• Content Count

  • Joined

  • Last visited

Everything posted by cpctech

  1. At this point, the client wants their machine back. I am going to wipe and reload it. Thanks for trying.
  2. I ran FSRT64.exe from a fresh download on to a USB I am failrly certain is clean. I booted into repair on a media creation tool created windows 10 installer usb I created earlier. Here is what I got. FRST.txt
  3. Not to mention now you have me worried, as I have been using a usb stick to nike network files from that machine to my work PC to make these posts.
  4. What if I don't have a USB stick that is fresh. Should I wait until I can travel the 150 miles round trip (this friday) to staples and buy a new one? (We live out in the sticks)
  5. In trying to review your instructions I recived this on clicking the link for step 3. craftedflash.com uses an invalid security certificate. The security certificate for craftedflash.com is not trustworthy because the issuing organization failed to follow security practices. Certificates issued by Symantec, including the Thawte, GeoTrust, and RapidSSL brands, are not considered safe. Error code: MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED I find it odd that Symantec is on the "not trusted" list.
  6. Ok. Sorry it was so long to reply... I had to figure out how to run that w/o having it clean up stuff. It did detect screenconnect.exe which is the software I am using to remote control the machine so that is safe. here is the log RogueKiller_portable64.log
  7. Something is interfering with Roguekiller also. see attached screenshot
  8. Tried running FRST and it crashed in the same place (just after pushing scan) I ran Roguekiller from within Techsuite, then ran FRST, and still have the same result. I suspect I need the Rogue killer download from you next.
  9. HP EnVY TS 17 Notbook PC Has an I7 4700 processor and 16 GB ram. This machine should be running real fast. However it seems to be really slow. After running a full clean up using Techsuite (which includes EMSI soft removal tools) I was ready to give it back to the client..AFter a reboot it started running real slow again. I ran the techsuite software again and removed 17 new items. The only thing the machine had done was site idle on the internet. Attached is the EEK report. The FRST 64 bit would run until I pressed scan, then it would crash. (I verified the machine is running 64 bit windows 10 home) Thanks, scan_181029-172340.txt
  10. On both the machines on the day that I ran emsisoft. When I get to the office where one of the machines are I'll attach the log. I will have to remote into the machine that this thread is about. I'll get it's log as well and I will title them accordingly.
  11. So I had this problem show up on another computer I am working on. I looked at the file C😕(that is supposed to be C and : and \) Program with notepad and found it to be a Emsisoft Log file.
  12. I am not sure what is causing it, but something keeps writing a file named Program (no ext) to the root of C:\ It seems as though something is still trying to infect this machine. I'll run new EEK and FRST again and post in a little while. (probably tomorrow)
  13. Emsi soft and other tools have cleaned this machine up, but because there are so many things out there that could hide, I thought I would run these logs by you to see if I missed anything. This computer's accounts were hacked about the same time Facebook was recently hacked. FRST-2018-10-10-1205.txt Addition-2018-10-10-1205.txt scan_181010-115115.txt
  14. I applied the fix you sent and received an error... Please check the message I sent you and let me know if I should create the file FRST recomends. Thanks,
  15. I have access to the system again, I will go look at any private messages that were sent to see where we are. Thank you,
  16. Yes, I understand the CCleaner issue, and I remove it from every system I can convince the owners of the issue they had potentially still being an issue. It's removed on all my Doctors/medical office clients w/o question. I'll find a way to get that log to you, it may not be in the original format since it's parced by Techsuite.
  17. I receieved permission from my customer to submit the unaltered logs. (I made copies.) They are attached here. Addition.txt EEKscan_181006-123205.txt FRST.txt
  18. SInce I sort of have you on the hook right now... Let me reach out to my customer.
  19. Ok, I am closing up shop for the weekend. I will get with the customer on Monday and get approval to submit unaltered logs. Thanks and have a good weekend.
  20. SO you do not support business in general and are only end-user support? I see the files that are supplied are not clickable by me, (I was not aware of this before) My problem is when you submit a fix to run you do not put it in a format where only the intended receipient can read. thus exposing potentially confidential info to the public. Example: C:\Users\lmwhi_000\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\FileSyncShell.dll -> No File Is found in this post below. I can see the username of lmwhi_000 in the case of the above supplied files, the username is not as cryptic and thus any fix posted as in the post linked below would expose my client to the public. (effectively breaking HIPPA and/or FINRA laws.) https://support.emsisoft.com/topic/29725-genvariantstrictor-3-others-found-by-emsisoft-cant-be-removed-by-emsisoft/ Is there away I can supply you with the scans and just change username to generic? This would be the only change and if you needed to supply a fix back I could change the username back to the propper setting prior to running said fix. Thanks,