Kevin Zoll

Thread Closed Reason: Receiving help via the HelpDesk PM either Kevin, Elise, or Arthur to have this thread reopened.

Thread Closed Reason: Lack of Response PM either Kevin, Elise, or Arthur to have this thread reopened. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.

The user is being helped via the HelpDesk. Topic Closed.

Now to remove most of the tools that we have used in fixing your machine: Download Delfix from here and save it to your desktop. Ensure Remove disinfection tools is checked. Also place a checkmark next to: Create registry backup Purge system restore Click the Run button. When the tool is finished, a log will open in notepad. I do not need the log. You can close Notepad. Empty the Recycle Bin You can delete and uninstall any programs I had you download, that you do not wish to keep on the system. To Remove EEK simple delete the EEK for in the of your System Drive, normally C:\EEK Run Windows Update and update your Windows Operating System. Articles to Read: How to Protect Your Computer From Malware How to keep you and your Windows PC happy Web, email, chat, password and kids safety How Did I Get Infected? That should take care of everything. Safe Surfing!

Your FRST logs look fine. How are things running?

I am not seeing any malware in your log. I am seeing stuff that is broken and will fix that with the below fix. Please run FRST again. Next, select and copy the following text, including the words Start:: and End::. Switch back to the FRST program window, and click the Fix button. It should read the fix directly from the clipboard and run the fix. When it is finished, please attach the fixlog.txt file it created in the same folder the FRST program is in. Start:: CustomCLSID: HKU\S-1-5-21-3187339599-2525356095-2133817256-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Paul\AppData\Local\Microsoft\OneDrive\17.3.7076.1026_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-3187339599-2525356095-2133817256-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Paul\AppData\Local\Microsoft\OneDrive\17.3.7076.1026_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-3187339599-2525356095-2133817256-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Paul\AppData\Local\Microsoft\OneDrive\17.3.7076.1026_1\amd64\FileSyncShell64.dll => No File ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File Task: {14BA854D-0BFA-4703-996B-514FACD3A7DD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {2DA634EA-514C-4412-B36C-44F7CC60CF49} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {34F29320-35C6-41E4-8674-C1D737DB6595} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {35CBF258-9D04-4C75-84C0-23DB03D1C092} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {47AF4612-CB82-4B0F-B929-B74C5A403E06} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {50BC907B-6AF6-481A-9CB8-3996CE76D73B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {547901D9-3670-47F6-BDAA-8F011C2CEE72} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {8D8CADD8-6DC6-4B06-8EBD-11C9E3BBCBAD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {905BFF27-1C27-4608-B3B7-E38025B2D640} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {A357E649-4B42-44AA-B90C-0B7392C4D5DB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {B9E344BA-320D-4C92-8E19-52F46B07AAB5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {D90D29FF-0211-48AD-B49A-307933F2F214} - \WPD\SqmUpload_S-1-5-21-3187339599-2525356095-2133817256-1001 -> No File <==== ATTENTION Task: {F8144AAC-1BB2-4B98-98F6-A3959334DBDA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION End::

Download and run FRST again. If Emsisoft tries to quarantine it, cancel the action and allow FRST to run.

The presence of this line in your FRST log tells me that the copy of Windows 7 running on this computer is not properly licensed and activated. S3 [email protected]; C:\Windows\[email protected] [26112 2016-06-08] () [File not signed] Until this copy of Windows is properly licensed and activated you will not receive any assistance.

Thread Closed Reason: Lack of Response PM either Kevin, Elise, or Arthur to have this thread reopened. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.

Your logs are not showing much in the way of malware. There are a few things that should be addressed though. Please run FRST again. Next, select and copy the following text, including the words Start:: and End::. Switch back to the FRST program window, and click the Fix button. It should read the fix directly from the clipboard and run the fix. When it is finished, please attach the fixlog.txt file it created in the same folder the FRST program is in. Start:: AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hoo~1.dll => No File AppInit_DLLs-x32: c:\progra~1\agnitum\outpos~1\wl_hook.dll => No File GroupPolicy: Restriction ? <==== ATTENTION BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll => No File BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll => No File FF HKU\S-1-5-21-1086499768-1002506749-3283279360-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found 2018-08-11 10:41 - 2018-08-11 10:41 - 000001024 _____ C:\Windows\SysWOW64\%TMP% End::

Thread Closed Reason: Resolved The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.

Unless you are having problems, it is time to do the final steps. Now to remove most of the tools that we have used in fixing your machine: Download Delfix from here and save it to your desktop. Ensure Remove disinfection tools is checked. Also place a checkmark next to: Create registry backup Purge system restore Click the Run button. When the tool is finished, a log will open in notepad. I do not need the log. You can close Notepad. Empty the Recycle Bin You can delete and uninstall any programs I had you download, that you do not wish to keep on the system. To Remove EEK simple delete the EEK for in the of your System Drive, normally C:\EEK Run Windows Update and update your Windows Operating System. Articles to Read: How to Protect Your Computer From Malware How to keep you and your Windows PC happy Web, email, chat, password and kids safety How Did I Get Infected? That should take care of everything. Safe Surfing!

They are unwanted modifications. Most of the time they are not malicious. Usually, they result in some rather annoying behavior. How are things running?

Thread Closed Reason: Resolved The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.

Hello, Yes, it is safe to remove those files and folders.