robertmccartney
-
Posts
13 -
Joined
-
Last visited
-
Malwarebytes chrashes on threat removal
robertmccartney replied to robertmccartney's topic in Resolved Malware Removal Logs
Thank You Very much! I sent you a small donation, All i have right now in paypal, I know it aint much, but get yourself a beer! -
Malwarebytes chrashes on threat removal
robertmccartney replied to robertmccartney's topic in Resolved Malware Removal Logs
It seems fine, I did not want to do any banking which i must do, online till i knew malwarebytes was working! thank you so verymuch! -
Malwarebytes chrashes on threat removal
robertmccartney replied to robertmccartney's topic in Resolved Malware Removal Logs
ok that let me remove the threats here is the log scanlog.txt -
Malwarebytes chrashes on threat removal
robertmccartney replied to robertmccartney's topic in Resolved Malware Removal Logs
ok i did all that here is the file Fixlog.txt -
Malwarebytes chrashes on threat removal
robertmccartney replied to robertmccartney's topic in Resolved Malware Removal Logs
Here are the new FRST.txt and Addition.txt. Addition.txt FRST.txt -
Malwarebytes chrashes on threat removal
robertmccartney replied to robertmccartney's topic in Resolved Malware Removal Logs
ok that was quick there are the new logs Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by robert on Sat 05/30/2015 at 0:12:48.17. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\robert\Desktop\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2015-05-29-202118.log 22065 bytes ==== System Restore Info ====================== 5/30/2015 12:13:32 AM Zoek.exe System Restore Point Created Successfully. ==== Reset Google Chrome ====================== C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bad was reset successfully C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Web Data copy was reset successfully C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=115 folders=52 19995105 bytes) ==== EOF on Sat 05/30/2015 at 0:14:01.00 ====================== -
Malwarebytes chrashes on threat removal
robertmccartney replied to robertmccartney's topic in Resolved Malware Removal Logs
Sorry I just got home from work, I am running the zeok scan now for more logs, as i get that done i will give you the fresh look at the files, It will take a little bit! -
Malwarebytes chrashes on threat removal
robertmccartney replied to robertmccartney's topic in Resolved Malware Removal Logs
Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by robert on Fri 05/29/2015 at 15:53:09.89. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\robert\Downloads\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 5/29/2015 3:54:20 PM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\1&1 deleted successfully C:\PROGRA~2\Citrix deleted successfully C:\PROGRA~2\SearchProtect deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\PROGRA~3\Conduit deleted successfully C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\WinZipEC deleted successfully C:\Users\robert\AppData\Roaming\Opera deleted successfully C:\Users\robert\AppData\Roaming\Systweak deleted successfully C:\Users\robert\AppData\Roaming\ViralSubmitter deleted successfully C:\Users\robert\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\robert\AppData\Local\Bundled software uninstaller deleted successfully C:\Users\robert\AppData\Local\Conduit deleted successfully C:\Users\robert\AppData\Local\NativeMessaging deleted successfully C:\Users\robert\AppData\Local\PackageAware deleted successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\CrashDumps deleted successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4192798223-4126767017-1115232547-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0375C111-C2D3-A991-A053-3E5B293F0619} deleted successfully HKEY_USERS\S-1-5-21-4192798223-4126767017-1115232547-1000\Software\Microsoft\Internet Explorer\SearchScopes\{22BE2D89-7D0C-4B56-AC96-C19574842F59} deleted successfully HKEY_USERS\S-1-5-21-4192798223-4126767017-1115232547-1000\Software\Microsoft\Internet Explorer\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67} deleted successfully HKEY_USERS\S-1-5-21-4192798223-4126767017-1115232547-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6D9DAD8D-9A18-4C04-AE3E-2640510EBF87} deleted successfully HKEY_USERS\S-1-5-21-4192798223-4126767017-1115232547-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully HKEY_USERS\S-1-5-21-4192798223-4126767017-1115232547-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0375C111-C2D3-A991-A053-3E5B293F0619} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ==== Deleting Files \ Folders ====================== C:\PROGRA~2\1&1 not found C:\PROGRA~2\Citrix not found C:\PROGRA~2\SearchProtect not found C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found C:\PROGRA~3\WtewaOixwcp deleted C:\PROGRA~2\Xtreme Link Directory Submitter deleted C:\windows\SysNative\Tasks\Xloeuixnimur deleted C:\Users\robert\AppData\LocalLow\Conduit deleted C:\PROGRA~2\Mozilla Firefox\browser\nsprotector.js deleted C:\PROGRA~2\Idle Processor Utilization Services deleted C:\PROGRA~2\Push Button PL Article Site Builder deleted C:\PROGRA~2\jZip deleted C:\PROGRA~2\smartdl deleted C:\PROGRA~2\OApps deleted C:\PROGRA~2\Conduit deleted C:\register.js deleted C:\install.exe deleted C:\Users\robert\AppData\Roaming\SearchProtect deleted C:\Users\robert\53FA9A9F3C194D43AD6BDEF365D469BA.TMP deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\Package Cache deleted C:\Users\robert\AppData\Local\Ilivid Player deleted C:\Users\robert\AppData\Local\IAC deleted C:\Users\robert\AppData\Local\jZip deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lavasoft\WebCompanion deleted C:\Windows\SysNative\roboot64.exe deleted C:\windows\SysNative\Tasks\LaunchApp deleted C:\Users\robert\AppData\LocalLow\IAC deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted C:\END deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\ADM deleted C:\Windows\SysWOW64\LavasoftTcpService.dll deleted C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini deleted C:\Windows\Syswow64\InstallUtil.InstallLog deleted C:\Users\robert\Documents\Add-in Express deleted C:\Users\robert\Documents\Updater deleted C:\Users\Public\Desktop\eBay.lnk deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\muvsixbz.default-1432833818749 user_pref("browser.startup.homepage", "about:blank"); user_pref("browser.newtab.url", "about:blank"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{338950EA-82DB-44C1-930D-0C28E023C9F0}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [11/28/2014 08:20 PM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\robert\AppData\Roaming\Ewen Chia's My Free Website Builder\Profiles\p9xf7go9.default - Undetermined - %ProfilePath%\extensions\installed-extensions.txt ProfilePath: C:\Users\robert\AppData\Roaming\kompozer.net\KompoZer\Profiles\e3yk7lvt.default - Undetermined - %ProfilePath%\extensions\installed-extensions.txt - KompoZer classic - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} AppDir: C:\Program Files (x86)\Mozilla Firefox - Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\muvsixbz.default-1432833818749 252949179FE1C491B7D16A9AA376B29B - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealPlayer Video Downloader for HTML5 (32-bit) 2E661988463BCFA1B95D4DAAB9B0B6FA - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll - Shockwave Flash 5940C9564DCFE096BF63EC44E3425341 - C:\ProgramData\SpawnApps\plugin\npspawnapps1.0.0.5.dll - SpawnApps Plugin E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\robert\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104 ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.81 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions jpgalnioijgchfablfaknkbliianenml - No path found[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[05/01/2015 11:17 AM] Sniply - robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeihpnlhiiipbchlidcipfpiaecpkd AddThis - Share & Bookmark (new) - robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde Cyfe - robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejcimlnjdmkgappmhhmefkloocbephjh Bookmark Manager - robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik Facebook Social Plugin - robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdmclgnbhdiklglmmdcaelggigiiigpm Lone Tree - robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfmkllfplegemejikoabfpjdaoncphip Gmail Email Marketing & Newsletter Creator - robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ickiegcmbfnffcapkidefhnjapkbkfee AtContent - robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcodaadpgbgebkpkfnapnoknbialifmc Meme Creator - robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjoblfjnoijeaffgffgjbockejijpcke StumbleUpon - robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg WordPress.com - robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd Zoho CRM - robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn Chrome Hotword Shared Module - robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg SearchLock - robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol SocialMonkee Submitter - robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphmcdpcokgeknmaineflodmagodpmdd Base CRM Contact Clipper - robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nicjidfpofbnkackljcnpfkkpldenmna TabCloud - robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof Contact Management - SimplyCast - robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgikfapnoojlaolndpkpheiokbmboom ==== Chromium Startpages ====================== C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Preferences com","username":"robemccartn8@gmail.com"}},"homepage":"","homepage_is_newtabpage":true,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"7F2C593D48326381D381A2B312DFC2D8C36C3BB04987B8206AC4434F052FC910"},"default_search_provider":{"keyword":"D4328F63D2C196FE777DA392064916BE3410248BDD5C93FD6A6F87A18214FB7E","name":"3D34A8827FA875B8A0C8556045EB330BBD85A82ECA4165E63358104ED2CDAEC5","search_url":"55F380DA79B4A6F988E81813A9AAA83A0A89A7B0BC34BD9E0BA24180094454F5"},"default_search_provider_data":{"template_url_data":"3F7B6A2EB19DD65F0A26CC71634944B4CC4286092ADC93CF7E50EDD0A421679B"},"extensions":{"settings":{"aepeihpnlhiiipbchlidcipfpiaecpkd":"0524E221E962A4E90C4BD7CA678993D07DE397ECA8523BC45AF04CF5EA563340","ahfgeienlihckogmohjhadlkjgocpleb":"A9B510E66C75EBC67B8ED9E5B5CB7EAD0CB94D65ECE12CF879FAFAD131EFC1D6","alelhddbbhepgpmgidjdcjakblofbmce":"545E2FF476582A8FD36A20665860F50439EF1BA08BC2123DF767D8CD063EA776","bepbmhgboaologfdajaanbcjmnhjmhfn":"1BC826815499E369C5C4B30BEC09733039B915663315C5F5423067294F664949","blpcfgokakmgnkcojhhkbfbldkacnbeo":"19BD00F0D2CA3D1D2582E5E8459A68A3635D06CB7CE1F479EF64F50FA379E593","cgbogdmdefihhljhfeiklfiedefalcde":"18EE3DFA5EE02341B9F150317470F4739880DF9AEB269DABB33EAD3ED0A3A8E8","dlppkpafhbajpcmmoheippocdidnckmm":"ED8A47B4181B9BD46A0BC202699C1C745B37D17FD1CE291A05896BD4AAE19E20","eemcgdkfndhakfknompkggombfjjjeno":"A2E0C18F1D80D1E7040A28198C9BC20C22879D1983BF7F8AD96D97A9517A8561","ejcimlnjdmkgappmhhmefkloocbephjh":"A8BB851545F77241CB29B21AFE5F08AE607B0F915D64E69686843D9860C052FF","ennkphjdgehloodpbhlhldgbnhmacadg":"692926A13373A901E1D469D897AAECCD247DC45418AF4F634CE4DE2E0491F22B","fclgopkfdjefnodhjjjibdeliclclfje":"8E5843AE732C0BF034C0FC27FE5B375F9BE21C12C7998DEC6EB0CBB958A32699","gfdkimpbcpahaombhbimeihdjnejgicl":"D861F365665611DEFA2DB39CE830C0227763CDF076A197CE8089EC2B64B04961","giikciflnljhpomkphelpoiheghamifc":"CBDA5DE1444C01B20FEEA9DAEB14EB14D53571D2F5718D56F97946D682BBA07B","gmlllbghnfkpflemihljekbapjopfjik":"28B9D9485FD70ADD5B0789E3E1D6E5A78DF4118DA4A0375720CA4CB449F51172","hdmclgnbhdiklglmmdcaelggigiiigpm":"05DAE5709B0218A458324BE54A4F1EBB8E929175E63AA9858F045AD4B12B55A8","hfmkllfplegemejikoabfpjdaoncphip":"157E21F527BDC9CCC0D48A904CE97BEC681EEC431D15E889118254D326393D20","ickiegcmbfnffcapkidefhnjapkbkfee":"81C2624602F7B14358FB449491528F240492361C7B310C0DC84E0347F21ED9E7","jcodaadpgbgebkpkfnapnoknbialifmc":"073D17F935368B156558A0025CB964289F506D04B61599C49203474C0E73B4BF","jfhgappkgaganlhliehlbnnealfbpoie":"2848A5E5ACB61E0FA33E595921EF3F70BB805BCEFC24BFEBFB0F816A3FE678AE","jjoblfjnoijeaffgffgjbockejijpcke":"8F4B1221E0C061DBA92DE3DC75AE4DAB0936675CE6979EB831384E2BE806DE4D","jpgalnioijgchfablfaknkbliianenml":"FBFE595984D50E52ED3B3AF9CADF863652E1E98D721E8FD6C7AB1282F5B8BDBC","kcahibnffhnnjcedflmchmokndkjnhpg":"3B956B09D67E3ECC6B07FD4F9CD9BF0EDD306F71825AF8F0A124DF263461F889","khjnjifipfkgglficmipimgjpbmlbemd":"8CD2D7D7A9752DE51CFAA1A1F6B9593A2866FA99804C9546E3C0FCB03D375583","kigppphkaknhndejgcmckacpipcioacn":"07864736329B393AA00AC4E1166C917F15F4B05D9361467A5E9F2E324752A56B","kmendfapggjehodndflmmgagdbamhnfd":"5CACB9C2B37DD39CF927ABD345103924811FC7279E09AE20EF3D3A7579C698F9","lbnldfdnnhniifjjiakifofhdjangplj":"50BE277BB4B74E7A2240D6DFCE4EB6E1BE0EB2B5C3368FFD65D658A184E2FE3C","lccekmodgklaepjeofjdjpbminllajkg":"078A219715218E258DFCA75FE4340229D019DE1AD6C40AFD2FFD6B347DCDA9AB","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"4AA17C1D76DBF7567A2F2997088458E1D989BB124FB4CD1DBF91CB39EBCE8865","madakpajlmcpaodhfbekojajlhbdklol":"3E9ECA2BAEB4D96C0B79201FCCF960DF905B28863881DF006E6ACDFFD1252DD1","mfehgcgbbipciphmccgaenjidiccnmng":"93480DC5A7013FF3E8A76F03F933961EDE96D5D5891C5B70A427B6AD42FEA8D1","mfffpogegjflfpflabcdkioaeobkgjik":"E4BCAEFA9FCD34F88025CED398DB4BFEB35F304D1407CB540ACE1EB59CB63796","mgndgikekgjfcpckkfioiadnlibdjbkf":"A59F27FCCEDC4F2D14D25C9224040EEB5A9AE132DE861AB45DA33359BBC2DC4A","mhjfbmdgcfjbbpaeojofohoefgiehjai":"7783C2D9F59C744E4A55D2953362611D441884C1A443AA22810D7F2AB7DE2DD3","mphmcdpcokgeknmaineflodmagodpmdd":"F777007480DD06419218F294717EC32A24A45341A612B47C657CE5EF9767A1F5","nbpagnldghgfoolbancepceaanlmhfmd":"C62956CB9CEF99EA805CD0991FBC77498767C6AB0D036C35D211E4971ABAA569","neajdppkdcdipfabeoofebfddakdcjhd":"108CF62F21E3F98DDB5A0FE811DC9937E4622EE5C84251320D29324A01064839","nicjidfpofbnkackljcnpfkkpldenmna":"21C7313CA945DBDAE92CF9A0C6F2BE30B89C17107AE0758F9EB7CFDD6067CDCB","nkeimhogjdpnpccoofpliimaahmaaome":"0CB866DDB04566B0419DA8EA6BD68D3951115802249F6DE4616DB7243B35D6C9","nmmhkkegccagdldgiimedpiccmgmieda":"FDD7F3A7F148F9FD74A1C55C644F0FBD6970933F890E06B5BF3A63282658DD1B","npecfdijgoblfcgagoijgmgejmcpnhof":"05F883D2D6C7534F2B4034985E38170DB3877AFA3BCEBFE83F840ABE43ACB98C","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"97E1A03F3F4BB9DA8C8335E7C24ABC819680C09EBD606714402893CBECBFA9D9","pdfdcifbpbfgooijdefcahghfakaoiho":"63EC600379B9A7F0D056821709A2C0C87B4468DB5F017CA57846485C5CA3C3E1","pioclpoplcdbaefihamjohnefbikjilc":"701DE583F2E292F4D9E63BFD36563A5B6D1DC61DB63034C472CFC399F32E4F56","pjkljhegncpnkpknbcohdijeoejaedia":"888102E46F5CCBBC902937C0B9F1F56FD2E97B89F39AF77D4ECE5AF56A98E694","pmgikfapnoojlaolndpkpheiokbmboom":"2C7B45CDD16E294386CEA89640FC9501BE9EE48D41FE659278A6F79CF38B67D7","pminglaclldhniegaaacebbaojlkiipf":"CC25D3639E068E47BC136C53497B4EA21EF1137A1C393347B3636891286137A1"}},"google":{"services":{"last_username":"7983D94663E4D19506AA3B67E98DAF1459D3B13710DC5D784370B73A43A5FCEE","username":"09DD373713A6D51BAA153F364C8BF0A3A409A8BDF995245447487B5D5024C11D"}},"homepage":"2B1F04471D4A2CE41F99D156E2084541707455D23FD0166670104C86EB14A4FB","homepage_is_newtabpage":"9AAD02D6EA056CEE033F802092EA48ACC5919DC232E6066A35A802654B920F0F","pinned_tabs":"E1EC06AC6F26F1325856FE09BE4F33AFC0350CA07298A502FD8EED10BC502D1E","prefs":{"preference_reset_time":"9880786424E1F2887EA7EA8FAC9FBD9DBAAB24083EF262FB69212FAE7A078786"},"profile":{"reset_prompt_memento":"D454C4EB329DDC4262D78E019B658FE5D12C07B1BFA8CBBE39A6C0AC36EA4177"},"safebrowsing":{"incidents_sent":"1EB6397206869D3D3D8BFFDDD0D75C40293893F63448D76D9460BC113886C293"},"search_provider_overrides":"5466564DEF3294BCEA7CD450EBEF2212E048128AB0178CC7B7DA08AEF23C9244","session":{"restore_on_startup":"D6CAE79D92D6790CBC1128C7DA401D37869F347F8A6E5163A4A8D46104ECCF30","startup_urls":"02FF4FA9919EF47529F901C44118173FB8A049BB489E5DA2DF93A7C5B4D93CB0"},"software_reporter":{"prompt_reason":"3CD96DD350C0288AB4689B67415F10B7F87CFFAC87D7A2BFA97DB4597A736D72","prompt_seed":"3ED44F70713B3F42914D1B65CB6BB8EC7B5A46F8CD0B579CCE59309940748E20","prompt_version":"5EA6E0C533C5E905BE40F4C1F0F32202476F208E301551234FEE99D521EB8B70"},"sync":{"remaining_rollback_tries":"F54C0AADDB3E9A7FE2EDADD84A90C0C49F0ED2E181217C18801A58BDE5AD9437"}},"super_mac":"6B6168424D2029351C675C488FA8C60F845780C6D0C71BD1E236809FF5FC2B02"},"session":{"restore_on_startup":4,"startup_urls":["http://search.conduit.com/?ctid=CT3307181&SearchSource=48&CUI=UN22338228752630220&UM=2]},"sync":{"remaining_rollback_tries":0}} ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{85A60A59-D3D8-468F-B598-FB4393789EF4}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?pc=COSP&ptag=D052815-A6EC39D5B4CB74905A0F&form=CONBDF&conlogo=CT3332023&q={searchTerms}" {85A60A59-D3D8-468F-B598-FB4393789EF4} Google Url="https://www.google.com/search?q={searchTerms}" {8D28C696-8056-4DAB-A0AA-FCD90566083B} BenefitBar Url="http://search.benefitbar.com/benefitbar/search/www.php?tid=a1286&sch={searchTerms}" {A23192B1-6485-4AF8-903F-2B86AFF77621} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\netsight@nielsen.com deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0A2DEC29-333B-408B-B31B-0B34D73EBA4C} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NielsenOnline deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\robert\AppData\Local\Mozilla\Firefox\Profiles\muvsixbz.default-1432833818749\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=114 folders=49 19995105 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\robert\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\robert\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on Fri 05/29/2015 at 16:21:18.64 ====================== -
Malwarebytes chrashes on threat removal
robertmccartney replied to robertmccartney's topic in Resolved Malware Removal Logs
after, when it says, remove threats -
When i run the trial of pro, and it goes thru the scan, and i go to remove the 80+ threats, it crasshes and i get this message...error dialog showing ‘Malwarebytes Anti-Malware has stopped working’ and Windows suggest to check online for a solution and close the program or Close the program, Of course it never finds a solution! I have removed the program 2 times using the removal tool, and downloading and installing fresh files, this is still happening! Any suggestions would be gratly appreciated as I have no clue. I have read about every post and FAQ in this forum before joining, hoping to find a resolution! oh yea i am a novice at computers and data and files, I am a simple man! I have also ran the antiroot toolkit, with nothing found, i have also used teh chameleon software, with the same exact results as using teh pro version Addition.txt FRST.txt
-
ok thank you
-
I have also ran the antiroot toolkit, with nothing found, i have also used teh chameleon software, with the same exact results
-
When i run the trial of pro, and it goes thru the scan, and i go to remove the 80+ threats, it crasshes and i get this message...error dialog showing ‘Malwarebytes Anti-Malware has stopped working’ and Windows suggest to check online for a solution and close the program or Close the program, Of course it never finds a solution! I have removed the program 2 times using the removal tool, and downloading and installing fresh files, this is still happening! Any suggestions would be gratly appreciated as I have no clue. I have read about every post and FAQ in this forum before joining, hoping to find a resolution! oh yea i am a novice at computers and data and files, I am a simple man!