Hi, both attached..
Attached Files
-
Fixlog.txt 636bytes
157 downloads
-
Search.txt 2.92MB
214 downloads
Annoying Services Reference
Started by
Ste
, Jan 29 2021 05:36 AM
#16
Posted 02 February 2021 - 05:44 AM
Ste
- Topic Starter
-
- Member
-
- 240 posts
Member
#17
Posted 02 February 2021 - 06:52 AM
Gary R
-
- Malware Removal
-
- 445 posts
Trusted Helper
OK, the Malwarebytes folder has now been removed, so lets see how we get on with AVG now ....
- Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
- Press Ctrl+y (Ctrl and y keys at the same time)
- A blank randomly named .txt Notepad file will open.
- Copy and paste the following into it ....
C:\Windows\System32\avgBoot.exe
C:\Windows\System32\drivers\avgArDisk.sys
C:\Windows\System32\drivers\avgArPot.sys
C:\Windows\System32\drivers\avgbidsdriver.sys
C:\Windows\System32\drivers\avgbidsh.sys
C:\Windows\System32\drivers\avgbuniv.sys
C:\Windows\System32\drivers\avgElam.sys
C:\Windows\System32\drivers\avgKbd.sys
C:\Windows\System32\drivers\avgMonFlt.sys
C:\Windows\System32\drivers\avgNetHub.sys
C:\Windows\System32\drivers\avgRdr2.sys
C:\Windows\System32\drivers\avgRvrt.sys
C:\Windows\System32\drivers\avgSnx.sys
C:\Windows\System32\drivers\avgSP.sys
C:\Windows\System32\drivers\avgStm.sys
C:\Windows\System32\drivers\avgVmm.sys
C:\Windows\ELAMBKUP\avgElam.sys
C:\ProgramData\AVG
C:\Windows\System32\Tasks\AVG
C:\Users\Steve\AppData\Roaming\AVG
C:\Program Files\Common Files\AVG
EmptyTemp:
[-HKEY_LOCAL_MACHINE\SOFTWARE\AVG]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\00avg]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVG]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvgPersistentStorage]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472083B1-C522-11CF-8763-00608CC02F24}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AvgCPULoadFactor]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\AVGSvc.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\AVGUI.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50363F55-289C-4BB1-825A-38B108C1F3E9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVG]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVG Antivirus]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgArDisk]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgArPot]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgbdisk]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgbIDSAgent]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgbidsdriver]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgbidsh]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgbuniv]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgElam]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgKbd]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgMonFlt]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgNetHub]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgRdr]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgRvrt]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgSnx]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgSP]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgStm]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgVmm]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgWscReporter]
[-HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\AVG]
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}|DllName
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{18A975F9-A60C-37D8-E30B-4BEF31AD3411}|DISPLAYNAME
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{18A975F9-A60C-37D8-E30B-4BEF31AD3411}|PRODUCTEXE
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{18A975F9-A60C-37D8-E30B-4BEF31AD3411}REPORTINGEXE
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AVGUI.exe
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AVGUI.exe
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{472083B1-C522-11CF-8763-00608CC02F24}
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\WicaAvPathsExpiredTemp|1
- Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
- Now press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
- Please post me the log
#18
Posted 02 February 2021 - 10:24 AM
Ste
- Topic Starter
-
- Member
-
- 240 posts
Member
Hi, not had much luck with the AVG cleanup. I followed the instructions and the fixlog file was produced with the message that a restart was necessary. On trying a reboot I got a blue screen and after several tries I had received the following messages: ‘Your pc ran into a problem..stop code inaccessible boot device’
‘Error code 9xc000000e’
A required device isn’t connected or cannot be accessed
‘Error code 0xc0000001’
‘Inaccessible boot device’
The boot configuration data file doesn’t contain valid information for an operating system
File:/boot/bcd error code: 0xc 0000098
The different messages didn’t come in that order but appeared as I tried to use the Windows 10 pen drive in an attempt to repair the boot process with command prompt. This usually works after using FixMbr and Fixboot but I had no luck with that.
Fortunately I have a fairly recent clone of the drive and so that is what I am using now. Of course it will have the Malwarebytes and AVG files on it.
My intention is to clone this drive back to the faulty on but I thought I would see what your feedback was before doing that. I can access the original drive when connected to the PC internally or externally but it just won’t boot.
Not sure what happened.
#19
Posted 02 February 2021 - 04:35 PM
Gary R
-
- Malware Removal
-
- 445 posts
Trusted Helper
Nothing we have removed should have caused this error.
Sounds like either a problem with your hard drive, or with your BCD (boot configuration data)
Try the first 3 options in the following article and see if it resolves the problem .... https://www.minitool...indows-10?-2544....
#20
Posted 02 February 2021 - 08:11 PM
Johinssent
-
- Member
-
- 3 posts
New Member
It can be turned off, otherwise it is too annoying.
#21
Posted 02 February 2021 - 11:54 PM
Gary R
-
- Malware Removal
-
- 445 posts
Trusted Helper
Please don't add inane comments, that do nothing to progress this topic.
If you have something useful to say, then give details, otherwise don't bother posting.
#22
Posted 03 February 2021 - 05:14 AM
Ste
- Topic Starter
-
- Member
-
- 240 posts
Member
Hi, yes it wouldn’t surprise me if it is due to the boot configuration.
Though this seems to be going off subject, some months back I had to replace my mainboard and processor with identical parts. Of course, ‘identical’ is the key word here as the new parts may not have been, though they had the same names; both were second hand.
Though the system has been stable, when I clone the SSD to another SSD I have to use the admin commands I mentioned on the new clone, i.e. bootrec /FixMbr and bootrec /Fixboot, before the OS is recognised, then it is fine. I mention this as I have recently done a clean install of Win10 on another PC I have. After cloning the OS on that PC the cloned drive works without the need for amending the boot record.
Regarding solutions 1-3, the SSD’s I am using are both new, upgraded from smaller SSD’s, but I must mention ‘cloned’ from one of the smaller drives. I am suspicious now that there has been an issue since then but I am puzzled as to why it has become relevant after the procedure with FRST program.
As for solution no.2, I tried and it didn’t work, nor did solution no.3.
At the moment I am back to square one in that I am using the cloned drive which is working fine but still of course shows the original Malware and AVG remnants each time I check the register with CCleaner.
Before attempting anything else I will feel safer re-cloning this drive to the one that has become faulty as I would then still have a fall-back.
If you think there is another option before I do that I am willing to try, but to me it seems like it may be flogging a dead horse and I thought it may be easier, if you are not bored with this by now, to work on a working system. However, I will leave the cloning until you get back to me. Thanks.
#23
Posted 03 February 2021 - 05:47 AM
Gary R
-
- Malware Removal
-
- 445 posts
Trusted Helper
If your cloned drive is now allowing you to boot, then yes I'd say go ahead and re-clone it before we do anything else.
Removing Malwarebytes and AVG a second time is not exactly going to be a chore, since we've already got the information and the scripts to remove them.
When we do get round to doing that, I propose we do them one at a time again. First Malwarebytes, and then AVG. I want to look a little closer at the AVG script before we run it again, to make sure I haven't made any scripting errors, or included anything that I shouldn't have.
Since it was only when we ran the AVG script that we encountered problems, I'm inclined to take a slightly different approach when it comes time to remove it, but we'll get to that when the time comes.
#24
Posted 03 February 2021 - 09:19 AM
Ste
- Topic Starter
-
- Member
-
- 240 posts
Member
OK, I'm now on the re-cloned drive so I have a backup. Do you want me to refer to the earlier posts for instructions or will you be modifying them?
#25
Posted 03 February 2021 - 09:47 AM
Gary R
-
- Malware Removal
-
- 445 posts
Trusted Helper
I've modified the Malwarebytes script to remove the folder that wasn't removed the first time I scripted it, so it should now remove everything in one go.
So .....
- Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
- Press Ctrl+y (Ctrl and y keys at the same time)
- A blank randomly named .txt Notepad file will open.
- Copy and paste the contents of the box below into it ....
C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0E2822AB-0447-4F28-AF4C-FFDB1E8595AE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{226C1698-A075-4315-BB5D-9C164A96ACE7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2446F405-83F0-460F-B837-F04540BB330C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{49F6AC60-2104-42C6-8F71-B3916D5AA732}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59DBD1B8-A7BD-4322-998F-41B0D2516FA0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{74630AE8-C170-4A8F-A90A-F42D63EFE1E8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{783B187E-360F-419C-B6DA-592892764A01}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A23C190D-C714-42C7-BDBB-F4E1DE65AF27}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C731375E-3199-4C88-8326-9F81D3224DAD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F5BCAC7E-75E7-4971-B3F3-B197A510F495}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FFB94DF8-FC15-411C-B443-E937085E2AC1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\mbam.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\MBAMService.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\mbamtray.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Malwarebytes' Anti-Malware]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MBAMService]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MbamElam]
[-HKEY_USERS\.DEFAULT\Software\Malwarebytes]
[-HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Office\14.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-19\Software\Malwarebytes]
[-HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Office\14.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-20\Software\Malwarebytes]
[-HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Office\14.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Policies\Microsoft\Office\14.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:]
[-HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Malwarebytes Anti-Malware]
[-HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Malwarebytes Anti-Malware]
DeleteValue:HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7c61d98a_0|
DeleteValue:HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8d0525ca_0]|
DeleteValue:HKEY_USERS\S-1-5-21-1097580972-3163717967-1959395198-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\dcaa8608_0]|
DeleteValue:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\0462E881|AppFullPath
- Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
- Now press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
- Please post me the log
#26
Posted 03 February 2021 - 11:53 AM
Ste
- Topic Starter
-
- Member
-
- 240 posts
Member
Hi, file attached..
#28
Posted 03 February 2021 - 04:08 PM
Gary R
-
- Malware Removal
-
- 445 posts
Trusted Helper
Seems some of the Registry entries couldn't be removed, which would tend to suggest that there may be active files present in this clone that are protecting them, and which were not present on the original drive. So we need to do a search to see what and where they are.
- Double click Frst64.exe to launch it.
- FRST will start to run.
- When the tool opens click Yes to the disclaimer.
- Copy/Paste or Type the following line into the Search: box.
SearchAll:Malwarebytes;Mbam
- Press the Search Files button.
- When finished searching a log will open on your Desktop ... Search.txt
- Please post it in your next reply.
#30
Posted 04 February 2021 - 05:25 AM
Gary R
-
- Malware Removal
-
- 445 posts
Trusted Helper
OK, lets give Malwarebytes another try ....
- Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
- Press Ctrl+y (Ctrl and y keys at the same time)
- A blank randomly named .txt Notepad file will open.
- Copy and paste the following into it ....
CloseProcesses:
C:\Windows\System32\drivers\MbamChameleon.sys
C:\Windows\System32\drivers\MbamElam.sys
C:\Windows\System32\drivers\mbamswissarmy.sys
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\mbamchameleon.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MbamElam.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MBAMSwissArmy.cat
C:\Windows\ELAMBKUP\MbamElam.sys
C:\Users\Steve\AppData\Local\mbamtray
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0E2822AB-0447-4F28-AF4C-FFDB1E8595AE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{226C1698-A075-4315-BB5D-9C164A96ACE7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2446F405-83F0-460F-B837-F04540BB330C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{49F6AC60-2104-42C6-8F71-B3916D5AA732}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59DBD1B8-A7BD-4322-998F-41B0D2516FA0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{74630AE8-C170-4A8F-A90A-F42D63EFE1E8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{783B187E-360F-419C-B6DA-592892764A01}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A23C190D-C714-42C7-BDBB-F4E1DE65AF27}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C731375E-3199-4C88-8326-9F81D3224DAD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F5BCAC7E-75E7-4971-B3F3-B197A510F495}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FFB94DF8-FC15-411C-B443-E937085E2AC1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MBAMService]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMChameleon]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MbamElam]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\MBAMService.exe]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MBAMService]
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|mbam.exe
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|mbamtray.exe
DeleteValue:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WARN_ON_SEC_CERT_REV_FAILED|mbam.exe
- Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
- Now press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
- Please post me the log
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
