Jump to content

Docfxit

Honorary Members
  • Posts

    56
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

3,042 profile views
  1. I uninstalled MBAM from a new user with Total Uninstall. After MBAM finished the Uninstall, Total Uninstall found and deleted the remaining items: I ran MBAM clean. I installed MBAM. It installed and ran fine. I logged off that user and logged into my normal user. It ran fine. That seemed to fix the problem. I have run the Uninstall procedure exactly as above in my normal user before and it didn't fix the problem. Thank you very much for discovering the solution. Docfxit
  2. Thank you for looking into this further. Docfxit FRST.txt mb-check-results.zip
  3. I have done a clean boot. I am getting the same error when I install Malwarebytes. Thanks for the help. Docfxit
  4. I ran Malwarebytes Anti-Rootkit. Log files attached. I ran Clean mbam-clean-2.3.0.1001.exe. I installed Malwarebytes mb3-setup-consumer-3.2.2.2018.exe I'm getting an error when I start Malwarebytes: Thanks for the help. Docfxit mbar-log-2017-09-01 (05-33-36).txt system-log.txt
  5. I ran FRST as you requested. I have attached the results in post #8. I'm waiting for the next instruction from you to get Malwarebytes working. Thank you, Docfxit
  6. I found the following files related to Chrome. I have removed them. C:\Programs\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx C:\Programs\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\com.foxit.chromeaddin-win.json C:\Programs\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\manifest.json C:\Programs\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx C:\Programs\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301FFFF7706000000000060\11.0.0\wcchromeextn.crx C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301FFFF7706000000000060\11.0.0\wcchromenativemessaginghost Docfxit
  7. I found in the registry the following entries. I have removed them. Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\CNS\] "IgnoreGoogleChrome"="False" [HKEY_CURRENT_USER\Software\Google\Chrome\] [HKEY_CURRENT_USER\Software\Google\Chrome\\Extensions] [HKEY_CURRENT_USER\Software\Google\Chrome\\NativeMessagingHosts] [HKEY_CURRENT_USER\Software\Google\Chrome\\NativeMessagingHosts\com.webex.meeting] @="C:\\Users\\Gary\\AppData\\Local\\WebEx\\ChromeNativeHost\\manifest.json" [HKEY_CURRENT_USER\Software\Google\Chrome\\TriggeredReset] "ToolName"="Microsoft Windows Malicious Software Removal Tool - May 2017 " "Timestamp"=hex(B):C0,DE,59,BC,67,D7,D2,01 [HKEY_CURRENT_USER\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\] "ap"="-dev-multi-chrome" [HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\] "ap"="2.0-dev-multi-chrome" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IEDevTools\Options\UAString\] "Chrome"="Mozilla/5.0 (Windows NT 6.2) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe\] [HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Shockwave 12\3rdptycode\DeclineCount\Chrome\] "count"="12" [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\] [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\\Extensions] [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl] "update_url"="https://clients2.google.com/service/update2/crx" [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci] "version"="8.1.0.1" "path"="C:\\PROGRAMS\\FOXIT SOFTWARE\\Foxit PhantomPDF\\plugins\\Creator\\ChromeAddin\\ChromeAddin.crx" "update_url"="https://clients2.google.com/service/update2/crx" [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\\Extensions\efaidnbmnnnibpcajpcglclefindmkaj] "path"="C:\\Programs\\Adobe\\Acrobat 11.0\\Acrobat\\Browser\\WCChromeExtn\\WCChromeExtn.crx" "update_url"="https://clients2.google.com/service/update2/crx" "version"="11.0.6.70" [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\\Extensions\gannpgaobkkhmpomoijebaigcapoeebl] "update_url"="https://clients2.google.com/service/update2/crx" [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\\NativeMessagingHosts] [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\\NativeMessagingHosts\com.adobe.acrobat.chrome_webcapture] @="C:\\Programs\\Adobe\\Acrobat 11.0\\Acrobat\\Browser\\WCChromeExtn\\manifest.json" [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\\NativeMessagingHosts\com.bitdefender.wallet.v19] @="C:\\Programs\\Bitdefender\\Bitdefender 2017\\bdwtxcr.json" [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\\NativeMessagingHosts\com.foxit.chromeaddin] @="C:\\PROGRAMS\\FOXIT SOFTWARE\\Foxit PhantomPDF\\plugins\\Creator\\ChromeAddin\\com.foxit.chromeaddin-win.json" [HKEY_LOCAL_MACHINE\SOFTWARE\Google\No Chrome Offer Until\] "Irfan Skiljan"=dword:013377BB "Hewlett-Packard Development Company, LP"=dword:0133C839 "Piriform Ltd"=dword:0133C968 "SUPERAntiSpyware"=dword:0133EC8C [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP LaserJet M603 PCL6 #1\DsDriver\] "printBinNames"=hex(7):20,00,41,00,75,00,74,00,6F,00,6D,00,61,00,74,00,69,00,63,00,61,00,6C,00,6C,00,79,00,20,00,53,00,65,00,6C,00,65,00,63,00,74,00,00,00,20,00,50,00,72,00,69,00,6E,00,74,00,65,00,72,00,20,00,61,00,75,00,74,00,6F,00,20,00,73,00,65,00,6C,00,65,00,63,00,74,00,00,00,20,00,4D,00,61,00,6E,00,75,00,61,00,6C,00,20,00,46,00,65,00,65,00,64,00,20,00,69,00,6E,00,20,00,54,00,72,00,61,00,79,00,20,00,31,00,00,00,20,00,54,00,72,00,61,00,79,00,20,00,31,00,00,00,20,00,54,00,72,00,61,00,79,00,20,00,32,00,00,00,20,00,45,00,6E,00,76,00,65,00,6C,00,6F,00,70,00,65,00,20,00,46,00,65,00,65,00,64,00,65,00,72,00,00,00,55,00,6E,00,73,00,70,00,65,00,63,00,69,00,66,00,69,00,65,00,64,00,00,00,50,00,6C,00,61,00,69,00,6E,00,00,00,50,00,72,00,65,00,70,00,72,00,69,00,6E,00,74,00,65,00,64,00,00,00,4C,00,65,00,74,00,74,00,65,00,72,00,68,00,65,00,61,00,64,00,00,00,4D,00,6F,00,6E,00,6F,00,63,00,68,00,72,00,6F,00,6D,00,65,00,20,00,4C,00,61,00,73,00,65,00,72,00,20,00,54,00,72,00,61,00,6E,00,73,00,70,00,00,00,50,00,72,00,65,00,70,00,75,00,6E,00,63,00,68,00,65,00,64,00,00,00,4C,00,61,00,62,00,65,00,6C,00,73,00,00,00,42,00,6F,00,6E,00,64,00,00,00,52,00,65,00,63,00,79,00,63,00,6C,00,65,00,64,00,00,00,43,00,6F,00,6C,00,6F,00,72,00,65,00,64,00,00,00,4C,00,69,00,67,00,68,00,74,00,20,00,36,00,30,00,2D,00,37,00,34,00,67,00,00,00,43,00,61,00,72,00,64,00,73,00,74,00,6F,00,63,00,6B,00,20,00,31,00,37,00,36,00,2D,00,32,00,32,00,30,00,67,00,00,00,52,00,6F,00,75,00,67,00,68,00,00,00,48,00,50,00,20,00,45,00,63,00,6F,00,53,00,4D,00,41,00,52,00,54,00,20,00,4C,00,69,00,74,00,65,00,00,00,52,00,65,00,74,00,61,00,69,00,6C,00,20,00,53,00,68,00,65,00,6C,00,66,00,20,00,45,00,64,00,67,00,65,00,20,00,4C,00,61,00,62,00,65,00,6C,00,00,00,45,00,6E,00,76,00,65,00,6C,00,6F,00,70,00,65,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP LaserJet M603 PCL6 #2\DsDriver\] "printBinNames"=hex(7):20,00,41,00,75,00,74,00,6F,00,6D,00,61,00,74,00,69,00,63,00,61,00,6C,00,6C,00,79,00,20,00,53,00,65,00,6C,00,65,00,63,00,74,00,00,00,20,00,50,00,72,00,69,00,6E,00,74,00,65,00,72,00,20,00,61,00,75,00,74,00,6F,00,20,00,73,00,65,00,6C,00,65,00,63,00,74,00,00,00,20,00,4D,00,61,00,6E,00,75,00,61,00,6C,00,20,00,46,00,65,00,65,00,64,00,20,00,69,00,6E,00,20,00,54,00,72,00,61,00,79,00,20,00,31,00,00,00,20,00,54,00,72,00,61,00,79,00,20,00,31,00,00,00,20,00,54,00,72,00,61,00,79,00,20,00,32,00,00,00,20,00,45,00,6E,00,76,00,65,00,6C,00,6F,00,70,00,65,00,20,00,46,00,65,00,65,00,64,00,65,00,72,00,00,00,55,00,6E,00,73,00,70,00,65,00,63,00,69,00,66,00,69,00,65,00,64,00,00,00,50,00,6C,00,61,00,69,00,6E,00,00,00,50,00,72,00,65,00,70,00,72,00,69,00,6E,00,74,00,65,00,64,00,00,00,4C,00,65,00,74,00,74,00,65,00,72,00,68,00,65,00,61,00,64,00,00,00,4D,00,6F,00,6E,00,6F,00,63,00,68,00,72,00,6F,00,6D,00,65,00,20,00,4C,00,61,00,73,00,65,00,72,00,20,00,54,00,72,00,61,00,6E,00,73,00,70,00,00,00,50,00,72,00,65,00,70,00,75,00,6E,00,63,00,68,00,65,00,64,00,00,00,4C,00,61,00,62,00,65,00,6C,00,73,00,00,00,42,00,6F,00,6E,00,64,00,00,00,52,00,65,00,63,00,79,00,63,00,6C,00,65,00,64,00,00,00,43,00,6F,00,6C,00,6F,00,72,00,65,00,64,00,00,00,4C,00,69,00,67,00,68,00,74,00,20,00,36,00,30,00,2D,00,37,00,34,00,67,00,00,00,43,00,61,00,72,00,64,00,73,00,74,00,6F,00,63,00,6B,00,20,00,31,00,37,00,36,00,2D,00,32,00,32,00,30,00,67,00,00,00,52,00,6F,00,75,00,67,00,68,00,00,00,48,00,50,00,20,00,45,00,63,00,6F,00,53,00,4D,00,41,00,52,00,54,00,20,00,4C,00,69,00,74,00,65,00,00,00,52,00,65,00,74,00,61,00,69,00,6C,00,20,00,53,00,68,00,65,00,6C,00,66,00,20,00,45,00,64,00,67,00,65,00,20,00,4C,00,61,00,62,00,65,00,6C,00,00,00,45,00,6E,00,76,00,65,00,6C,00,6F,00,70,00,65,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP LaserJet M603 PCL6 #3\DsDriver\] "printBinNames"=hex(7):20,00,41,00,75,00,74,00,6F,00,6D,00,61,00,74,00,69,00,63,00,61,00,6C,00,6C,00,79,00,20,00,53,00,65,00,6C,00,65,00,63,00,74,00,00,00,20,00,50,00,72,00,69,00,6E,00,74,00,65,00,72,00,20,00,61,00,75,00,74,00,6F,00,20,00,73,00,65,00,6C,00,65,00,63,00,74,00,00,00,20,00,4D,00,61,00,6E,00,75,00,61,00,6C,00,20,00,46,00,65,00,65,00,64,00,20,00,69,00,6E,00,20,00,54,00,72,00,61,00,79,00,20,00,31,00,00,00,20,00,54,00,72,00,61,00,79,00,20,00,31,00,00,00,20,00,54,00,72,00,61,00,79,00,20,00,32,00,00,00,20,00,45,00,6E,00,76,00,65,00,6C,00,6F,00,70,00,65,00,20,00,46,00,65,00,65,00,64,00,65,00,72,00,00,00,55,00,6E,00,73,00,70,00,65,00,63,00,69,00,66,00,69,00,65,00,64,00,00,00,50,00,6C,00,61,00,69,00,6E,00,00,00,50,00,72,00,65,00,70,00,72,00,69,00,6E,00,74,00,65,00,64,00,00,00,4C,00,65,00,74,00,74,00,65,00,72,00,68,00,65,00,61,00,64,00,00,00,4D,00,6F,00,6E,00,6F,00,63,00,68,00,72,00,6F,00,6D,00,65,00,20,00,4C,00,61,00,73,00,65,00,72,00,20,00,54,00,72,00,61,00,6E,00,73,00,70,00,00,00,50,00,72,00,65,00,70,00,75,00,6E,00,63,00,68,00,65,00,64,00,00,00,4C,00,61,00,62,00,65,00,6C,00,73,00,00,00,42,00,6F,00,6E,00,64,00,00,00,52,00,65,00,63,00,79,00,63,00,6C,00,65,00,64,00,00,00,43,00,6F,00,6C,00,6F,00,72,00,65,00,64,00,00,00,4C,00,69,00,67,00,68,00,74,00,20,00,36,00,30,00,2D,00,37,00,34,00,67,00,00,00,43,00,61,00,72,00,64,00,73,00,74,00,6F,00,63,00,6B,00,20,00,31,00,37,00,36,00,2D,00,32,00,32,00,30,00,67,00,00,00,52,00,6F,00,75,00,67,00,68,00,00,00,48,00,50,00,20,00,45,00,63,00,6F,00,53,00,4D,00,41,00,52,00,54,00,20,00,4C,00,69,00,74,00,65,00,00,00,52,00,65,00,74,00,61,00,69,00,6C,00,20,00,53,00,68,00,65,00,6C,00,66,00,20,00,45,00,64,00,67,00,65,00,20,00,4C,00,61,00,62,00,65,00,6C,00,00,00,45,00,6E,00,76,00,65,00,6C,00,6F,00,70,00,65,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1EA1613833271DD4F9B087368A178752\] "68AB67CA3301FFFF7706000000000060"="C:\\Programs\\Adobe\\Acrobat 11.0\\Acrobat\\Browser\\WCChromeExtn\\WCChromeExtn.crx" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1EA1613833271DD4F9B087368A178752\68AB67CA3301FFFF7706000000000060\] "File"="wcchromeextn.crx" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1FC30C985A00E31439F18CED70F7C4D2\] "DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\CadetBlue\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1FC30C985A00E31439F18CED70F7C4D2\] "1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\CadetBlue\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3067F926ED9912F4391E40C69F477209\] "DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\Lime\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3067F926ED9912F4391E40C69F477209\] "1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\Lime\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\33B533CFD632FF7428FB3891655FA451\] "DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\Yellow\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\33B533CFD632FF7428FB3891655FA451\] "1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\Yellow\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\343D50647180F14459BFC76A6122977B\] "DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\Orange\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\343D50647180F14459BFC76A6122977B\] "1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\Orange\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37DD4111200875F4B8756F5ABD40035E\] "AB9798B344027E11BAF100C092297F90"="C:\\PROGRAMS\\FOXIT SOFTWARE\\Foxit PhantomPDF\\plugins\\Creator\\ChromeAddin\\com.foxit.chromeaddin-win.json" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CCE4EA4F9F732646AD2A1AA3B087648\] "DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\Coral\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CCE4EA4F9F732646AD2A1AA3B087648\] "1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\Coral\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\52A21DC39D4797E4E972C8D885C9B231\] "DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\LtGreen\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\52A21DC39D4797E4E972C8D885C9B231\] "1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\LtGreen\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\578936055B216AE4DAFA7DC3EA79B34D\] "AB9798B344027E11BAF100C092297F90"="02:\\SOFTWARE\\Google\\Chrome\\Extensions\\cifnddnffldieaamihfkhkdgnbhfmaci\\version" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5AFCC90E834E09C45A8DFAB7E2FF5193\] "DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\Turquoise\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5AFCC90E834E09C45A8DFAB7E2FF5193\] "1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\Turquoise\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61251F5CF4248F4489B1B7E0C5220BC4\] "DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\Green\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61251F5CF4248F4489B1B7E0C5220BC4\] "1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\Green\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\645A167E628A75642BA766D2E84567A8\] "DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\Violet\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\645A167E628A75642BA766D2E84567A8\] "1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\Violet\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7A39D73AC12816D47B7EBD74A5067E96\] "68AB67CA3301FFFF7706000000000060"="C:\\Programs\\Adobe\\Acrobat 11.0\\Acrobat\\Browser\\WCFirefoxExtn\\chrome\\WCFirefoxExtn.jar" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F4B94CEDBF699E5C90BC62EAD98988B\] "3E6B44056D19765469E3842D283A1A78"="C:\\Program Files\\HP\\HP Officejet Pro 8620\\Bin\\HPGoogleChromeLauncher.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8934E9945CB43D94C9EC887EC3C55EA9\] "DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\Blue\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8934E9945CB43D94C9EC887EC3C55EA9\] "1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\Blue\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C7377BE780A4884B870276E2535E0D2\] "AB9798B344027E11BAF100C092297F90"="C:\\PROGRAMS\\FOXIT SOFTWARE\\Foxit PhantomPDF\\plugins\\Creator\\ChromeAddin\\ChromeAddin.crx" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ADF62504436AD264FA2F306EA479E133\] "DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\Fuschia\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ADF62504436AD264FA2F306EA479E133\] "1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\Fuschia\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA5E0F0678B149145A46218F4B8D793F\] "DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\DarkGray\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA5E0F0678B149145A46218F4B8D793F\] "1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\DarkGray\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC014E78EBBAA174094E0E7324C9590D\] "68AB67CA3301FFFF7706000000000060"="C:\\Programs\\Adobe\\Acrobat 11.0\\Acrobat\\Browser\\WCChromeExtn\\WCChromeNativeMessagingHost.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC014E78EBBAA174094E0E7324C9590D\68AB67CA3301FFFF7706000000000060\] "File"="wcchromenativemessaginghost." [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D640AB7A350A0A2458874CE283D9E054\] "DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\Purple\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D640AB7A350A0A2458874CE283D9E054\] "1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\Purple\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED6E53275F6B9934F87DF1325224B8AD\] "DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\BlueSteel\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED6E53275F6B9934F87DF1325224B8AD\] "1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\BlueSteel\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC4E4D879034D34A9E3F22C9A93B8EF\] "DA4014246CEBD144DA9E6F66F2EE4AAB"="C:\\Programs\\Intuit\\QuickBooks 2014\\Components\\Skin\\nirvana\\Chrome\\Red\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC4E4D879034D34A9E3F22C9A93B8EF\] "1F10E25BE43D18345B0982FD3F0C6B74"="C:\\Programs\\QuickBooks 2017\\Components\\Skin\\nirvana\\Chrome\\Red\\frameBottom.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTPEnh\OSD\TouchPad\AppProfiles\Google Chrome\] "AppExe"="chrome.exe" "AppFriendlyName"="Google Chrome" [HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTPEnh\PlugInConfig\TouchPad\AppProfiles\Google Chrome\] [HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTPEnh\PlugInConfig\TouchPad\AppProfiles\Google Chrome\\3FingerGestures] "ConfigID7KeyMacroV001"="ConfigID7KeyMacroBin" "ConfigID3KeyMacroV001"="ConfigID3KeyMacroBin" "ConfigID7KeyMacroBin"=hex(3):01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,09,04,09,04,00,00,00,00,09,04,00,00,00,00,00,00,01,00,00,00,00,00,00,00,12,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,01,00,38,20,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,25,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,01,00,4B,21,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,25,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,4B,E1,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,12,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,38,C0,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "ConfigID3KeyMacroBin"=hex(3):01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,09,04,09,04,00,00,00,00,09,04,00,00,00,00,00,00,01,00,00,00,00,00,00,00,12,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,01,00,38,20,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,27,00,00,00,02,00,00,00,00,00,00,00,00,00,00,00,01,00,4D,21,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,27,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,4D,E1,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,12,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,38,C0,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTPEnh\WindowsDatabase\Chrome_RenderWidgetHostHWND\] [HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTPEnh\WindowsDatabase\Chrome_RenderWidgetHostHWND\\Win8] "iFlags"=dword:20081002 [HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTP\Defaults\AppProfiles\Google Chrome\] [HKEY_LOCAL_MACHINE\SOFTWARE\Synaptics\SynTP\Defaults\AppProfiles\Google Chrome\\3FingerGestures] "ActionID1"=dword:0000001C "ActionID3"=dword:0000001C "ActionID5"=dword:0000001C "ActionID7"=dword:0000001C [HKEY_USERS\.DEFAULT\Software\Google\Chrome\] [HKEY_USERS\.DEFAULT\Software\Google\Chrome\\TriggeredReset] "ToolName"="Microsoft Windows Malicious Software Removal Tool - May 2017 " "Timestamp"=hex(B):A6,DB,8B,BC,67,D7,D2,01 [HKEY_USERS\S-1-5-19\Software\Google\Chrome\] [HKEY_USERS\S-1-5-19\Software\Google\Chrome\\TriggeredReset] "ToolName"="Microsoft Windows Malicious Software Removal Tool - May 2017 " "Timestamp"=hex(B):20,40,5C,BC,67,D7,D2,01 [HKEY_USERS\S-1-5-20\Software\Google\Chrome\] [HKEY_USERS\S-1-5-20\Software\Google\Chrome\\TriggeredReset] "ToolName"="Microsoft Windows Malicious Software Removal Tool - May 2017 " "Timestamp"=hex(B):20,40,5C,BC,67,D7,D2,01 [HKEY_USERS\S-1-5-21-33363916-3624155930-1669969999-1003\Software\Google\Chrome\] [HKEY_USERS\S-1-5-21-33363916-3624155930-1669969999-1003\Software\Google\Chrome\\TriggeredReset] "ToolName"="Microsoft Windows Malicious Software Removal Tool - May 2017 " "Timestamp"=hex(B):85,B7,84,BC,67,D7,D2,01 [HKEY_USERS\S-1-5-21-33363916-3624155930-1669969999-1003\Software\TeamViewer\] "Buddy_QuickPresExclusions"=hex(7):4E,00,65,00,76,00,65,00,72,00,77,00,69,00,6E,00,74,00,65,00,72,00,2E,00,65,00,78,00,65,00,00,00,63,00,68,00,72,00,6F,00,6D,00,65,00,2E,00,65,00,78,00,65,00,00,00,64,00,65,00,76,00,65,00,6E,00,76,00,2E,00,65,00,78,00,65,00,00,00,65,00,76,00,6F,00,6C,00,75,00,74,00,69,00,6F,00,6E,00,2E,00,65,00,78,00,65,00,00,00,6D,00,65,00,64,00,69,00,61,00,6D,00,6F,00,6E,00,6B,00,65,00,79,00,2E,00,65,00,78,00,65,00,00,00,6D,00,73,00,6E,00,6D,00,73,00,67,00,72,00,2E,00,65,00,78,00,65,00,00,00,6F,00,70,00,65,00,72,00,61,00,2E,00,65,00,78,00,65,00,00,00,70,00,73,00,72,00,2E,00,65,00,78,00,65,00,00,00,73,00,75,00,70,00,65,00,72,00,2E,00,65,00,78,00,65,00,00,00,76,00,73,00,77,00,69,00,6E,00,65,00,78,00,70,00,72,00,65,00,73,00,73,00,2E,00,65,00,78,00,65,00,00,00,76,00,77,00,64,00,65,00,78,00,70,00,72,00,65,00,73,00,73,00,2E,00,65,00,78,00,65,00,00,00,77,00,64,00,65,00,78,00,70,00,72,00,65,00,73,00,73,00,2E,00,65,00,78,00,65,00,00,00,77,00,6C,00,6D,00,61,00,69,00,6C,00,2E,00,65,00,78,00,65,00,00,00,77,00,6C,00,78,00,70,00,68,00,6F,00,74,00,6F,00,67,00,61,00,6C,00,6C,00,65,00,72,00,79,00,2E,00,65,00,78,00,65,00,00,00,00,00 [HKEY_USERS\S-1-5-21-33363916-3624155930-1669969999-1004\Software\Google\Chrome\] [HKEY_USERS\S-1-5-21-33363916-3624155930-1669969999-1004\Software\Google\Chrome\\TriggeredReset] "ToolName"="Microsoft Windows Malicious Software Removal Tool - May 2017 " "Timestamp"=hex(B):E3,0D,74,BC,67,D7,D2,01 [HKEY_USERS\S-1-5-21-33363916-3624155930-1669969999-500\Software\Google\Chrome\] [HKEY_USERS\S-1-5-21-33363916-3624155930-1669969999-500\Software\Google\Chrome\\TriggeredReset] "ToolName"="Microsoft Windows Malicious Software Removal Tool - May 2017 " "Timestamp"=hex(B):A2,C5,65,BC,67,D7,D2,01 [HKEY_USERS\S-1-5-21-33363916-3624155930-1669969999-500\Software\TeamViewer\] "Buddy_QuickPresExclusions"=hex(7):4E,00,65,00,76,00,65,00,72,00,77,00,69,00,6E,00,74,00,65,00,72,00,2E,00,65,00,78,00,65,00,00,00,62,00,63,00,73,00,79,00,73,00,33,00,32,00,2E,00,65,00,78,00,65,00,00,00,63,00,61,00,64,00,76,00,61,00,6E,00,63,00,65,00,2E,00,65,00,78,00,65,00,00,00,63,00,68,00,72,00,6F,00,6D,00,65,00,2E,00,65,00,78,00,65,00,00,00,64,00,65,00,76,00,65,00,6E,00,76,00,2E,00,65,00,78,00,65,00,00,00,65,00,63,00,6C,00,69,00,70,00,73,00,65,00,2E,00,65,00,78,00,65,00,00,00,65,00,76,00,6F,00,6C,00,75,00,74,00,69,00,6F,00,6E,00,2E,00,65,00,78,00,65,00,00,00,6D,00,65,00,64,00,69,00,61,00,6D,00,6F,00,6E,00,6B,00,65,00,79,00,2E,00,65,00,78,00,65,00,00,00,6D,00,73,00,6E,00,6D,00,73,00,67,00,72,00,2E,00,65,00,78,00,65,00,00,00,6F,00,65,00,6D,00,2E,00,65,00,78,00,65,00,00,00,6F,00,70,00,65,00,72,00,61,00,2E,00,65,00,78,00,65,00,00,00,70,00,73,00,72,00,2E,00,65,00,78,00,65,00,00,00,73,00,75,00,70,00,65,00,72,00,2E,00,65,00,78,00,65,00,00,00,74,00,65,00,61,00,6D,00,76,00,69,00,65,00,77,00,65,00,72,00,2E,00,65,00,78,00,65,00,00,00,76,00,73,00,77,00,69,00,6E,00,65,00,78,00,70,00,72,00,65,00,73,00,73,00,2E,00,65,00,78,00,65,00,00,00,76,00,77,00,64,00,65,00,78,00,70,00,72,00,65,00,73,00,73,00,2E,00,65,00,78,00,65,00,00,00,77,00,64,00,65,00,78,00,70,00,72,00,65,00,73,00,73,00,2E,00,65,00,78,00,65,00,00,00,77,00,6C,00,6D,00,61,00,69,00,6C,00,2E,00,65,00,78,00,65,00,00,00,77,00,6C,00,78,00,70,00,68,00,6F,00,74,00,6F,00,67,00,61,00,6C,00,6C,00,65,00,72,00,79,00,2E,00,65,00,78,00,65,00,00,00,00,00 [HKEY_USERS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Software\Google\Chrome\] [HKEY_USERS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Software\Google\Chrome\\TriggeredReset] "ToolName"="Microsoft Windows Malicious Software Removal Tool - May 2017 " "Timestamp"=hex(B):20,40,5C,BC,67,D7,D2,01
  8. A few days ago I tried uninstalling Google Chrome when you asked it I had installed the developers edition. I have looked to find it. I don't see it in Programs and Features to uninstall. I have done a search for chrome.*, Google.*. I have have run the chrome_cleanup_tool.exe and found nothing. Please let me know where it is so I can remove it. I don't see a Fixlog.txt any place on my PC. I have run FRST with the scan option. Attached are the logs. Thank you, Docfxit FRST.txt Addition.txt
  9. I do have a lot of programs installed. I do support a lot of people. I did not rename FRST.exe I did configure socks=127.0.0.1 port 1080. I'm not using it right now. I use when I go to a public hotspot to SSH into my work desktop. The work desktop re-routs me out to the internet securely. I did not opt for Google Chrome Developer build. I don't like Chrome and I don't want it on this PC. Where did you find it? I have Uninstalled: Absolute Uninstaller 5.3.1.21 Glary Undelete 5.0.1.19 Glary Utilities 5.78 I have followed your instructions for Step #2 Log attached. I have followed your instructions for Step #3 Log attached. I have followed your instructions for Step #4 Log attached. Thank you very much for helping me clean this computer. Docfxit FRST.txt AdwCleaner[C0].txt log.txt
  10. I have finished running Malwarebytes Anti-Rootkit Thank you, Docfxit mbar-log-2017-08-20 (08-57-23).txt system-log.txt
  11. Thank you for working on this for me. After extracting the files and before running the program I received this window: I will think I should press Yes. Docfxit
  12. When I try to start Malwarebytes I get this error: http:// I have tried uninstalling Malwarebytes. Re-Installing Malwarebytes. I have tried running the clean program after uninstalling. I have tried rebooting. I have downloaded the latest version of Farbar and run the scan. Please let me know what I should do to get Malwarebytes running. Thank you, Docfxit Addition.txt FRST.txt
  13. I am getting PUP notifications that show up every time I run Malwarebytes even though I select them and remove them. What can I do to remove them permanently? Thank you, Docfxit mbam-log-2017-01-13 (16-06-20).7z
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.