Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Annoying Services Reference

- - - - -

  • Please log in to reply

#1
Ste

Ste

    Member

  • Member
  • PipPipPip
  • 227 posts

Hi, this is probably an easy one for somebody. I’ve attached an image of a registry scan using the free CCleaner. I have noticed that each time I do the scan references to Malwarebytes show up yet it was uninstalled some time ago.

 

I have tried to remove this reference to Malwarebytes from ‘Services’ but there is no option to do so: "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"

Though it does not seem harmful in any way it is annoying. Can someone tell me how to get rid of it? Thanks.

 

Attached Thumbnails

  • Malwarebytes.jpg

  • 0

Advertisements


#2
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 404 posts

Not sure whether this tool still fully removes current versions of Malwarebytes or not, but may be worth a try .... https://forums.malwa...emoval-process/

 

If not, get back to me, and we'll see if we can remove any remnants manually.


  • 0

#3
Ste

Ste

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 227 posts

Hi, thanks for your response. I tried but it hasn't made any difference. If I click on properties of the 'Malwarbytes Services' I find it to be on 'Auto'. If I click on disable it says 'Access is denied'.


  • 0

#4
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 404 posts

OK, let's see what remnants of Malwarebytes are on your machine using FRST, and then we'll see if we can remove them using it.

 

 

  • If you have a 32 bit system Download FRST to your Desktop.
  • If you have a 64 bit system Download FRST64 to your Desktop.
  • If you don't know whether your system is 32 bit or 64 bit, download both. Only one will run on your machine. That's the one to use.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Copy/Paste or Type the following line into the Search: box.

SearchAll:Malwarebytes;mbamservice.exe

  • Press the Search Files button. The search may take quite some time to complete (usually about 20-30 mins on my machine) as it looks for any files, folders and registry entries with the search criteria given.
  • When finished searching a log will open on your Desktop ... Search.txt
  • Please post it in your next reply.

  • 0

#5
Ste

Ste

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 227 posts

Hi, thanks again, file attached.

Attached Files

  • Attached File  FRST.txt   64.14KB   35 downloads

  • 0

#6
Ste

Ste

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 227 posts

And this...


  • 0

#7
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 404 posts

Looks like you hit the Scan button rather than the File Search button, because the log you've posted is a FRST.txt log, and what I need to see is the Search.txt log that my previous instructions would have produced.

 

It's easily done if you're not paying total attention, I know because I've done it myself.

 

So please try again, and post me the Search.txt log.


  • 0

#8
Ste

Ste

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 227 posts

Hi, I did get two files and thought I had uploaded both. Looks like I didn't, is this the right one? (Attached).

Attached Files


  • 0

#9
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 404 posts

No, that's the Addition.txt that would have been generated along with the Frst.txt when you hit the Scan button instead of the Search Files button.

 

Please just run the Search again that I asked you to run in post #4 ... http://www.geekstogo...e/#entry2656308... and this time pay particular attention to what I've actually written.

 

If you do things correctly, FRST will produce a log titled Search.txt and that's the one I want to see. Anything named differently is not going to be of any use.


  • 0

#10
Ste

Ste

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 227 posts

Hi, yes, I had clicked scan instead of search, my fault. I presume this is the one you want though it was just named 'search' on the desktop? (attached).

Attached Files


  • 0

Advertisements


#11
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 404 posts

OK, now let's see if Frst can remove your Malwarebytes orphans.
 

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the contents of the box below into it  ....
C:\ProgramData\Malwarebytes' Anti-Malware
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0E2822AB-0447-4F28-AF4C-FFDB1E8595AE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0E2822AB-0447-4F28-AF4C-FFDB1E8595AE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{226C1698-A075-4315-BB5D-9C164A96ACE7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2446F405-83F0-460F-B837-F04540BB330C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{49F6AC60-2104-42C6-8F71-B3916D5AA732}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59DBD1B8-A7BD-4322-998F-41B0D2516FA0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{74630AE8-C170-4A8F-A90A-F42D63EFE1E8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{783B187E-360F-419C-B6DA-592892764A01}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A23C190D-C714-42C7-BDBB-F4E1DE65AF27}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C731375E-3199-4C88-8326-9F81D3224DAD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F5BCAC7E-75E7-4971-B3F3-B197A510F495}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FFB94DF8-FC15-411C-B443-E937085E2AC1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\mbam.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\MBAMService.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\mbamtray.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Malwarebytes' Anti-Malware]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MBAMService]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MbamElam]
[-HKEY_USERS\.DEFAULT\Software\Malwarebytes]
[-HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Office\14.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-19\Software\Malwarebytes]
[-HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Office\14.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-20\Software\Malwarebytes]
[-HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Office\14.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Policies\Microsoft\Office\14.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Malwarebytes Anti-Malware]
[-HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Malwarebytes Anti-Malware]
DeleteValue:HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7c61d98a_0|
DeleteValue:HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8d0525ca_0]|
DeleteValue:HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\dcaa8608_0]|
DeleteValue:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\0462E881|AppFullPath
  • Press Ctrl+s to save fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system


  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log


 

 


  • 0

#12
Ste

Ste

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 227 posts

Hi, file attached. As the file seemed to be empty I ran CCleaner and the Malewarbytes leftovers have gone; great. Now I have noticed some AVG references. I don't want to keep you on this one but can you tell me the search criteria for such files i.e. -   SearchAll:Malwarebytes;mbamservice.exe   Should I simply replace 'Malwarebytes; by 'AVG' as I see there are about 3 files in 'services' ?

 

Even though they were uninstalled these remnants are from programs I inadvertently downloaded with other programs and it would be good to know for the future.

Attached Files


  • 0

#13
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 404 posts

Doesn't look like you have created a fixlist, because if you had it would have shown in the fixlog, followed by a list of how successfully each item in the list had been processed. An empty log like the one you've posted is usually because no fixlist was saved and therefore FRST had nothing to process.

 

Please run the fix again paying close attention to each instruction, and then post me the new fixlog.txt created.

 

If we get another empty fixlog, then I'll give you a different set of instructions to follow.

 

We'll take care of your AVG entries once I'm sure that the Malwarebytes entries have been successfully removed, because as things stand I'm not confident that they have been.


  • 0

#14
Ste

Ste

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 227 posts
  •   Hi, this time it seems to include the information. File attached.

Attached Files


  • 0

#15
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 404 posts

Well the Registry entries all appear to have been removed successfully, however there's a question over whether the folder I scripted for removal was prsent or not, so I'd like to try again with that.

So ....

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it  ....
C:\ProgramData\Malwarebytes' Anti-Malware (portable)
C:\ProgramData\Malwarebytes*
  • Press Ctrl+s to save fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

At this point we might as well see what AVG orphans FRST can find as well ..... so .....

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Copy/Paste or Type the following line into the Search: box.
SearchAll:avg
  • Press the Search Files button.
  • When finished searching a log will open on your Desktop ... Search.txt
  • Please post that in your next reply as well as the new fixlog.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP