Infection keeps popping up when using Adware Cleaner. Scanned many times but could not fix. Do not know how to remove it.
Shows as (X64) (X86) HKEY_USERS_USERS\S-1-5-21-4288707207-2946705599-643578616-1001.
Posted 11 January 2016 - 10:41 PM
Infection keeps popping up when using Adware Cleaner. Scanned many times but could not fix. Do not know how to remove it.
Shows as (X64) (X86) HKEY_USERS_USERS\S-1-5-21-4288707207-2946705599-643578616-1001.
Posted 13 January 2016 - 11:34 AM
start CreateRestorePoint: EmptyTemp: CloseProcesses: HKU\S-1-5-21-4288707207-2946705599-643578616-1001\...\Winlogon: [Shell] C:\WINDOWS\EXPLORER.EXE [2501368 2016-01-03] (Microsoft Corporation) <==== ATTENTION ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => No File ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => No File ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => No File ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File S3 mfeaack01; \Device\mfeaack01.sys [X] EndSave the file as fixlist.txt in the same folder where the Farbar tool is running from.
Posted 13 January 2016 - 11:52 PM
The computer freezes when running the FRST to fix. I had to unplug the computer and remove the battery to shut down the computer. I did a second run to see if it would work but it froze again. I ran adware cleaner and rogue killer to see if the registry is clean but the infections are still there. What I have noticed with running adware cleaner on my laptop is that I am able to scan to check for infections but when I select to clean, the laptop freezes during the clean process and I have to unplug the cord and remove the battery to shut down the computer. This has been going on since the last week. I am not sure why the Farber Scan Tool is responding in the same way. This is what I got from the FRST run from the Fixlog.txt. Not sure if it is complete.
Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Mark (2016-01-13 23:07:10) Run:2
Running from C:\Users\Mark\Desktop
Loaded Profiles: Mark (Available Profiles: Mark)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKU\S-1-5-21-4288707207-2946705599-643578616-1001\...\Winlogon: [Shell] C:\WINDOWS\EXPLORER.EXE [2501368 2016-01-03] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => No File
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => No File
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => No File
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No
File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
S3 mfeaack01; \Device\mfeaack01.sys [X]
End
*****************
Restore point was successfully created.
Processes closed successfully.
Posted 14 January 2016 - 09:52 AM
Posted 14 January 2016 - 11:32 AM
I downloaded RogueKiller and saved to the desktop. I right-clicked and ran as administrator to start; however the Prescan did not work as this function has not worked for some time. I scanned the Processes tab and exported the results to the desktop.
RogueKiller V11.0.7.0 [Jan 11 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Mark [Administrator]
Started from : C:\Users\Mark\Desktop\RogueKiller.exe
Mode : Scan -- Date : 01/14/2016 11:23:36
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 0 ¤¤¤
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
Posted 15 January 2016 - 08:27 AM
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Out of date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Out of date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
Posted 15 January 2016 - 10:23 AM
The McAfee Antivirus was already updated when I selected update. I honestly think that this McAfee Antivirus is useless. I was unable to update Windows Defender as the McAfee is already installed and would not allow me to do so.
The pre-scan has not worked in over a month and the server I have is the Microsoft SQL Server 2005 Compact Edition (ENU). I am not connected to multiple computers or any network of computers.
I searched the pre-scan problem on Google search with the link that was provided and downloaded MBAM Check 2.3.0.0 and ran a scan. The check results are in the attachment.
As for the ClnPack.exe. I followed the link and did not find any file in bold in the quated path. Not sure if I was doing this correctly as it was confusing trying to access this information. If you think that I would need to access ClnPack.exe again I would need you assistance in doing so.
Posted 15 January 2016 - 11:05 AM
I was unable to update Windows Defender as the McAfee is already installed and would not allow me to do so.
I'm n ot familiar with this tool and cannot evalutate the report.I searched the pre-scan problem on Google search with the link that was provided and downloaded MBAM Check 2.3.0.0 and ran a scan. The check results are in the attachment.
Posted 15 January 2016 - 01:55 PM
I disabled McAfee and tried to run Windows Defender but that still did not work. I uninstalled the McAfee Antivirus restarted the computer and was able to access Windows Defender, updated and ran a scan. Downloaded the FSS Scanner and scanned. The results are below.
Farbar Service Scanner Version: 03-01-2016
Ran by Mark (administrator) on 15-01-2016 at 13:43:20
Running from "C:\Users\Mark\Desktop"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Action Center:
============
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuaueng.dll".
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
Posted 16 January 2016 - 09:14 AM
Posted 19 January 2016 - 08:29 AM
It seemed to work but after a day I ran Rogue Killer and Adware Cleaner and new infections showed up. Could not remove as it is stuck in the registry.
I did a System Restore to Factory specs, ran the cleaners again, but unfortunately the infections are still there stuck in the registry. Not sure what the next step should be.
As for the Pre-scan I have noticed that when the Rogue Killer program starts there is a dialog that says "Initialization". I take it that this is the pre-scan? It does not say Pre-Scan as it goes through it's self-test.
Posted 19 January 2016 - 10:11 AM
Posted 19 January 2016 - 10:50 AM
Here are the results of the RogueKiller and AdwCleaner logs. I also did the Junkware Removal Tool log as these infections keep repeating themselves.
RogueKiller V11.0.8.0 [Jan 19 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 8 (6.2.9200) 64 bits version
Started in : Normal mode
User : Mark [Administrator]
Started from : C:\Users\Mark\Desktop\RogueKiller.exe
Mode : Scan -- Date : 01/19/2016 10:29:06
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 10 ¤¤¤
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://toshiba13.msn.com -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://toshiba13.msn.com -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2802955340-1988312179-369960370-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://toshiba13.msn.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2802955340-1988312179-369960370-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://toshiba13.msn.com -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2802955340-1988312179-369960370-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2802955340-1988312179-369960370-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2802955340-1988312179-369960370-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2802955340-1988312179-369960370-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA THNSNJ256GCSU +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] Basic data partition | Offset (sectors): 923648 | Size: 260 MB
2 - [MAN-MOUNT] Basic data partition | Offset (sectors): 1456128 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1718272 | Size: 232289 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 477446144 | Size: 11070 MB
User = LL1 ... OK
User = LL2 ... OK
# AdwCleaner v5.030 - Logfile created 19/01/2016 at 10:33:07
# Updated 17/01/2016 by Xplode
# Database : 2016-01-17.3 [Server]
# Operating system : Windows 8 (x64)
# Username : Mark - Mark
# Running from : C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1C7R0Q7Z\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Users\Mark\Favorites\StumbleUpon
[!] Folder Not Deleted : C:\Users\Mark\Favorites\StumbleUpon
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[!] Data Not Restored : HKU\S-1-5-21-2802955340-1988312179-369960370-1001\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[!] Data Not Restored : HKU\S-1-5-21-2802955340-1988312179-369960370-1001\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1689 bytes] ##########
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8 x64
Ran by Mark (Administrator) on Tue 01/19/2016 at 10:40:12.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 4
Successfully deleted: C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1C7R0Q7Z (Folder)
Successfully deleted: C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9KAPZ5LQ (Folder)
Successfully deleted: C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AM04H76L (Folder)
Successfully deleted: C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWLI8YAR (Folder)
Registry: 0
Posted 19 January 2016 - 11:16 AM
start CloseProcesses: C:\Users\Mark\Favorites\StumbleUpon EndSave the file as fixlist.txt in the same folder where the Farbar tool is running from.
Posted 19 January 2016 - 12:55 PM
Here are the results of the SystemLook txt and the fixlog txt.
RogueKiller and Adware Cleaner did not have any infections; however, the JRT still produces the same file infections not sure how to fix this problem.
RogueKiller, Adware Cleaner and the JRT txt are located below.
SystemLook 30.07.11 by jpshortstuff
Log created at 12:09 on 19/01/2016 by Mark
Administrator - Elevation successful
========== reg ==========
[HKEY_USERS\S-1-5-21-2802955340-1988312179-369960370-1001\Software\Microsoft\Internet Explorer\Main]
"Anchor Underline"="yes"
"Cache_Update_Frequency"="Once_Per_Session"
"Display Inline Images"="yes"
"Do404Search"=01 00 00 00 (REG_BINARY)
"Local Page"="C:\windows\system32\blank.htm"
"Save_Session_History_On_Exit"="no"
"Show_FullURL"="no"
"Show_StatusBar"="yes"
"Show_ToolBar"="yes"
"Show_URLinStatusBar"="yes"
"Show_URLToolBar"="yes"
"Use_DlgBox_Colors"="yes"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"XMLHTTP"= 0x0000000001 (1)
"NoUpdateCheck"= 0x0000000001 (1)
"Disable Script Debugger"="yes"
"DisableScriptDebuggerIE"="yes"
"Enable Browser Extensions"="yes"
"Play_Background_Sounds"="yes"
"Play_Animations"="yes"
"IconCache"="stnk1ho"
"Start Page Redirect Cache"="http://www.msn.com/?ocid=iehp"
"Start Page Redirect Cache AcceptLangs"="en-US"
"IE10RunOncePerInstallCompleted"= 0x0000000001 (1)
"IE10RunOnceCompletionTime"=2d be 95 91 cf 52 d1 01 (REG_BINARY)
"ApplicationTileImmersiveActivation"= 0x0000000001 (1)
"AssociationActivationMode"= 0x0000000000 (0)
"StatusBarWeb"= 0x0000000001 (1)
"SearchControlWidth"= 0x000000012c (300)
"ForceGDIPlus"= 0x0000000000 (0)
"AlwaysShowMenus"= 0x0000000000 (0)
"ShutdownWaitForOnUnload"= 0x0000000000 (0)
"DNSPreresolution"= 0x0000000008 (8)
"SpellChecking"= 0x0000000001 (1)
"LangToolsBroker"="{5bbd58bb-993e-4c17-8af6-3af8e908fca8}"
"DisablePasswordReveal"= 0x0000000000 (0)
"Check_Associations"="yes"
"DisableRequiresActiveXPrompt"=""
"GotoIntranetSiteForSingleWordEntry"= 0x0000000000 (0)
"AutoSearch"= 0x0000000001 (1)
"SuppressScriptDebuggerDialog"= 0x0000000000 (0)
"PredictedViewExpansion"= 0x0000000064 (100)
"PredictedViewChangeThreshold"= 0x000000000a (10)
"PredictedViewChangeThresholdPaint"= 0x0000000005 (5)
"ContentLayerCacheExpansion"= 0x000000012c (300)
"RenderingLoopMaxTime"= 0x00000000fa (250)
"NscSingleExpand"= 0x0000000000 (0)
"Error Dlg Displayed On Every Error"="no"
"EnableSearchPane"= 0x0000000000 (0)
"NotifyDownloadComplete"="yes"
"AllowWindowReuse"= 0x0000000001 (1)
"Friendly http errors"="yes"
"CSS_Compat"="doctype"
"Expand Alt Text"="no"
"Display Inline Videos"= 0x0000000001 (1)
"Print_Background"="no"
"Use Stylesheets"= 0x0000000001 (1)
"SmoothScroll"= 0x0000000001 (1)
"Show image placeholders"= 0x0000000000 (0)
"Disable Diagnostics Mode"="no"
"Move System Caret"="no"
"Enable AutoImageResize"="yes"
"UseThemes"= 0x0000000001 (1)
"UseHR"= 0x0000000000 (0)
"Q300829"= 0x0000000000 (0)
"Cleanup HTCs"= 0x0000000000 (0)
"XDomainRequest"= 0x0000000001 (1)
"DOMStorage"= 0x0000000001 (1)
"EnableAlternativeCodec"="yes"
"JScriptProfileCacheEventDelay"= 0x0000001388 (5000)
"CrossfadeMinTimeoutInMS"= 0x0000007530 (30000)
"CrossfadeMaxTimeoutInMS"= 0x0000007530 (30000)
"CrossfadeCurrentTimeoutInMS"= 0x0000007530 (30000)
"IE10RunOnceLastShown"= 0x0000000000 (0)
"IE10TourNoShow"= 0x0000000000 (0)
"IE10TourShown"= 0x0000000000 (0)
"IE10RecommendedSettingsNo"= 0x0000000000 (0)
"FrameTabWindow"= 0x0000000001 (1)
"AdminTabProcs"= 0x0000000001 (1)
"SessionMerging"= 0x0000000001 (1)
"FrameMerging"= 0x0000000001 (1)
"HangRecovery"= 0x0000000001 (1)
"Isolation"="PMIL"
"IsolationImmersive"="PMEM"
"TabShutdownDelay"= 0x000000ea60 (60000)
"FrameShutdownDelay"= 0x0000000000 (0)
"Search Bar"="http://search.msn.com/spbasic.htm"
"MinIEEnabled"= 0x0000000001 (1)
"FormSuggest PW Ask"="yes"
"RefcountTracker"= 0x0000000000 (0)
"TabDragOnSingleProc"= 0x0000000000 (0)
"Window Title"="Internet Explorer provided by TOSHIBA"
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"DisableFirstRunCustomize"= 0x0000000001 (1)
"OperationalData"=01 00 00 00 00 00 00 00 (REG_QWORD)
"Window_Placement"=2c 00 00 00 00 00 00 00 01 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 58 00 00 00 58 00 00 00 ad 03 00 00 b0 02 00 00 (REG_BINARY)
"FullScreen"="no"
"CompatibilityFlags"= 0x0000000000 (0)
[HKEY_USERS\S-1-5-21-2802955340-1988312179-369960370-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl]
(No values found)
[HKEY_USERS\S-1-5-21-2802955340-1988312179-369960370-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_MODE]
"iexplore.exe"= 0x0000000008 (8)
[HKEY_USERS\S-1-5-21-2802955340-1988312179-369960370-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"iexplore.exe"= 0x0000000001 (1)
[HKEY_USERS\S-1-5-21-2802955340-1988312179-369960370-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings]
"LOCALMACHINE_CD_UNLOCK"= 0x0000000000 (0)
[HKEY_USERS\S-1-5-21-2802955340-1988312179-369960370-1001\Software\Microsoft\Internet Explorer\Main\Touch]
"FlickEducatorInfo"= 0x0000000000 (0)
"GestureZoomMinimumIncrement"= 0x0000000001 (1)
"GestureTimerInterval"= 0x000000000f (15)
[HKEY_USERS\S-1-5-21-2802955340-1988312179-369960370-1001\Software\Microsoft\Internet Explorer\Main\WindowsSearch]
"Version"="6.2.9200.16420"
"User Favorites Path"="file:///C:\Users\Mark\Favorites\"
"UpgradeTime"=26 a2 1c d7 d7 52 d1 01 (REG_BINARY)
"ConfiguredScopes"= 0x0000000005 (5)
"LastCrawl"=f1 b7 12 ae 77 52 d1 01 (REG_BINARY)
"AutoCompleteGroups"= 0x0000000005 (5)
"Disabled"= 0x0000000000 (0)
"EnabledScopes"= 0x0000000005 (5)
"Cleared"= 0x0000000001 (1)
"Cleared_TIMESTAMP"=91 6e e8 fe c5 52 d1 01 (REG_BINARY)
[]
Fix result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by Mark (2016-01-19 12:15:39) Run:1
Running from C:\Users\Mark\Desktop
Loaded Profiles: Mark (Available Profiles: Mark)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
C:\Users\Mark\Favorites\StumbleUpon
End
*****************
Processes closed successfully.
"C:\Users\Mark\Favorites\StumbleUpon" => not found.
The system needed a reboot.
RogueKiller V11.0.8.0 [Jan 19 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 8 (6.2.9200) 64 bits version
Started in : Normal mode
User : Mark [Administrator]
Started from : C:\Users\Mark\Desktop\RogueKiller.exe
Mode : Scan -- Date : 01/19/2016 12:33:30
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 0 ¤¤¤
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA THNSNJ256GCSU +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] Basic data partition | Offset (sectors): 923648 | Size: 260 MB
2 - [MAN-MOUNT] Basic data partition | Offset (sectors): 1456128 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1718272 | Size: 232289 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 477446144 | Size: 11070 MB
User = LL1 ... OK
User = LL2 ... OK
# AdwCleaner v5.030 - Logfile created 19/01/2016 at 12:36:21
# Updated 17/01/2016 by Xplode
# Database : 2016-01-17.3 [Server]
# Operating system : Windows 8 (x64)
# Username : Mark - MARK
# Running from : C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1C7R0Q7Z\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLL ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [619 bytes] ##########
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8 x64
Ran by Mark (Administrator) on Tue 01/19/2016 at 12:16:42.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 4
Successfully deleted: C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1C7R0Q7Z (Folder)
Successfully deleted: C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9KAPZ5LQ (Folder)
Successfully deleted: C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AM04H76L (Folder)
Successfully deleted: C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWLI8YAR (Folder)
Registry: 0
0 members, 0 guests, 0 anonymous users