rc91

Interesting Behavior...

Recommended Posts

So I'm sitting in class today when EIS pops up on my laptop with a notification of a new external storage device. I didn't plug anything in but I went ahead and opened up Windows Explorer to find drive Z:\ magically appearing in my drive list. I've ruled out every logical explanation except a possible malware infection. EIS and Hitman Pro (which I'm including as well) have both struck out and I'm out of options.

Addition.txt

FRST.txt

HitmanPro_20160817_1322.log

scan_160817-132403.txt

Share this post


Link to post
Share on other sites

Your system does not appear to be infected. There are a few issues that should be addressed.

Do the following:

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM-x32\...\Run: [] => [X]
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-12-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (No File)
GroupPolicyScripts: Restriction <======= ATTENTION
2015-10-19 10:17 - 2015-10-19 10:17 - 0007607 _____ () C:\Users\Robert\AppData\Local\Resmon.ResmonCfg
2015-09-04 22:40 - 2015-09-04 22:40 - 8044464 _____ (Absolute Software Corp.) C:\Users\Robert\AppData\Local\Setup.exe
2015-09-06 12:55 - 2016-08-17 14:37 - 0000192 _____ () C:\ProgramData\2012.par
2015-09-06 12:58 - 2015-09-06 12:58 - 0001856 __RSH () C:\ProgramData\3014.abs
2014-11-17 23:32 - 2014-11-17 23:32 - 0000003 _____ () C:\ProgramData\AbsoluteNotifier.txt
2015-09-07 22:53 - 2015-09-07 22:53 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-09-06 12:58 - 2016-08-17 15:12 - 0000472 _____ () C:\ProgramData\netsh.out
2015-11-18 00:41 - 2015-11-18 00:41 - 0000003 _____ () C:\ProgramData\Notifier.txt
2015-09-06 12:58 - 2016-08-17 14:37 - 0000231 _____ () C:\ProgramData\SmartCallConfig.xml
C:\Users\Robert\AppData\Local\Temp\ACLMInstaller.exe
C:\Users\Robert\AppData\Local\Temp\epiatxba.dll
C:\Users\Robert\AppData\Local\Temp\Fix-Hauppauge-Permissions.exe
C:\Users\Robert\AppData\Local\Temp\hcwclear.exe
Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites

Your logs give no indication as to what happened or when it occurred. Take a look at the contents of Drive z. Many OEM drives come with 3 or more partitions from the factory. It could be an OEM partition that windows is suddenly showing.

Share this post


Link to post
Share on other sites

I'm aware of the OEM partitions, they are all listed under drive D:\. There was no trace of Z:\ in either Windows Explorer or Disk Manager until Wednesday, and any attempt to access it was kicked back with a permissions error from Windows. Either way, all traces of Z:\ disappeared this morning almost as mysteriously as it appeared.

Share this post


Link to post
Share on other sites

Drive D is the Recovery Partition and is always visible to windows. Depending on the system manufacturer there are 1 or 2 hidden partitions on Device 0. This could be an intermittent bug in Windows 10, that showed the hidden partition.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.