Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Video Codec installation disabled anti-virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Video Codec installation disabled anti-virus

Unread postby madmurph » July 19th, 2015, 11:29 pm

hi again Mr. pgmigg...all instructions run without problem.
B. Contents of the log file after OTL FixScript run:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_metadata folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\zh_TW folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\zh_CN folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\vi folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\uk folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\tr folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\th folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\sv folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\sr folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\sl folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\sk folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\ru folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\ro folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\pt_PT folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\pt_BR folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\pl folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\nl folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\nb folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\lv folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\lt folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\ko folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\ja folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\it folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\id folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\hu folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\hr folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\hi folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\fr folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\fil folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\fi folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\et folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\es_419 folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\es folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\en_GB folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\en folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\el folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\de folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\da folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\cs folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\ca folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\bg folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\images folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\html folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\css folder moved successfully.
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0 folder moved successfully.
Starting removal of ActiveX control {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
C:\Windows\Downloaded Program Files\DownloadManagerV2.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ not found.
========== FILES ==========
Unable to delete ADS E:\Users\Tommy\Documents\Your MUSICMATCH Jukebox Key.eml:OECustomProperty .
ADS E:\Users\Tommy\Documents\Your New Account with ReserveUSA.eml:OECustomProperty deleted successfully.
ADS E:\Users\Tommy\Documents\Registration Confirmation.eml:OECustomProperty deleted successfully.
ADS E:\Users\Tommy\Documents\Question from eBay Member.eml:OECustomProperty deleted successfully.
ADS E:\Users\Tommy\Documents\Welcome to Roxio_com!.eml:OECustomProperty deleted successfully.
ADS E:\Users\Tommy\Documents\melia ss#.eml:OECustomProperty deleted successfully.
ADS E:\Users\Tommy\Documents\OCRegister - Kingston Mention donation.eml:OECustomProperty deleted successfully.
ADS E:\Users\Tommy\Documents\Fwd_ Fw_ What George said.eml:OECustomProperty deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tommy
->Temp folder emptied: 562267 bytes
->Temporary Internet Files folder emptied: 10998992 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Vanessa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 11.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07192015_201908

Files\Folders moved on Reboot...
C:\Users\Tommy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
...

C. Contents of the SystemLook.txt log file:
SystemLook 30.07.11 by jpshortstuff
Log created at 20:27 on 19/07/2015 by Tommy
Administrator - Elevation successful

========== filefind ==========

Searching for "*Malwarebytes*"
No files found.

Searching for "*McAfee*"
No files found.

========== folderfind ==========

Searching for "*Malwarebytes*"
No folders found.

Searching for "*McAfee*"
No folders found.

========== Regfind ==========

Searching for "Malwarebytes"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\43c7337_0]
@="{0.0.0.00000000}.{f4e1fc81-7276-471d-bc0f-2f940274e674}|\Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Users\Tommy\Desktop\mbam-setup-2.1.8.1057.exe"="Malwarebytes Anti-Malware "
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32]
@="C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32]
@="C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Malwarebytes Anti-Malware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32]
@="C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Malwarebytes Anti-Malware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe]
@="C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe]
@="C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32]
@="C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR]
@="C:\Program Files (x86)\Malwarebytes Anti-Malware"
[HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\43c7337_0]
@="{0.0.0.00000000}.{f4e1fc81-7276-471d-bc0f-2f940274e674}|\Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Users\Tommy\Desktop\mbam-setup-2.1.8.1057.exe"="Malwarebytes Anti-Malware "
[HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Users\Tommy\Desktop\mbam-setup-2.1.8.1057.exe"="Malwarebytes Anti-Malware "

Searching for "McAfee"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1776651a_0]
@="{0.0.0.00000000}.{f4e1fc81-7276-471d-bc0f-2f940274e674}|\Device\HarddiskVolume2\PROGRA~2\McAfee\MSC\mchlp32.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a1f3f401_0]
@="{0.0.0.00000000}.{f4e1fc81-7276-471d-bc0f-2f940274e674}|\Device\HarddiskVolume2\Program Files (x86)\McAfee\MSC\mchlp32.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Users\Tommy\Desktop\MCPR.exe"="McAfee ESD Package"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
@="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CB58125-ED4E-4125-B72E-BA3435AC4421}\InProcServer32]
@="c:\PROGRA~2\mcafee\SITEAD~1\x64\MCSACO~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F936876-EB3C-4C5B-810D-05E1F36CB130}\InprocServer32]
@="c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{861CEB0E-B6F3-4DA8-A7E7-DBC43D335628}\InProcServer32]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPClientAPI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DFD2991-CE6C-403C-B287-94E7F0D5BA07}\InProcServer32]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCspCorePS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F2BC96B-68C5-40E8-9CE1-368E3ACAC09B}\LocalServer32]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPService.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B62A9F7D-4F97-4740-9EEE-3554F2AD2E4B}\InprocServer32]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPClientAPI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD009C4C-EAAC-4A03-9C44-4342D4CFABA9}]
@="McAfee Host SA Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD009C4C-EAAC-4A03-9C44-4342D4CFABA9}\InprocServer32]
@="c:\PROGRA~2\mcafee\SITEAD~1\sasshmod.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\0\win32]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPService.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\HELPDIR]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\0\win64]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCspCorePS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\HELPDIR]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\0\win64]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPClientAPI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\HELPDIR]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\0\win32]
@="c:\PROGRA~2\mcafee\SITEAD~1\saui.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\HELPDIR]
@="c:\PROGRA~2\mcafee\SITEAD~1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB58125-ED4E-4125-B72E-BA3435AC4421}\InProcServer32]
@="c:\PROGRA~2\mcafee\SITEAD~1\MCSACO~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{601D72B9-326F-46CD-815E-12D5D15761BA}\LocalServer32]
@=""c:\PROGRA~2\mcafee\SITEAD~1\saui.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
@="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\0\win32]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPService.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\HELPDIR]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\0\win64]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCspCorePS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\HELPDIR]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\0\win64]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPClientAPI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\HELPDIR]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\0\win32]
@="c:\PROGRA~2\mcafee\SITEAD~1\saui.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\HELPDIR]
@="c:\PROGRA~2\mcafee\SITEAD~1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho]
"path"="C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension]
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension]
@="C:\Program Files (x86)\McAfee\SiteAdvisor\siteadvisor.mcafee.chrome.extension.json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC6F}]
"AppPath"="c:\Program Files (x86)\McAfee\SiteAdvisor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\844C97FE649617D41843300487880C45\InstallProperties]
"Contact"="McAfee"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\844C97FE649617D41843300487880C45\InstallProperties]
"InstallSource"="C:\PROGRA~2\McAfee\Temp\qxz193A\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\844C97FE649617D41843300487880C45\InstallProperties]
"Publisher"="McAfee"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF79C448-6946-4D71-8134-03407888C054}]
"Contact"="McAfee"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF79C448-6946-4D71-8134-03407888C054}]
"InstallSource"="C:\PROGRA~2\McAfee\Temp\qxz193A\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF79C448-6946-4D71-8134-03407888C054}]
"Publisher"="McAfee"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0CB58125-ED4E-4125-B72E-BA3435AC4421}\InProcServer32]
@="c:\PROGRA~2\mcafee\SITEAD~1\MCSACO~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{601D72B9-326F-46CD-815E-12D5D15761BA}\LocalServer32]
@=""c:\PROGRA~2\mcafee\SITEAD~1\saui.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
@="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\0\win32]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPService.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{84EE90FA-0275-47D5-9FF1-906FD249466D}\1.0\HELPDIR]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\0\win64]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCspCorePS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ADF6F86F-76D1-4B41-BE09-DB784211C669}\1.0\HELPDIR]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\0\win64]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPClientAPI.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B6226FA6-CC7C-4F13-95D0-BB47387B4B95}\1.0\HELPDIR]
@="C:\Program Files\Common Files\McAfee\CSP\1.3.374.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\0\win32]
@="c:\PROGRA~2\mcafee\SITEAD~1\saui.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{C7D12FC5-40EE-4288-BE78-94A8C65D0ECB}\1.0\HELPDIR]
@="c:\PROGRA~2\mcafee\SITEAD~1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFENCBDC\0000]
"DeviceDesc"="McAfee Inc. mfencbdc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFENCBDC01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFENCBDC02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFENCRK\0000]
"DeviceDesc"="McAfee Inc. mfencrk"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFERKDET\0000]
"DeviceDesc"="McAfee Inc. mferkdet"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAVFK02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFENCBDC\0000]
"DeviceDesc"="McAfee Inc. mfencbdc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFENCBDC01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFENCBDC02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFENCRK\0000]
"DeviceDesc"="McAfee Inc. mfencrk"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFERKDET\0000]
"DeviceDesc"="McAfee Inc. mferkdet"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFENCBDC\0000]
"DeviceDesc"="McAfee Inc. mfencbdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFENCBDC01\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFENCBDC02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFENCRK\0000]
"DeviceDesc"="McAfee Inc. mfencrk"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFERKDET\0000]
"DeviceDesc"="McAfee Inc. mferkdet"
[HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1776651a_0]
@="{0.0.0.00000000}.{f4e1fc81-7276-471d-bc0f-2f940274e674}|\Device\HarddiskVolume2\PROGRA~2\McAfee\MSC\mchlp32.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a1f3f401_0]
@="{0.0.0.00000000}.{f4e1fc81-7276-471d-bc0f-2f940274e674}|\Device\HarddiskVolume2\Program Files (x86)\McAfee\MSC\mchlp32.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Users\Tommy\Desktop\MCPR.exe"="McAfee ESD Package"
[HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Users\Tommy\Desktop\MCPR.exe"="McAfee ESD Package"

-= EOF =-

D. no changes noted in performance.
User avatar
madmurph
Regular Member
 
Posts: 95
Joined: March 23rd, 2005, 1:13 am
Location: SoCal
Advertisement
Register to Remove

Re: Video Codec installation disabled anti-virus

Unread postby pgmigg » July 20th, 2015, 12:13 am

Hello madmurph,

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\43c7337_0]
    @=""
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "E:\Users\Tommy\Desktop\mbam-setup-2.1.8.1057.exe"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR]
    @=""
    [HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\43c7337_0]
    @=""
    [HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "E:\Users\Tommy\Desktop\mbam-setup-2.1.8.1057.exe"=-
    [HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "E:\Users\Tommy\Desktop\mbam-setup-2.1.8.1057.exe"=-
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
Installation of MBAM and Initial Scan
  1. Please download Malwarebytes' Anti-Malware and save mbam-setup-2.1.8.1057.exe on your Desktop.
  2. Right-click on the mbam-setup-2.1.8.1057.exe and select "Run as administrator... " to begin an installation. If you receive a UAC prompt, please allow it. Then follow the prompts to install the program.
  3. At the end, Uncheck enable free trial of Malwarebytes' Anti-Malware, (You can activate this when we've finished, if you wish)
  4. Then click Finish.
  5. You'll see an alert that "Databases out of date", click the "Update Now" button.
  6. Press the Scan Settings icon on the top bar of the MBAM interface, make sure Threat Scan is checked.
  7. Press the Scan Now >> button.
  8. When the scan is finished:
  9. If clean, a message will be displayed "The scan completed successfully! No malicious items were detected!"
  10. If infections were found, click the Quarantine all button.
  11. Press the View detailed log >> link to display the results log.
  12. Press the Copy to Clipboard button.
  13. Copy and paste the scan results in your next reply and exit MBAM.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the most recent C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-2015-07-... file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3175
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Video Codec installation disabled anti-virus

Unread postby madmurph » July 20th, 2015, 2:06 am

hi again, Mr. pgmigg...your diligence is to be lauded ... all tasks completed successfully, with no problems.

B. Contents of the log file after OTL FixScript run:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\43c7337_0\\@|"" /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\E:\Users\Tommy\Desktop\mbam-setup-2.1.8.1057.exe deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\43c7337_0\\@|"" /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\E:\Users\Tommy\Desktop\mbam-setup-2.1.8.1057.exe not found.
Registry value HKEY_USERS\S-1-5-21-2496106504-3139724863-1530680669-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\E:\Users\Tommy\Desktop\mbam-setup-2.1.8.1057.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tommy
->Temp folder emptied: 12058561 bytes
->Temporary Internet Files folder emptied: 9792403 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Vanessa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 21.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07192015_223226

Files\Folders moved on Reboot...
C:\Users\Tommy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
***************************************

C. Contents of the most recent C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-2015-07-... file

<?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>


-<header>

<date>2015/07/19 22:37:51 -0700</date>

<logfile>mbam-log-2015-07-19 (22-37-50).xml</logfile>

<isadmin>yes</isadmin>

</header>


-<engine>

<version>2.1.8.1057</version>

<malware-database>v2015.07.20.01</malware-database>

<rootkit-database>v2015.07.17.01</rootkit-database>

<license>free</license>

<file-protection>disabled</file-protection>

<web-protection>disabled</web-protection>

<self-protection>disabled</self-protection>

</engine>


-<system>

<osversion>Windows 7 Service Pack 1</osversion>

<arch>x64</arch>

<username>Tommy</username>

<filesys>NTFS</filesys>

</system>


-<summary>

<type>threat</type>

<result>completed</result>

<objects>455317</objects>

<time>284</time>

<processes>0</processes>

<modules>0</modules>

<keys>0</keys>

<values>0</values>

<datas>0</datas>

<folders>0</folders>

<files>0</files>

<sectors>0</sectors>

</summary>


-<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>disabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>enabled</pup>

<pum>enabled</pum>

</options>

<items> </items>

</mbam-log>

D. status quo...other than MBAM now installed and functioning. Thanks!
User avatar
madmurph
Regular Member
 
Posts: 95
Joined: March 23rd, 2005, 1:13 am
Location: SoCal

Re: Video Codec installation disabled anti-virus

Unread postby pgmigg » July 20th, 2015, 12:18 pm

Hello madmurph,

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 0.
A couple of programs you have are out of dates:
  1. Adobe Reader XI - the newest version called Adobe Reader DC.
    Update Adobe Reader
    Your version of Adobe Reader XI is out-of-date. There are serious security issues with older versions of Adobe Reader.
    I'm not asking you to update any Adobe Acrobat installation... this can be quite costly. I am going to insist that you update your Adobe Reader software.
    Then use the Reader for viewing PDF files - you can use the Acrobat software for your other needs.

    Remove Program(s)
    1. Click on Start, then click the Start Search box on the Start Menu.
    2. Copy and paste the value below into the open text entry box:
      (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
      Code: Select all
       appwiz.cpl 
      and press Enter - the Unistall or change a program list will be opened.
    3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
      Adobe Reader XI
    4. Take extra care in answering questions posed by any Uninstaller.
    5. When the program(s) have been uninstalled, please close Control Panel.

    Download and Install Adobe Reader DC
    1. Please go to downloading page of Adobe Reader DC...Copyright © Adobe Systems Inc.
    2. Please select Windows 7 as your operating system, English as your language, and Reader DC 2015... as a version.
    3. Please UNCHECK the box for the: Free McAfee® Security Scan Plus.
      1. Click the yellow Download now button. If you don't already have Adobe DLM... you may receive a prompt.
        Adobe DLM software removal instructions available here, if wanted.
      2. The Adobe installer will check your system and begin the installation process. Use the default installation parameters.
      3. When the installation is complete, please Close and re-open your Internet browser.

    Adobe Reader DC - recommended (safety) program settings
    When the program is open, click on Edit and select Preferences. In the categories below, use these settings:
    • Javascript - Uncheck Enable Acrobat Javascript.
    • Security (Enhanced) - Uncheck Automatically trust sites from my Win OS security zones.
    • Secure Trust Manager- Uncheck Allow opening of non-PDF file attachments with external applications.
  2. Mozilla Firefox 31.0 (x86 en-US) - the newest version is 39.0
    To update it, please do the following:
    1. Open the browser.
    2. At the Menu Bar please select Help
    3. Then select About Firefox - it will update your self automatically.
    4. Allow updater to restart browser. Then you are done.

Step 1.
OTL - Run Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    
  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 3.
OTL-Cleanup
You should still have OTL on your desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.

Step 4.
Hide Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value, in the open text entry box:
    change search options for files and folders
  5. Click on the View tab, then under the "Hidden files and folders" section
    • UNSELECT "Show hidden files and folders"
    • Place check mark in check box "Hide extensions for known file types"
    • Place check mark in check box "Hide protected operating system files"
  6. Press the Apply, then the OK buttons.

Step 5.
Please download delfix and save it to your desktop.
  1. Right-click on delfix.exe and select "Run as administrator"to run it.
  2. Check the following boxes then click on Run.
    1. Activate UAC
    2. Remove disinfection tools
    3. Create registry backup
    4. Reset system settings
  3. All tools we used to clean your computer should be gone now.
  4. You can now delete any tools/logs we used if they remain on your computer.

Then:
  • Please don't forget to enable and update all your defense software!

Lets talk a little bit more about defense software.
Right now you have an effective and balanced protection, consisting of three components:
  • Avast Free - antivirus, anti-malware, home network protection (firewall), browser protection, etc.
  • Windows Defender - anti-spyware
  • MBAM - scanner and cleaner when needed
Running - more than one antivirus program is not recommended because:
  1. They can conflict with each other.
  2. Report the other antivirus software as malicious.
  3. Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
  4. Can cause your computer to run slowly, become unstable and crash.


Finally:
Please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3175
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Video Codec installation disabled anti-virus

Unread postby madmurph » July 20th, 2015, 3:46 pm

Thanks very much for your time and effort -- your expertise and dedication is greatly appreciated :thumbup: Computer is back to it's teenage self, fast and frisky :walk: Great Job!!! :wav:
User avatar
madmurph
Regular Member
 
Posts: 95
Joined: March 23rd, 2005, 1:13 am
Location: SoCal

Re: Video Codec installation disabled anti-virus

Unread postby pgmigg » July 20th, 2015, 3:49 pm

Thanks very much for your time and effort -- your expertise and dedication is greatly appreciated :thumbup: Computer is back to it's teenage self, fast and frisky :walk: Great Job!!! :wav:


You are very welcome, madmurph! :D

Stay Safe! ;)
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3175
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Video Codec installation disabled anti-virus

Unread postby NonSuch » July 20th, 2015, 5:20 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27299
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 35 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware