cpctech

CLOSED I think we may have gotten everything but wanted to be sure.

Recommended Posts

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO-x32: No Name -> {DCC39ACE-709B-44EA-B062-5F6BE2774644} -> No File
FF Plugin HKU\S-1-5-21-2767729402-2400587653-1126618633-1001: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll [No File]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
Task: {F8634D62-E919-401B-910E-774FF44A357E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
AlternateDataStreams: C:\1940 United States Federal Census - Lawrence William Lathrop(1).jpg:com.dropbox.attributes [424]
AlternateDataStreams: C:\ProgramData\TEMP:036B81D9 [167]
AlternateDataStreams: C:\ProgramData\TEMP:0492851D [380]
AlternateDataStreams: C:\ProgramData\TEMP:05670151 [137]
AlternateDataStreams: C:\ProgramData\TEMP:12F3508C [112]
AlternateDataStreams: C:\ProgramData\TEMP:18FE55C1 [286]
AlternateDataStreams: C:\ProgramData\TEMP:1A14B3AF [234]
AlternateDataStreams: C:\ProgramData\TEMP:1D476AA6 [498]
AlternateDataStreams: C:\ProgramData\TEMP:24C072FF [426]
AlternateDataStreams: C:\ProgramData\TEMP:24FECE50 [105]
AlternateDataStreams: C:\ProgramData\TEMP:260575F1 [400]
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9 [237]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:2DAD076E [392]
AlternateDataStreams: C:\ProgramData\TEMP:31C9BA96 [229]
AlternateDataStreams: C:\ProgramData\TEMP:39CB2031 [177]
AlternateDataStreams: C:\ProgramData\TEMP:3A0C7C36 [132]
AlternateDataStreams: C:\ProgramData\TEMP:413177C4 [239]
AlternateDataStreams: C:\ProgramData\TEMP:49E5C2C5 [426]
AlternateDataStreams: C:\ProgramData\TEMP:4C71A42B [252]
AlternateDataStreams: C:\ProgramData\TEMP:50E2DC97 [308]
AlternateDataStreams: C:\ProgramData\TEMP:566B9179 [129]
AlternateDataStreams: C:\ProgramData\TEMP:5A0DD071 [394]
AlternateDataStreams: C:\ProgramData\TEMP:5BF440AD [145]
AlternateDataStreams: C:\ProgramData\TEMP:5C934C5D [244]
AlternateDataStreams: C:\ProgramData\TEMP:5F423DFF [248]
AlternateDataStreams: C:\ProgramData\TEMP:63931674 [237]
AlternateDataStreams: C:\ProgramData\TEMP:65FE83E4 [128]
AlternateDataStreams: C:\ProgramData\TEMP:6E03926D [169]
AlternateDataStreams: C:\ProgramData\TEMP:70E897B5 [466]
AlternateDataStreams: C:\ProgramData\TEMP:726BAC68 [178]
AlternateDataStreams: C:\ProgramData\TEMP:73502E2B [143]
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3 [168]
AlternateDataStreams: C:\ProgramData\TEMP:7AE124EF [137]
AlternateDataStreams: C:\ProgramData\TEMP:7B212553 [128]
AlternateDataStreams: C:\ProgramData\TEMP:7C76EAF6 [191]
AlternateDataStreams: C:\ProgramData\TEMP:7DC5D762 [448]
AlternateDataStreams: C:\ProgramData\TEMP:90CCECEC [177]
AlternateDataStreams: C:\ProgramData\TEMP:9195103F [458]
AlternateDataStreams: C:\ProgramData\TEMP:91D94DDC [245]
AlternateDataStreams: C:\ProgramData\TEMP:99A29126 [408]
AlternateDataStreams: C:\ProgramData\TEMP:9C435C94 [251]
AlternateDataStreams: C:\ProgramData\TEMP:9D0A16E4 [184]
AlternateDataStreams: C:\ProgramData\TEMP:A3B8F70C [456]
AlternateDataStreams: C:\ProgramData\TEMP:A441D13F [466]
AlternateDataStreams: C:\ProgramData\TEMP:A4CDE823 [492]
AlternateDataStreams: C:\ProgramData\TEMP:AE0B1F48 [177]
AlternateDataStreams: C:\ProgramData\TEMP:B17A4A83 [168]
AlternateDataStreams: C:\ProgramData\TEMP:B8791731 [233]
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6 [402]
AlternateDataStreams: C:\ProgramData\TEMP:C6F9F83E [259]
AlternateDataStreams: C:\ProgramData\TEMP:C7A2F0B9 [118]
AlternateDataStreams: C:\ProgramData\TEMP:CAE2C3A5 [432]
AlternateDataStreams: C:\ProgramData\TEMP:D8A1AC56 [482]
AlternateDataStreams: C:\ProgramData\TEMP:E32966C0 [400]
AlternateDataStreams: C:\ProgramData\TEMP:E80802C7 [434]
AlternateDataStreams: C:\ProgramData\TEMP:F072AFAF [416]
AlternateDataStreams: C:\ProgramData\TEMP:F41F8101 [442]
AlternateDataStreams: C:\ProgramData\TEMP:FAFEC4B9 [484]
AlternateDataStreams: C:\Users\Birdie\Documents\2016-02-09 Khoday v. Symantec Corp (Bert).pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Birdie\Documents\2016-02-09 Khoday v. Symantec Corp (Wil).pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Birdie\Documents\baby bib..docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Birdie\Documents\from Vicki.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Birdie\Documents\Genealogy.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Birdie\Documents\In case of emergency.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Birdie\Documents\Irwin Drug account audit.xlsx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Birdie\Documents\Payment Confirmation-Avista 2016-03-16.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Birdie\Documents\Prayer.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Birdie\Documents\Rheumatoid Arthritis Health Center.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Birdie\Documents\This yellow spice has more to it than a delicious flavor, etc. quilting.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Birdie\Documents\TrueCrypt User Guide.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Birdie\Documents\Woodland Cenetery.jpg:com.dropbox.attributes [426]

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites

I am not sure what is causing it, but something keeps writing a file named Program (no ext) to the root of C:\  It seems as though something is still trying to infect this machine.  I'll run new EEK and FRST again and post in a little while. (probably tomorrow)

Share this post


Link to post
Share on other sites

So I had this problem show up on another computer I am working on.

I looked at the file C😕(that is supposed to be C and : and \) Program with notepad and found it to be a Emsisoft Log file.

 

Share this post


Link to post
Share on other sites

That's interesting.  Emsisoft does not save logs to the root of the system drive or at least it should not.  What date was the log created?

Share this post


Link to post
Share on other sites

On both the machines on the day that I ran emsisoft. When I get to the office where one of the machines are I'll attach the log.  I will have to remote into the machine that this thread is about. I'll get it's log as well and I will title them accordingly.

Edited by cpctech
More information provided w/o starting a new reply.

Share this post


Link to post
Share on other sites

Both of those are Emsisoft Commandline Scanner logs.  The only way they could have been saved to the Root folder of the system drive was for the scanner to be told to save them there.

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either Kevin, Elise, or Arthur to have this thread reopened.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.