...\Run: [PhotoGadgetFirstRun_Portal] => [X]
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\...\Run: [Ajwworks] => regsvr32.exe C:\Users\rawbert\AppData\Local\Ajwworks\CNHC370S.dll <===== ATTENTION
C:\Users\rawbert\AppData\Local\Ajwworks\CNHC370S.dll
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\...\MountPoints2: {2b2d2fb5-41f5-11e1-856a-00269e694b18} - E:\setup.exe -a
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\...\MountPoints2: {a31a099b-77c2-11e3-acca-00269e694b18} - F:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\...\Winlogon: [shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\rawbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8rj4vlcl.bat [2014-03-17] ()
Startup: C:\Users\rawbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trz9A2C.tmp [2014-03-24] ()
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.goodforsearch.info/?pid=24396&r=2015/05/01&hid=12295583688541847473&lg=EN&cc=US&unqvl=86
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4800&r=273601101200p0337y155k4831528p
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goodforsearch.info/?l=1&q={searchTerms}&pid=24396&r=2015/05/01&hid=12295583688541847473&lg=EN&cc=US&unqvl=86
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goodforsearch.info/?l=1&q={searchTerms}&pid=24396&r=2015/05/01&hid=12295583688541847473&lg=EN&cc=US&unqvl=86
SearchScopes: HKU\S-1-5-21-2529543049-304377750-2094877354-1001 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=119351&babsrc=SP_ss&mntrId=EE280017C4B6D686
SearchScopes: HKU\S-1-5-21-2529543049-304377750-2094877354-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=119351&babsrc=SP_ss&mntrId=EE280017C4B6D686
SearchScopes: HKU\S-1-5-21-2529543049-304377750-2094877354-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-2529543049-304377750-2094877354-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goodforsearch.info/?l=1&q={searchTerms}&pid=24396&r=2015/05/01&hid=12295583688541847473&lg=EN&cc=US&unqvl=86BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: NetAssistantBHO Class -> {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} -> C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} -  No File
Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} -  No File
Toolbar: HKU\S-1-5-21-2529543049-304377750-2094877354-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-2529543049-304377750-2094877354-1001 -> No Name - {F897EB0E-A3A4-46C3-80EB-2729699D8892} -  No File
FF DefaultSearchUrl: hxxp://websearch.goodforsearch.info/?pid=24396&r=2015/05/01&hid=12295583688541847473&lg=EN&cc=US&unqvl=86&l=1&q=
FF Homepage: hxxp://websearch.goodforsearch.info/?pid=24396&r=2015/05/01&hid=12295583688541847473&lg=EN&cc=US&unqvl=86
FF SearchEngineOrder.1: WebSearch
FF DefaultSearchEngine: WebSearch
FF SelectedSearchEngine: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Keyword.URL: hxxp://websearch.goodforsearch.info/?pid=24396&r=2015/05/01&hid=12295583688541847473&lg=EN&cc=US&unqvl=86&l=1&q=
FF SearchPlugin: C:\Users\rawbert\AppData\Roaming\Mozilla\Firefox\Profiles\dws2aqi2.default\searchplugins\delta.xml [2013-04-21]
FF SearchPlugin: C:\Users\rawbert\AppData\Roaming\Mozilla\Firefox\Profiles\dws2aqi2.default\searchplugins\MyStart Search.xml [2012-09-14]
FF SearchPlugin: C:\Users\rawbert\AppData\Roaming\Mozilla\Firefox\Profiles\dws2aqi2.default\searchplugins\WebSearch.xml [2015-05-01]
FF Extension: Yontoo - C:\Users\rawbert\AppData\Roaming\Mozilla\Firefox\Profiles\dws2aqi2.default\Extensions\plugin@yontoo.com.xpi [2013-03-02]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
S2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [X]
C:\ProgramData\28zfrriod.odd
C:\ProgramData\2jwgrbni.bxx
C:\ProgramData\2jwgrbni.fvv
C:\ProgramData\8rj4vlcl.fee
C:\ProgramData\8rj4vlcl.zvv
C:\ProgramData\9191964.bat
C:\ProgramData\9191964.pad
C:\ProgramData\9191964.reg
C:\ProgramData\dapeton.pad
C:\ProgramData\l4rjzjqlc.bxx
C:\ProgramData\l4rjzjqlc.fvv
C:\Users\rawbert\icq.exe
C:\Users\rawbert\AppData\Roaming\skype.ini
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\Users\rawbert\AppData\Local\Temp:jjEP9344g93MZdeI2panjvdFwBNx
*****************

Processes closed successfully.
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\Software\Microsoft\Windows\CurrentVersion\Run\\PhotoGadgetFirstRun => Value not found.
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\Software\Microsoft\Windows\CurrentVersion\Run\\MusicGadget => Value not found.
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\Software\Microsoft\Windows\CurrentVersion\Run\\PhotoGadget => Value not found.
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\Software\Microsoft\Windows\CurrentVersion\Run\\TouchMemo => Value not found.
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\Software\Microsoft\Windows\CurrentVersion\Run\\PhotoGadgetFirstRun_Portal => value deleted successfully.
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Ajwworks => Value not found.
"C:\Users\rawbert\AppData\Local\Ajwworks\CNHC370S.dll" => File/Directory not found.
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b2d2fb5-41f5-11e1-856a-00269e694b18} => Key not found.
HKCR\CLSID\{2b2d2fb5-41f5-11e1-856a-00269e694b18} => Key not found.
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a31a099b-77c2-11e3-acca-00269e694b18} => Key not found.
HKCR\CLSID\{a31a099b-77c2-11e3-acca-00269e694b18} => Key not found.
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
C:\Users\rawbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8rj4vlcl.bat not found.
C:\Users\rawbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trz9A2C.tmp not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKCR\Wow6432Node\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKCR\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} => Key not found.
HKCR\Wow6432Node\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value not found.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Value not found.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{b278d9f8-0fa9-465e-9938-0c392605d8e3} => Value not found.
HKCR\Wow6432Node\CLSID\{b278d9f8-0fa9-465e-9938-0c392605d8e3} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{06C7AD57-B655-418D-9AB8-9526A6D2E052} => Value not found.
HKCR\Wow6432Node\CLSID\{06C7AD57-B655-418D-9AB8-9526A6D2E052} => Key not found.
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKU\S-1-5-21-2529543049-304377750-2094877354-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F897EB0E-A3A4-46C3-80EB-2729699D8892} => Value not found.
HKCR\CLSID\{F897EB0E-A3A4-46C3-80EB-2729699D8892} => Key not found.
Firefox DefaultSearchUrl deleted successfully.
Firefox homepage deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox SearchEngineOrder.1,S deleted successfully.
Firefox DefaultSearchEngine,S deleted successfully.
Firefox SelectedSearchEngine,S deleted successfully.
Firefox Keyword.URL deleted successfully.
"C:\Users\rawbert\AppData\Roaming\Mozilla\Firefox\Profiles\dws2aqi2.default\searchplugins\delta.xml" => not found.
"C:\Users\rawbert\AppData\Roaming\Mozilla\Firefox\Profiles\dws2aqi2.default\searchplugins\MyStart Search.xml" => not found.
"C:\Users\rawbert\AppData\Roaming\Mozilla\Firefox\Profiles\dws2aqi2.default\searchplugins\WebSearch.xml" => not found.
C:\Users\rawbert\AppData\Roaming\Mozilla\Firefox\Profiles\dws2aqi2.default\Extensions\plugin@yontoo.com.xpi not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} => Value not found.
wacommousefilter => Service not found.
wacomvhid => Service not found.
TabletServiceWacom => Service not found.
"C:\ProgramData\28zfrriod.odd" => File/Directory not found.
"C:\ProgramData\2jwgrbni.bxx" => File/Directory not found.
"C:\ProgramData\2jwgrbni.fvv" => File/Directory not found.
"C:\ProgramData\8rj4vlcl.fee" => File/Directory not found.
"C:\ProgramData\8rj4vlcl.zvv" => File/Directory not found.
"C:\ProgramData\9191964.bat" => File/Directory not found.
"C:\ProgramData\9191964.pad" => File/Directory not found.
"C:\ProgramData\9191964.reg" => File/Directory not found.
"C:\ProgramData\dapeton.pad" => File/Directory not found.
"C:\ProgramData\l4rjzjqlc.bxx" => File/Directory not found.
"C:\ProgramData\l4rjzjqlc.fvv" => File/Directory not found.
"C:\Users\rawbert\icq.exe" => File/Directory not found.
"C:\Users\rawbert\AppData\Roaming\skype.ini" => File/Directory not found.
"C:\ProgramData\Temp" => ":0B4227B4" ADS not found.
"C:\Users\rawbert\AppData\Local\Temp" => ":jjEP9344g93MZdeI2panjvdFwBNx" ADS not found.

Link to post
Share on other sites

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

 

 

 

 

 

mbam-old.png Uninstall outdated Malwarebytes' Anti-Malware

Please download MBAM-clean and save it to your desktop.
 

  • Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.

After that follow my next instructions to download & install the newset MBAM version.

 

Link to post
Share on other sites

Here you go

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by rawbert on Thu 05/14/2015 at 19:28:00.26.

Running in: Normal Mode Internet Access Detected
Launched: C:\Users\rawbert\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

Failed to create System Restore Point

==== Empty Folders Check ======================

C:\PROGRA~2\Brother deleted successfully
C:\PROGRA~2\eMusic Download Manager deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Yahoo! deleted successfully
C:\PROGRA~2\COMMON~1\Apple deleted successfully
C:\PROGRA~2\COMMON~1\Blizzard Entertainment deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\ALM deleted successfully
C:\PROGRA~3\Babylon deleted successfully
C:\PROGRA~3\Yahoo! deleted successfully
C:\Users\rawbert\AppData\Roaming\eMusic deleted successfully
C:\Users\rawbert\AppData\Roaming\HpUpdate deleted successfully
C:\Users\rawbert\AppData\Roaming\Opera deleted successfully
C:\Users\rawbert\AppData\Roaming\TP deleted successfully
C:\Users\rawbert\AppData\Local\Conduit deleted successfully
C:\Users\rawbert\AppData\Local\LogMeIn Rescue Applet deleted successfully
C:\Users\rawbert\AppData\Local\PACE Anti-Piracy deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2529543049-304377750-2094877354-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully
HKEY_USERS\S-1-5-21-2529543049-304377750-2094877354-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\rawbert\AppData\Roaming\Mozilla\Firefox\Profiles\dws2aqi2.default

---- Lines delta removed from prefs.js ----
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "ee28544c0000000000000017c4b6d686");
user_pref("extensions.delta.instlDay", "15817");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.16.16");
user_pref("extensions.delta.vrsnTs", "1.8.16.1621:46:29");
user_pref("extensions.delta.vrsni", "1.8.16.16");
---- Lines delta removed from user.js ----

user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.id", "ee28544c0000000000000017c4b6d686");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.instlDay", "15817");
user_pref("extensions.delta.vrsn", "1.8.16.16");
user_pref("extensions.delta.vrsni", "1.8.16.16");
user_pref("extensions.delta.vrsnTs", "1.8.16.1621:46:29");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.newTab", false);

---- FireFox user.js and prefs.js backups ----

user_20150514_0803_.backup
prefs_20150514_0803_.backup

==== Batch Command(s) Run By Tool======================

C:\Windows\system32\appdata deleted

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Brother not found
C:\PROGRA~2\eMusic Download Manager not found
C:\PROGRA~2\Yahoo! not found
C:\Users\rawbert\AppData\Roaming\Mozilla\Firefox\Profiles\dws2aqi2.default\extensions\plugin@yontoo.com.xpi not found
C:\Users\rawbert\AppData\Roaming\7_ZipPackages deleted
C:\PROGRA~3\{3b2acebe-8397-44f4-3b2a-acebe8393afa} deleted
C:\Users\rawbert\AppData\LocalLow\Conduit deleted
C:\Users\rawbert\.android deleted
C:\PROGRA~2\Microsoft Touch Pack for Windows 7 deleted
C:\PROGRA~2\NCH Software\Components\NCHToolbars deleted
C:\PROGRA~2\COMMON~1\Software Update Utility deleted
C:\PROGRA~2\Free Offers from Freeze.com deleted
C:\PROGRA~2\Freeze.com deleted
C:\PROGRA~2\W3i deleted
C:\PROGRA~2\Conduit deleted
C:\Users\rawbert\AppData\Roaming\Yahoo! deleted
C:\Users\rawbert\AppData\Roaming\Strongvault deleted
C:\Users\rawbert\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~3\APN deleted
C:\PROGRA~3\W3i deleted
C:\PROGRA~3\Partner deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\rawbert\AppData\Local\CRE deleted
C:\Users\rawbert\AppData\LocalLow\Yahoo! deleted
C:\Users\rawbert\AppData\LocalLow\Yahoo! Companion deleted
C:\Users\rawbert\AppData\LocalLow\Delta deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Yahoo! deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion deleted
C:\Windows\wininit.ini deleted
C:\end deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\rawbert\Documents\Updater deleted
C:\Users\rawbert\AppData\Roaming\Mozilla\Firefox\Profiles\dws2aqi2.default\valueApps deleted
C:\Users\rawbert\AppData\Roaming\Mozilla\Firefox\Profiles\dws2aqi2.default\Invalidprefs.js deleted
C:\Users\rawbert\AppData\Roaming\Mozilla\Firefox\Profiles\dws2aqi2.default\bProtector_extensions.rdf deleted
C:\Users\rawbert\AppData\Roaming\Mozilla\Firefox\Profiles\dws2aqi2.default\CT3061355 deleted
C:\Users\rawbert\AppData\Roaming\Mozilla\Firefox\Profiles\dws2aqi2.default\FCTB deleted
C:\Users\rawbert\AppData\Roaming\Mozilla\Firefox\Profiles\dws2aqi2.default\extensions\{f897eb0e-a3a4-46c3-80eb-2729699d8892} deleted
C:\Users\rawbert\AppData\Roaming\Mozilla\Firefox\Profiles\dws2aqi2.default\smartbar deleted
"C:\Windows\Installer\1347ba5.msi" deleted
"C:\PROGRA~2\Bonjour\mdnsNSP.dll" deleted
"C:\Users\rawbert\AppData\Local\Strongvault Online Backup\Common.dll" deleted
"C:\Users\rawbert\AppData\Local\Strongvault Online Backup\SMessaging.exe" deleted
"C:\Users\rawbert\AppData\Local\Strongvault Online Backup\SOS.Contracts.Infiniscale.dll" deleted
"C:\Users\rawbert\AppData\Local\Strongvault Online Backup\SOSLibrary.dll" deleted
"C:\PROGRA~3\Strongvault Online Backup\Logs\Messaging_2015-05-14-06-54-03-073.log" not deleted
"C:\PROGRA~2\Bonjour" not deleted
"C:\PROGRA~3\Strongvault Online Backup" not deleted
"C:\Users\rawbert\AppData\Local\Strongvault Online Backup" not deleted
"C:\PROGRA~3\Strongvault Online Backup\Logs" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{336D0C35-8A85-403a-B9D2-65C292C39087}"="C:\Program Files\Web Assistant\Firefox" []
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [05/04/2015 09:44 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}"="C:\Users\rawbert\AppData\Roaming\NetAssistant" [05/02/2011 06:02 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\rawbert\AppData\Roaming\Mozilla\Firefox\Profiles\dws2aqi2.default
- Freeze.com NetAssistant - C:\Users\rawbert\AppData\Roaming\NetAssistant
- Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF
- ShopToWin2 - %ProfilePath%\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\rawbert\AppData\Roaming\Mozilla\Firefox\Profiles\dws2aqi2.default
49D429EBF5305FC9ADD7545B7C914333 - C:\Users\rawbert\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
6BEAD7859E8A087BE04556AB5A78855C - C:\Users\rawbert\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
98137411B9C632095F919E2CE70B288A - C:\Users\rawbert\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update
E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\rawbert\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104
1C27D3E29218B6EADDB87A6B335637E3 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 6.0.320.5
09B4E13D25623D879D35286E2D29FF13 - C:\Users\rawbert\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
178F30EB6105041AE4FA3943DBF40C75 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll - WacomTabletPlugin
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Chromium Look ======================

Google Chrome Version: 42.0.2311.152

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswwebrepchrome-sp.crx[08/14/2014 08:37 PM]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[03/12/2015 08:15 PM]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[08/14/2013 11:12 AM]
phfmiknmhngmmlcppkpmbnopohlnfpbh - C:\Users\rawbert\AppData\Local\CRE\phfmiknmhngmmlcppkpmbnopohlnfpbh.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
phfmiknmhngmmlcppkpmbnopohlnfpbh - C:\Users\rawbert\AppData\Local\CRE\phfmiknmhngmmlcppkpmbnopohlnfpbh.crx[]

Bookmark Manager - rawbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Chrome Hotword Shared Module - rawbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Skype Click to Call - rawbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
SmileBox EN - rawbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\phfmiknmhngmmlcppkpmbnopohlnfpbh

==== Chromium Startpages ======================

C:\Users\rawbert\AppData\Local\Google\Chrome\User Data\Default\Preferences
"startup_urls": [ "http://www.google.com/" ]

==== Chromium Fix ======================

C:\Users\rawbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\phfmiknmhngmmlcppkpmbnopohlnfpbh deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0F95EF9AAFB5FDF4486C4F4575173597 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\phfmiknmhngmmlcppkpmbnopohlnfpbh deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\phfmiknmhngmmlcppkpmbnopohlnfpbh deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A9FE59F0-5BFA-4FDF-84C6-F45457715379} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sansa Updater deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0F95EF9AAFB5FDF4486C4F4575173597 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\rawbert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\rawbert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\rawbert\AppData\Local\Mozilla\Firefox\Profiles\dws2aqi2.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\rawbert\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=66672 folders=471 397821631 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\rawbert\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\rawbert\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~3\Strongvault Online Backup\Logs\Messaging_2015-05-14-06-54-03-073.log"  not found
"C:\PROGRA~2\Bonjour"  not found
"C:\PROGRA~3\Strongvault Online Backup"  not found
"C:\Users\rawbert\AppData\Local\Strongvault Online Backup"  deleted
"C:\Users\rawbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\phfmiknmhngmmlcppkpmbnopohlnfpbh" not found

==== EOF on Thu 05/14/2015 at 22:40:48.60 ======================

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.