Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Annoying Services Reference

- - - - -

  • Please log in to reply

#16
Ste

Ste

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts

Hi, both attached..

Attached Files


  • 0

Advertisements


#17
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 437 posts

OK, the Malwarebytes folder has now been removed, so lets see how we get on with AVG now ....
 

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it  ....
C:\Windows\System32\avgBoot.exe
C:\Windows\System32\drivers\avgArDisk.sys
C:\Windows\System32\drivers\avgArPot.sys
C:\Windows\System32\drivers\avgbidsdriver.sys
C:\Windows\System32\drivers\avgbidsh.sys
C:\Windows\System32\drivers\avgbuniv.sys
C:\Windows\System32\drivers\avgElam.sys
C:\Windows\System32\drivers\avgKbd.sys
C:\Windows\System32\drivers\avgMonFlt.sys
C:\Windows\System32\drivers\avgNetHub.sys
C:\Windows\System32\drivers\avgRdr2.sys
C:\Windows\System32\drivers\avgRvrt.sys
C:\Windows\System32\drivers\avgSnx.sys
C:\Windows\System32\drivers\avgSP.sys
C:\Windows\System32\drivers\avgStm.sys
C:\Windows\System32\drivers\avgVmm.sys
C:\Windows\ELAMBKUP\avgElam.sys
C:\ProgramData\AVG
C:\Windows\System32\Tasks\AVG
C:\Users\Steve\AppData\Roaming\AVG
C:\Program Files\Common Files\AVG
EmptyTemp:
[-HKEY_LOCAL_MACHINE\SOFTWARE\AVG]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\00avg]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVG]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvgPersistentStorage]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472083B1-C522-11CF-8763-00608CC02F24}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AvgCPULoadFactor]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\AVGSvc.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\AVGUI.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50363F55-289C-4BB1-825A-38B108C1F3E9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVG]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVG Antivirus]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgArDisk]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgArPot]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgbdisk]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgbIDSAgent]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgbidsdriver]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgbidsh]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgbuniv]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgElam]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgKbd]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgMonFlt]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgNetHub]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgRdr]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgRvrt]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgSnx]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgSP]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgStm]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgVmm]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgWscReporter]
[-HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\AVG]
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}|DllName
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{18A975F9-A60C-37D8-E30B-4BEF31AD3411}|DISPLAYNAME
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{18A975F9-A60C-37D8-E30B-4BEF31AD3411}|PRODUCTEXE
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{18A975F9-A60C-37D8-E30B-4BEF31AD3411}REPORTINGEXE
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AVGUI.exe
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AVGUI.exe
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{472083B1-C522-11CF-8763-00608CC02F24}
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\WicaAvPathsExpiredTemp|1
  • Press Ctrl+s to save fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system


  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log


 

 


  • 0

#18
Ste

Ste

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts

Hi, not had much luck with the AVG cleanup. I followed the instructions and the fixlog file was produced with the message that a restart was necessary. On trying a reboot I got a blue screen and after several tries I had received the following messages: ‘Your pc ran into a problem..stop code inaccessible boot device’

‘Error code  9xc000000e’

A required device isn’t connected or cannot be accessed

‘Error code 0xc0000001’

‘Inaccessible boot device’

The boot configuration data file doesn’t contain valid information for an operating system

File:/boot/bcd error code: 0xc 0000098

The different messages didn’t come in that order but appeared as I tried to use the Windows 10 pen drive in an attempt to repair the boot process with command prompt. This usually works after using FixMbr and Fixboot but I had no luck with that.

Fortunately I have a fairly recent clone of the drive and so that is what I am using now. Of course it will have the Malwarebytes and AVG files on it.

My intention is to clone this drive back to the faulty on but I thought I would see what your feedback was before doing that. I can access the original drive when connected to the PC internally or externally but it just won’t boot.

Not sure what happened.


  • 0

#19
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 437 posts

Nothing we have removed should have caused this error.

 

Sounds like either a problem with your hard drive, or with your BCD (boot configuration data)

 

Try the first 3 options in the following article and see if it resolves the problem .... https://www.minitool...indows-10?-2544....

 


  • 0

#20
Johinssent

Johinssent

    New Member

  • Member
  • Pip
  • 3 posts
It can be turned off, otherwise it is too annoying.

  • 0

#21
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 437 posts

Please don't add inane comments, that do nothing to progress this topic.

 

If you have something useful to say, then give details, otherwise don't bother posting.


  • 0

#22
Ste

Ste

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts

Hi, yes it wouldn’t surprise me if it is due to the boot configuration.

Though this seems to be going off subject, some months back I had to replace my mainboard and processor with identical parts. Of course, ‘identical’ is the key word here as the new parts may not have been, though they had the same names; both were second hand.

Though the system has been stable, when I clone the SSD to another SSD I have to use the admin commands I mentioned on the new clone, i.e. bootrec /FixMbr and bootrec /Fixboot, before the OS is recognised, then it is fine. I mention this as I have recently done a clean install of Win10 on another PC I have. After cloning the OS on that PC the cloned drive works without the need for amending the boot record.

 

Regarding solutions 1-3, the SSD’s I am using are both new, upgraded from smaller SSD’s, but I must mention ‘cloned’ from one of the smaller drives. I am suspicious now that there has been an issue since then but I am puzzled as to why it has become relevant after the procedure with FRST program.

 

As for solution no.2, I tried and it didn’t work, nor did solution no.3.

 

At the moment I am back to square one in that I am using the cloned drive which is working fine but still of course shows the original Malware and AVG remnants each time I check the register with CCleaner.

 

Before attempting anything else I will feel safer re-cloning this drive to the one that has become faulty as I would then still have a fall-back.

If you think there is another option before I do that I am willing to try, but to me it seems like it may be flogging a dead horse and I thought it may be easier, if you are not bored with this by now, to work on a working system. However, I will leave the cloning until you get back to me. Thanks.


  • 0

#23
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 437 posts

If your cloned drive is now allowing you to boot, then yes I'd say go ahead and re-clone it before we do anything else.

 

Removing Malwarebytes and AVG a second time is not exactly going to be a chore, since we've already got the information and the scripts to remove them.

 

When we do get round to doing that, I propose we do them one at a time again. First Malwarebytes, and then AVG.  I want to look a little closer at the AVG script before we run it again, to make sure I haven't made any scripting errors, or included anything that I shouldn't have.

 

Since it was only when we ran the AVG script that we encountered problems, I'm inclined to take a slightly different approach when it comes time to remove it, but we'll get to that when the time comes.


  • 0

#24
Ste

Ste

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts

OK, I'm now on the re-cloned drive so I have a backup. Do you want me to refer to the earlier posts for instructions or will you be modifying them?


  • 0

#25
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 437 posts

I've modified the Malwarebytes script to remove the folder that wasn't removed the first time I scripted it, so it should now remove everything in one go.
 
So .....

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the contents of the box below into it  ....
C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0E2822AB-0447-4F28-AF4C-FFDB1E8595AE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{226C1698-A075-4315-BB5D-9C164A96ACE7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2446F405-83F0-460F-B837-F04540BB330C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{49F6AC60-2104-42C6-8F71-B3916D5AA732}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59DBD1B8-A7BD-4322-998F-41B0D2516FA0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{74630AE8-C170-4A8F-A90A-F42D63EFE1E8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{783B187E-360F-419C-B6DA-592892764A01}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A23C190D-C714-42C7-BDBB-F4E1DE65AF27}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C731375E-3199-4C88-8326-9F81D3224DAD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F5BCAC7E-75E7-4971-B3F3-B197A510F495}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FFB94DF8-FC15-411C-B443-E937085E2AC1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\mbam.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\MBAMService.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\mbamtray.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Malwarebytes' Anti-Malware]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MBAMService]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MbamElam]
[-HKEY_USERS\.DEFAULT\Software\Malwarebytes]
[-HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Office\14.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-19\Software\Malwarebytes]
[-HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Office\14.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-20\Software\Malwarebytes]
[-HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Office\14.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Policies\Microsoft\Office\14.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Malwarebytes Anti-Malware]
[-HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Malwarebytes Anti-Malware]
DeleteValue:HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7c61d98a_0|
DeleteValue:HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8d0525ca_0]|
DeleteValue:HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\dcaa8608_0]|
DeleteValue:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\0462E881|AppFullPath
  • Press Ctrl+s to save fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

  • 0

Advertisements


#26
Ste

Ste

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts

Hi, file attached..


  • 0

#27
Ste

Ste

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts

...or was it..

Attached Files


  • 0

#28
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 437 posts

Seems some of the Registry entries couldn't be removed, which would tend to suggest that there may be active files present in this clone that are protecting them, and which were not present on the original drive. So we need to do a search to see what and where they are.

 

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Copy/Paste or Type the following line into the Search: box.

SearchAll:Malwarebytes;Mbam

  • Press the Search Files button.
  • When finished searching a log will open on your Desktop ... Search.txt
  • Please post it in your next reply.




 
  • 0

#29
Ste

Ste

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts

Hi, file attached..

Attached Files


  • 0

#30
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 437 posts

OK, lets give Malwarebytes another try ....
 

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it ....
CloseProcesses:
C:\Windows\System32\drivers\MbamChameleon.sys
C:\Windows\System32\drivers\MbamElam.sys
C:\Windows\System32\drivers\mbamswissarmy.sys
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\mbamchameleon.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MbamElam.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MBAMSwissArmy.cat
C:\Windows\ELAMBKUP\MbamElam.sys
C:\Users\Steve\AppData\Local\mbamtray
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0E2822AB-0447-4F28-AF4C-FFDB1E8595AE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{226C1698-A075-4315-BB5D-9C164A96ACE7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2446F405-83F0-460F-B837-F04540BB330C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{49F6AC60-2104-42C6-8F71-B3916D5AA732}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59DBD1B8-A7BD-4322-998F-41B0D2516FA0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{74630AE8-C170-4A8F-A90A-F42D63EFE1E8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{783B187E-360F-419C-B6DA-592892764A01}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A23C190D-C714-42C7-BDBB-F4E1DE65AF27}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C731375E-3199-4C88-8326-9F81D3224DAD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F5BCAC7E-75E7-4971-B3F3-B197A510F495}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FFB94DF8-FC15-411C-B443-E937085E2AC1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MBAMService]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMChameleon]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MbamElam]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\MBAMService.exe]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MBAMService]
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|mbam.exe
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|mbamtray.exe
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WARN_ON_SEC_CERT_REV_FAILED|mbam.exe
  • Press Ctrl+s to save fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system


  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log


 

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP