Purrington Posted July 8, 2015 Author ID:975035 Share Posted July 8, 2015 I would like to see how my laptop runs for two or three days to confirm all is well. I do wonder why FRST does not work properly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 7.3.7 (07.08.2015:2)OS: Windows 7 Home Premium x64Ran by Lewis on Wed 07/08/2015 at 13:44:53.04~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks Successfully deleted: [Task] C:\windows\system32\tasks\PCDEventLauncher ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Chrome [C:\Users\Lewis\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Lewis\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Lewis\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Lewis\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:[] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 07/08/2015 at 13:50:18.50End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
kevinf80 Posted July 8, 2015 ID:975057 Share Posted July 8, 2015 Yes do run your system to prove its status one way or the other. Regarding FRST, the last fix we did had no entries that would have affected the internect connection with there removal.I`ve used FRST thousands of times and never had this issue before, it is not an auto fix tool per se, it only removes what entries are compiled in its fix list.... Post back whenever you`re ready and we`ll take it from there... Thank you, Kevin... Link to post Share on other sites More sharing options...
Purrington Posted July 11, 2015 Author ID:975498 Share Posted July 11, 2015 So far all is working well with the exception of a recurring problem with a Registry Key: Key Deleted : HKCU\Software\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh I have removed it with ADWCleaner a few times but it continues to resurface. ~Lewis AdwCleanerS22.txt Link to post Share on other sites More sharing options...
kevinf80 Posted July 11, 2015 ID:975560 Share Posted July 11, 2015 Thanks for the update, if that reg key is the only issue lets go for a clean install of Chrome. As follows please: If your Chrome Bookmarks are important do this first:Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....Continue for a clean install:Remove all synced data from Chrome go here: http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/ follow those instructions...Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!Install Google Chrome from here: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.htmlInstall Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb install any other extensions that you use.... Next, Download "Delfix by Xplode" and save it to your desktop.Or use the following if first link is down:"Delfix link mirror"Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administratorMake Sure the following items are checked: Remove disinfection tools Purge System Restore <--- this will remove all previous restore points and create a fresh point relative to system status at present. Reset system settingsNow click on "Run" and wait patiently until the tool has completed.The tool will create a log when it has completed. We don't need you to post this.Any remnant files/logs from tools we have used can be deleted… Let me know if any remaining issues or concerns, if all is now good can we close out... Cheers, Kevin... Link to post Share on other sites More sharing options...
kevinf80 Posted July 12, 2015 ID:975620 Share Posted July 12, 2015 I will be offline from 10pm GMT tonight until approx 8pm 17th July...... post back if possible before I go offline and give an update, if done we can close out, if not i`ll need to ask one of the helpers to take over..... Cheers, Kevin.... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 13, 2015 Root Admin ID:975783 Share Posted July 13, 2015 Please follow Kevin's directions and I'll take over for Kevin in his absence Thanks Link to post Share on other sites More sharing options...
Purrington Posted July 13, 2015 Author ID:975837 Share Posted July 13, 2015 I have followed Kevin's instructions as given above. Thank you Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 14, 2015 Root Admin ID:976108 Share Posted July 14, 2015 So how are things working now? Are there still any issues ? Link to post Share on other sites More sharing options...
Purrington Posted July 16, 2015 Author ID:976691 Share Posted July 16, 2015 Except for the pesky recurring infection which ADWCleaner keeps catching, cleaning and returning all seems well. I would appreciate guidance on how to repair the apparent glitch in FRST which causes my laptop to lose its internet connection each time I reboot after running FRST "Fix." Thank you Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 16, 2015 Root Admin ID:976885 Share Posted July 16, 2015 It is more than likely being restored due to your Google Chrome online Sync. You need to disable your Sync and delete all sync data. Export your bookmarks if needed and then delete the Sync data as shown below. Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.Internet ExplorerHow to reset Internet Explorer settingsFirefoxClick on Help / Troubleshooting Information then click on the Reset Firefox button.ChromeStart by disabling SyncHow To Delete Your Google Chrome Browser Sync DataChrome - Reset browser settingsIf that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean. Link to post Share on other sites More sharing options...
Purrington Posted July 17, 2015 Author ID:976905 Share Posted July 17, 2015 1. I reset Internet Explorer Settings2. When I go to delete Chrome Browser Sync Data the icon where it says "reset Sync" nothing happens when I click on the icon which is a grey color. See images attached.3. I reset my Chrome Browser Settings. Thank you Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 17, 2015 Root Admin ID:977073 Share Posted July 17, 2015 Please download Security Check by screen317 from HERE or HERE.Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. If you get Unsupported operating system. Aborting now, just reboot and try again. A Notepad document should open automatically called checkup.txt. Please Post the contents of that document. Do Not Attach It!!! Link to post Share on other sites More sharing options...
Purrington Posted July 17, 2015 Author ID:977135 Share Posted July 17, 2015 Results of screen317's Security Check version 1.005 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 5.0 Secunia PSI (3.0.0.9016) Java 8 Update 45 Adobe Reader XI Google Chrome (43.0.2357.132) Google Chrome (43.0.2357.134) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe AVAST Software Avast ng vbox\AvastVBoxSVC.exe AVAST Software Avast ng ngservice.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 6% ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 18, 2015 Root Admin ID:977143 Share Posted July 18, 2015 That all seems okay. How are things running for you now ? Any other remaining issue? Link to post Share on other sites More sharing options...
Purrington Posted July 18, 2015 Author ID:977214 Share Posted July 18, 2015 Referencing comment $59 on this thread It appears that as of a few moments ago the pesky infection is still being detected by Adwcleaner: # AdwCleaner v4.208 - Logfile created 18/07/2015 at 06:29:01# Updated 09/07/2015 by Xplode# Database : 2015-07-15.1 [server]# Operating system : Windows 7 Home Premium Service Pack 1 (x64)# Username : Lewis - LEWIS-PC# Running from : C:\Users\Lewis\Desktop\zAdwCleaner.exe# Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17909 -\\ Google Chrome v43.0.2357.134 ************************* AdwCleaner[R0].txt - [748 bytes] - [13/07/2015 07:00:45]AdwCleaner[R10].txt - [1979 bytes] - [14/07/2015 21:43:00]AdwCleaner[R11].txt - [1692 bytes] - [14/07/2015 21:48:08]AdwCleaner[R12].txt - [1752 bytes] - [15/07/2015 05:30:38]AdwCleaner[R13].txt - [1897 bytes] - [15/07/2015 10:45:58]AdwCleaner[R14].txt - [1957 bytes] - [15/07/2015 11:34:59]AdwCleaner[R15].txt - [2018 bytes] - [15/07/2015 14:21:01]AdwCleaner[R16].txt - [2052 bytes] - [15/07/2015 22:41:50]AdwCleaner[R17].txt - [2112 bytes] - [16/07/2015 02:57:26]AdwCleaner[R18].txt - [2172 bytes] - [16/07/2015 04:45:07]AdwCleaner[R19].txt - [2232 bytes] - [16/07/2015 06:02:25]AdwCleaner[R1].txt - [889 bytes] - [13/07/2015 09:56:51]AdwCleaner[R20].txt - [2292 bytes] - [16/07/2015 09:13:34]AdwCleaner[R21].txt - [2352 bytes] - [16/07/2015 11:24:44]AdwCleaner[R22].txt - [2412 bytes] - [16/07/2015 13:46:24]AdwCleaner[R23].txt - [2472 bytes] - [16/07/2015 16:23:31]AdwCleaner[R24].txt - [2617 bytes] - [17/07/2015 06:02:49]AdwCleaner[R25].txt - [3026 bytes] - [17/07/2015 14:26:18]AdwCleaner[R26].txt - [2796 bytes] - [18/07/2015 06:27:13]AdwCleaner[R2].txt - [1005 bytes] - [13/07/2015 14:48:43]AdwCleaner[R3].txt - [1186 bytes] - [13/07/2015 18:23:41]AdwCleaner[R4].txt - [1184 bytes] - [14/07/2015 06:33:53]AdwCleaner[R5].txt - [1302 bytes] - [14/07/2015 12:13:31]AdwCleaner[R6].txt - [1362 bytes] - [14/07/2015 18:01:37]AdwCleaner[R7].txt - [1480 bytes] - [14/07/2015 19:39:33]AdwCleaner[R8].txt - [1539 bytes] - [14/07/2015 20:01:55]AdwCleaner[R9].txt - [1598 bytes] - [14/07/2015 20:10:40]AdwCleaner[s0].txt - [954 bytes] - [13/07/2015 10:03:05]AdwCleaner[s1].txt - [1255 bytes] - [13/07/2015 18:31:30]AdwCleaner[s2].txt - [1251 bytes] - [14/07/2015 06:43:45]AdwCleaner[s3].txt - [1428 bytes] - [14/07/2015 18:02:58]AdwCleaner[s4].txt - [1836 bytes] - [14/07/2015 21:45:02]AdwCleaner[s5].txt - [2083 bytes] - [15/07/2015 14:23:24]AdwCleaner[s6].txt - [2682 bytes] - [17/07/2015 06:06:18]AdwCleaner[s7].txt - [2722 bytes] - [18/07/2015 06:29:01] ########## EOF - C:\AdwCleaner\AdwCleaner[s7].txt - [2781 bytes] ########## Is there a method to test FRST to see if the bug causing my laptop to lose its internet connection when rebooting after "Fix" has been repaired? Link to post Share on other sites More sharing options...
Purrington Posted July 18, 2015 Author ID:977215 Share Posted July 18, 2015 I am sorry but i forgot to mention that for the past few days, including today, Emsisoft is detecting the following infections which may or may not be related to the pesky infection being detected by adwcleaner. Emsisoft Emergency Kit - Version 10.0Last update: 7/16/2015 8:12:29 AMUser account: Lewis-PC\Lewis Scan settings: Scan type: Malware ScanObjects: Rootkits, Memory, Traces, Files Detect PUPs: OnScan archives: OffADS Scan: OnFile extension filter: OffAdvanced caching: OnDirect disk access: Off Scan start: 7/18/2015 6:40:09 AMValue: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)Value: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)Value: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)Value: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Scanned 73000Found 4 Scan end: 7/18/2015 6:48:36 AMScan time: 0:08:27 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 21, 2015 Root Admin ID:977712 Share Posted July 21, 2015 Those are entries that it found that you should let them fix. It should not be related at all. The other original entry is certainly due to some junk extension or add-on in Google, Chrome.It should not have anything to do with your Internet connection. It might break Chrome (annoying part of using Chrome) but other browsers should not be affected. IE or Firefox should still work just fine. In my post #60 I showed you how to disable Chrome Sync and if needed you may have to fully remove Chrome and all signs of Google Chrome to clear it out completely. What I would suggest is disabling any Sync in Chrome and having it delete it if it's on. Then open Chrome and go into the options with a fine tooth comb and look for anything that does not appear to be normal standard Chrome defaults and reset or remove anything possibly bad or strange. If that does not work then we're looking at a complete wipe of all Google software on your computer which is a pain to do over a small annoying extension. Let me know how that process goes please. Link to post Share on other sites More sharing options...
Purrington Posted July 21, 2015 Author ID:977772 Share Posted July 21, 2015 1."Those are entries that it found that you should let them fix" If by this you mean I should allow ADWcleaner and Emsisoft to "Clean" and/or "Quarantine" the infections I have none so several times but the infections keep rearing their ugly heads. 2. I did attempt to comply with your instructions to disable Chrome Synch but as I tried to show in the screen shots that I attached on reply #61 it does not appear that Chrome Synch is in use to begin with so there is nothing to disable as far as I can tell. I agree that removing all Google Software may prove too time consumptive. As a computer novice I hope you will sympathize with my position insofar as when an infection is detected I do not possess the knowledge to determine if the infection is major or minor much less if it is simply a "small annoying extension." Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 21, 2015 Root Admin ID:977853 Share Posted July 21, 2015 Sorry to mix them or confuse the entries found. Speaking of the items that Emsisoft found. When you tell Emsisoft to fix it and you reboot are you saying that Emsisoft finds it again too? The other item in Chrome that AdwCleaner finds we can manually remove another way if needed. Please first answer the Emsisoft question first though. Let me have you run this again so that we can double check but it doesn't look like the computer is infected bad at this time. Please download the following scanner from Kaspersky and save it to your computer: TDSSkillerThen watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.Once the tool has completed scanning make sure to re-enable your other security applications. Link to post Share on other sites More sharing options...
Purrington Posted July 22, 2015 Author ID:978022 Share Posted July 22, 2015 I am leaving shortly to go to the hospital to have a couple of procedures done so I cannot answer or follow all of your most recent instructions at this time. Below you will find recent Emsisoft logs to answer your first question. I will complete the rest of your instructions upon my return from the hospital but depending upon test results this may not be for 3-4 days so please be patient and bear with me. 1. The Emisisoft has repeatedly found infections. Scan start: 7/18/2015 6:40:09 AMValue: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)Value: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)Value: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)Value: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Scan start: 7/15/2015 2:33:59 PMValue: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)Value: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Scan start: 7/13/2015 10:58:26 AMValue: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)Value: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Scan start: 7/12/2015 8:17:25 AMValue: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)Value: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Scan start: 7/8/2015 3:04:17 PMValue: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)Value: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Scan start: 7/6/2015 5:55:30 PMValue: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Scan start: 7/6/2015 11:44:20 AMValue: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Scan start: 7/6/2015 7:16:30 AMValue: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)Value: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)Value: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)Value: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Scan start: 7/5/2015 8:07:44 PMValue: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)Value: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Scan start: 7/4/2015 3:54:18 PMValue: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)Value: HKEY_USERS\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 22, 2015 Root Admin ID:978094 Share Posted July 22, 2015 No problem. We'll be here when you're ready. Your health is certainly more important than the computer. The log indicates that it found these entries but does not appear to show that it was ever told to remove or fix them. If not done so then please have Emsisoft fix the issues found, reboot and rescan with Emsisoft and let me know if it continues to find the same issues or not. Thank you Link to post Share on other sites More sharing options...
Purrington Posted July 24, 2015 Author ID:978518 Share Posted July 24, 2015 1. Regarding the ADWCleaner and Emsisoft infections previously found, when found I "cleaned" and "Quarantined" them as applicable but after a few days they keep reappearing. As a matter of fact they appeared again today. I have attached the respective logs for your review. I have not cleaned or quarantined today's infections yet pending your review. 2. I ran the Kapersky TDSS tool and no infections were found. The resultant log was too large to post so I have attached it instead. Thank youAdwCleanerS10.txt1tdss.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 27, 2015 Root Admin ID:979232 Share Posted July 27, 2015 Well at this point it only appears to be a Chrome issue and/or Emsisoft. I have no idea if what Emsisoft is finding is FP or not. I'll see if I can get one of their guys to take a look.But if that value comes back it has to be due to a setting or sync value in Chrome. We may have to fully remove all pieces of Chrome to remove it if disabling sync and resetting to defaults is not working. Please give the following a try. Close all browsers and programs and then run it. Please Run TFC by OldTimer to clear temporary files:Download TFC from here and save it to your desktop. http://oldtimer.geekstogo.com/TFC.exe Close any open programs and Internet browsers. Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning. Please be patient as clearing out temp files may take a while. Once it completes you may be prompted to restart your computer, please do so. Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files. Link to post Share on other sites More sharing options...
Purrington Posted July 27, 2015 Author ID:979248 Share Posted July 27, 2015 When you write: "Close all browsers and programs and then run it." could you clarify what you mean by "run it?"By "it" do you mean run Emsisoft or something else? Thank you Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 28, 2015 Root Admin ID:979474 Share Posted July 28, 2015 Sorry about that and the late reply. I mean to run TFC I spoke with support from Emsisoft and they check only that the key exists not what it's value is so more than likely you have some program that monitors certain changes and is putting it back once they remove it. The key in the Registry that AdwCleaner is finding and removing should not cause any issues with Windows and networking. It should just affect an extension in Chrome. We can manually remove it and see if that makes any difference. Link to post Share on other sites More sharing options...
Recommended Posts