Jump to content

Unable to get Malwarebytes Premium to Open- logs included


Recommended Posts

Hi, thanks.  I did get MWB to install and run and it removed several items.

Hopefully that should take care of what you see in the logs.

If you have any suggestions or think I should generate more logs, let me know, I very much appreciated MWB and all the community here.

Link to post
Share on other sites

There are a few things that should be taken care of.

 

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 

startHKLM-x32\...\Run: [] => [X]SearchScopes: HKCU - {6B9E6D03-4C52-4B6A-BCCB-73A2B13CF0A2} URL = http://search.condui...5732945111&UM=2Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No FileToolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No FileDPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\RICKBR~1\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1C:\ProgramData\Jave226443.dllTask: {06D917FE-ECEE-4AF6-A8C5-D812511ED0F2} - \DSite No Task File <==== ATTENTIONTask: {107AE1CE-33DF-4D06-B0B7-B7CB5320AF01} - System32\Tasks\Symantec\Norton Error Analyzer 18.1.0.37 => C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\SymErr.exeTask: {B2CD58CA-99D9-46FE-B405-7D1501C84B33} - \BackgroundContainer Startup Task No Task File <==== ATTENTIONAlternateDataStreams: C:\Windows:CM_2c12f8e976ec378eabe01e93275b2d2416fee5ea74076e3303f2465410fcc1e8AlternateDataStreams: C:\Windows:CM_d74d90fd3e4fbac58881b5bb58cde7611ffa997330f1ef6bc8ca37c7be3d1fb0AlternateDataStreams: C:\ProgramData\Microsoft:2QBpA4gfzsvEHUlCdRYk5MXc3cAlternateDataStreams: C:\ProgramData\Microsoft:a4FjDhqpDpvLubXUbmBJEl5eRpAlternateDataStreams: C:\ProgramData\Microsoft:atwesDFd164xVg3P1AlternateDataStreams: C:\ProgramData\Microsoft:B2SOrMVF722H9P1fReYUHUOdfAlternateDataStreams: C:\ProgramData\Microsoft:b4SG84Qg8ubH3kjf6REPEHsZbAlternateDataStreams: C:\ProgramData\Microsoft:gc8MrjgVf6Lw8Al8CaHjMRMAlternateDataStreams: C:\ProgramData\Microsoft:jt8Lgg6JShHuLV5LyipAlternateDataStreams: C:\ProgramData\Microsoft:JZvk1Yia3tVgs9S6JE0vMEAlternateDataStreams: C:\ProgramData\Microsoft:LqlN1jjWwqRLigLZwC15NvEAlternateDataStreams: C:\ProgramData\Microsoft:MB2EnHxrXZbE3aU3RCwzRAlternateDataStreams: C:\ProgramData\Microsoft:n89ExzykEcJjIls1eqsBzdYAlternateDataStreams: C:\ProgramData\Microsoft:OpyHmrSfju3uhsgFsM6Yd8AlternateDataStreams: C:\ProgramData\Microsoft:QKU92moalyMC7oGrDmwwuAlternateDataStreams: C:\ProgramData\Microsoft:QZ2JJLKqjDiSwUQcpRuAlternateDataStreams: C:\ProgramData\Microsoft:R3IRJLlM73ulWBeb5CumqqiOAlternateDataStreams: C:\ProgramData\Microsoft:RlneNguxtyoiciKmRUY2nZsAlternateDataStreams: C:\ProgramData\Microsoft:SepiSszDayzLpWgEBEb9xTgasJOIBiAlternateDataStreams: C:\ProgramData\Microsoft:TGe8UAM78QwSnOpFD0qPAlternateDataStreams: C:\ProgramData\Microsoft:Y24mw7nr2C6FogP4XCsIsXmZ0QfhAlternateDataStreams: C:\ProgramData\Microsoft:yQNz3A3YKhj7h7gjRKAHzgOxeAlternateDataStreams: C:\Users\Rick Bruner\Cookies:2uhjDIQ9x7CJPFeSTmuQCKx0wPAlternateDataStreams: C:\Users\Rick Bruner\Cookies:8HnDqpGmzFEf0Md4ZyOJrhdAlternateDataStreams: C:\Users\Rick Bruner\Cookies:nMOmQRSFPr1Be9OnOcm53BbIAlternateDataStreams: C:\Users\Rick Bruner\Cookies:Nq7GpaYDJqrKh1kOAlternateDataStreams: C:\Users\Rick Bruner\Cookies:v06E9Dbp5OdvtGCjEzW5ctuiAlternateDataStreams: C:\Users\Rick Bruner\Local Settings:7oHYxZ8jF1ID3rSwIKDxypsMAlternateDataStreams: C:\Users\Rick Bruner\Local Settings:biHY1bdLe2UFzIYvE1rZeF7EXvkYAlternateDataStreams: C:\Users\Rick Bruner\Local Settings:LHPjYqDydEay17VCdMMZAqcnAlternateDataStreams: C:\Users\Rick Bruner\Local Settings:NSt7cMWmtV1VvGmouC1utT8AlternateDataStreams: C:\Users\Rick Bruner\Local Settings:vs28jTZr6peJEAHgHWlmi8I2ZK4AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local:7oHYxZ8jF1ID3rSwIKDxypsMAlternateDataStreams: C:\Users\Rick Bruner\AppData\Local:biHY1bdLe2UFzIYvE1rZeF7EXvkYAlternateDataStreams: C:\Users\Rick Bruner\AppData\Local:LHPjYqDydEay17VCdMMZAqcnAlternateDataStreams: C:\Users\Rick Bruner\AppData\Local:NSt7cMWmtV1VvGmouC1utT8AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local:vs28jTZr6peJEAHgHWlmi8I2ZK4AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\22ZyhkFmL:eDLxweyIRnGZo3Rq5JBtnAlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\3GDZpriK6:Tj3ISNs3UjwJdNzd64WgAlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\Application Data:7oHYxZ8jF1ID3rSwIKDxypsMAlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\Application Data:biHY1bdLe2UFzIYvE1rZeF7EXvkYAlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\Application Data:LHPjYqDydEay17VCdMMZAqcnAlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\Application Data:NSt7cMWmtV1VvGmouC1utT8AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\Application Data:vs28jTZr6peJEAHgHWlmi8I2ZK4AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\Temp:EKnuQ2vPaNdgQrG9lGs96SAlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\Temp:Jsr1RBY0Z5NjJwZv7PGpI8mAlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\Temp:OhGGgET8GF4BPabAreD6187AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\Temp:vopSKslVa1XYWXRyFln6itMt0AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\Temporary Internet Files:8jVRgK8kN4NxfOTBKoLYAlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\Temporary Internet Files:WVqDrZl4C4Fis4Fr9NFvi9Cx4AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\X2AMH7vePt:1Sm0HnG8VAi3Dfv8BQPshend

Save the file as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will create a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 
Please post the log from FRST (Fixlog.txt) in your next reply.

 

 

Download TFC by OldTimer to your Desktop.

  • Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  • Double-click on the TFC icon.
  • When the program starts, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  • Depending on how much data is currently stored in the Temp folders, this process can take quite a while to remove all of the files, so please be patient.
  • When done, press OK to reboot your computer and finish the cleanup.

 

Please scan your system with ESET Online Scanner

  • Click the "Run ESET Online Scanner" button.
    • For browsers other than Internet Explorer such as Firefox, Chrome, or Opera (Microsoft Internet Explorer users can skip this step) another page will open to download the ESET Smart Installer
    • Click on esetsmartinstaller_enu.exe
    • Save it to your desktop, and double-click to run it.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Please post the logs from Farbar Recovery Scan Tool (Fixlog.txt) and ESET Online Scan, and note any errors encountered.

Link to post
Share on other sites

Hi, thanks for your help.  Attached is the Fixlog.txt file. I forgot to save the results of the ESET scanner.  All the files it found and removed were in a directory associated with AdwCleaner tool.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2014
Ran by Rick Bruner at 2014-06-02 18:11:54 Run:1
Running from C:\Users\Rick Bruner\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

HKLM-x32\...\Run: [] => [X]
SearchScopes: HKCU - {6B9E6D03-4C52-4B6A-BCCB-73A2B13CF0A2} URL = http://search.condui...5732945111&UM=2
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\RICKBR~1\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
C:\ProgramData\Jave226443.dll
Task: {06D917FE-ECEE-4AF6-A8C5-D812511ED0F2} - \DSite No Task File <==== ATTENTION
Task: {107AE1CE-33DF-4D06-B0B7-B7CB5320AF01} - System32\Tasks\Symantec\Norton Error Analyzer 18.1.0.37 => C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\SymErr.exe
Task: {B2CD58CA-99D9-46FE-B405-7D1501C84B33} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
AlternateDataStreams: C:\Windows:CM_2c12f8e976ec378eabe01e93275b2d2416fee5ea74076e3303f2465410fcc1e8
AlternateDataStreams: C:\Windows:CM_d74d90fd3e4fbac58881b5bb58cde7611ffa997330f1ef6bc8ca37c7be3d1fb0
AlternateDataStreams: C:\ProgramData\Microsoft:2QBpA4gfzsvEHUlCdRYk5MXc3c
AlternateDataStreams: C:\ProgramData\Microsoft:a4FjDhqpDpvLubXUbmBJEl5eRp
AlternateDataStreams: C:\ProgramData\Microsoft:atwesDFd164xVg3P1
AlternateDataStreams: C:\ProgramData\Microsoft:B2SOrMVF722H9P1fReYUHUOdf
AlternateDataStreams: C:\ProgramData\Microsoft:b4SG84Qg8ubH3kjf6REPEHsZb
AlternateDataStreams: C:\ProgramData\Microsoft:gc8MrjgVf6Lw8Al8CaHjMRM
AlternateDataStreams: C:\ProgramData\Microsoft:jt8Lgg6JShHuLV5Lyip
AlternateDataStreams: C:\ProgramData\Microsoft:JZvk1Yia3tVgs9S6JE0vME
AlternateDataStreams: C:\ProgramData\Microsoft:LqlN1jjWwqRLigLZwC15NvE
AlternateDataStreams: C:\ProgramData\Microsoft:MB2EnHxrXZbE3aU3RCwzR
AlternateDataStreams: C:\ProgramData\Microsoft:n89ExzykEcJjIls1eqsBzdY
AlternateDataStreams: C:\ProgramData\Microsoft:OpyHmrSfju3uhsgFsM6Yd8
AlternateDataStreams: C:\ProgramData\Microsoft:QKU92moalyMC7oGrDmwwu
AlternateDataStreams: C:\ProgramData\Microsoft:QZ2JJLKqjDiSwUQcpRu
AlternateDataStreams: C:\ProgramData\Microsoft:R3IRJLlM73ulWBeb5CumqqiO
AlternateDataStreams: C:\ProgramData\Microsoft:RlneNguxtyoiciKmRUY2nZs
AlternateDataStreams: C:\ProgramData\Microsoft:SepiSszDayzLpWgEBEb9xTgasJOIBi
AlternateDataStreams: C:\ProgramData\Microsoft:TGe8UAM78QwSnOpFD0qP
AlternateDataStreams: C:\ProgramData\Microsoft:Y24mw7nr2C6FogP4XCsIsXmZ0Qfh
AlternateDataStreams: C:\ProgramData\Microsoft:yQNz3A3YKhj7h7gjRKAHzgOxe
AlternateDataStreams: C:\Users\Rick Bruner\Cookies:2uhjDIQ9x7CJPFeSTmuQCKx0wP
AlternateDataStreams: C:\Users\Rick Bruner\Cookies:8HnDqpGmzFEf0Md4ZyOJrhd
AlternateDataStreams: C:\Users\Rick Bruner\Cookies:nMOmQRSFPr1Be9OnOcm53BbI
AlternateDataStreams: C:\Users\Rick Bruner\Cookies:Nq7GpaYDJqrKh1kO
AlternateDataStreams: C:\Users\Rick Bruner\Cookies:v06E9Dbp5OdvtGCjEzW5ctui
AlternateDataStreams: C:\Users\Rick Bruner\Local Settings:7oHYxZ8jF1ID3rSwIKDxypsM
AlternateDataStreams: C:\Users\Rick Bruner\Local Settings:biHY1bdLe2UFzIYvE1rZeF7EXvkY
AlternateDataStreams: C:\Users\Rick Bruner\Local Settings:LHPjYqDydEay17VCdMMZAqcn
AlternateDataStreams: C:\Users\Rick Bruner\Local Settings:NSt7cMWmtV1VvGmouC1utT8
AlternateDataStreams: C:\Users\Rick Bruner\Local Settings:vs28jTZr6peJEAHgHWlmi8I2ZK4
AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local:7oHYxZ8jF1ID3rSwIKDxypsM
AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local:biHY1bdLe2UFzIYvE1rZeF7EXvkY
AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local:LHPjYqDydEay17VCdMMZAqcn
AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local:NSt7cMWmtV1VvGmouC1utT8
AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local:vs28jTZr6peJEAHgHWlmi8I2ZK4
AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\22ZyhkFmL:eDLxweyIRnGZo3Rq5JBtn
AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\3GDZpriK6:Tj3ISNs3UjwJdNzd64Wg
AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\Application Data:7oHYxZ8jF1ID3rSwIKDxypsM
AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\Application Data:biHY1bdLe2UFzIYvE1rZeF7EXvkY
AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\Application Data:LHPjYqDydEay17VCdMMZAqcn
AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\Application Data:NSt7cMWmtV1VvGmouC1utT8
AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\Application Data:vs28jTZr6peJEAHgHWlmi8I2ZK4
AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\Temp:EKnuQ2vPaNdgQrG9lGs96S
AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\Temp:Jsr1RBY0Z5NjJwZv7PGpI8m
AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\Temp:OhGGgET8GF4BPabAreD6187
AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\Temp:vopSKslVa1XYWXRyFln6itMt0
AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\Temporary Internet Files:8jVRgK8kN4NxfOTBKoLY
AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\Temporary Internet Files:WVqDrZl4C4Fis4Fr9NFvi9Cx4
AlternateDataStreams: C:\Users\Rick Bruner\AppData\Local\X2AMH7vePt:1Sm0HnG8VAi3Dfv8BQPsh

end
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6B9E6D03-4C52-4B6A-BCCB-73A2B13CF0A2} => Key deleted successfully.
HKCR\CLSID\{6B9E6D03-4C52-4B6A-BCCB-73A2B13CF0A2} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{45B69029-F3AB-4204-92DE-D5140C3E8E74} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{45B69029-F3AB-4204-92DE-D5140C3E8E74} => Key deleted successfully.
C:\ProgramData\Jave226443.dll => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06D917FE-ECEE-4AF6-A8C5-D812511ED0F2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06D917FE-ECEE-4AF6-A8C5-D812511ED0F2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{107AE1CE-33DF-4D06-B0B7-B7CB5320AF01} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{107AE1CE-33DF-4D06-B0B7-B7CB5320AF01} => Key deleted successfully.
C:\Windows\System32\Tasks\Symantec\Norton Error Analyzer 18.1.0.37 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Symantec\Norton Error Analyzer 18.1.0.37 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B2CD58CA-99D9-46FE-B405-7D1501C84B33} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2CD58CA-99D9-46FE-B405-7D1501C84B33} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task => Key deleted successfully.
C:\Windows => ":CM_2c12f8e976ec378eabe01e93275b2d2416fee5ea74076e3303f2465410fcc1e8" ADS removed successfully.
C:\Windows => ":CM_d74d90fd3e4fbac58881b5bb58cde7611ffa997330f1ef6bc8ca37c7be3d1fb0" ADS removed successfully.
C:\ProgramData\Microsoft => ":2QBpA4gfzsvEHUlCdRYk5MXc3c" ADS removed successfully.
C:\ProgramData\Microsoft => ":a4FjDhqpDpvLubXUbmBJEl5eRp" ADS removed successfully.
C:\ProgramData\Microsoft => ":atwesDFd164xVg3P1" ADS removed successfully.
C:\ProgramData\Microsoft => ":B2SOrMVF722H9P1fReYUHUOdf" ADS removed successfully.
C:\ProgramData\Microsoft => ":b4SG84Qg8ubH3kjf6REPEHsZb" ADS removed successfully.
C:\ProgramData\Microsoft => ":gc8MrjgVf6Lw8Al8CaHjMRM" ADS removed successfully.
C:\ProgramData\Microsoft => ":jt8Lgg6JShHuLV5Lyip" ADS removed successfully.
C:\ProgramData\Microsoft => ":JZvk1Yia3tVgs9S6JE0vME" ADS removed successfully.
C:\ProgramData\Microsoft => ":LqlN1jjWwqRLigLZwC15NvE" ADS removed successfully.
C:\ProgramData\Microsoft => ":MB2EnHxrXZbE3aU3RCwzR" ADS removed successfully.
C:\ProgramData\Microsoft => ":n89ExzykEcJjIls1eqsBzdY" ADS removed successfully.
C:\ProgramData\Microsoft => ":OpyHmrSfju3uhsgFsM6Yd8" ADS removed successfully.
C:\ProgramData\Microsoft => ":QKU92moalyMC7oGrDmwwu" ADS removed successfully.
C:\ProgramData\Microsoft => ":QZ2JJLKqjDiSwUQcpRu" ADS removed successfully.
C:\ProgramData\Microsoft => ":R3IRJLlM73ulWBeb5CumqqiO" ADS removed successfully.
C:\ProgramData\Microsoft => ":RlneNguxtyoiciKmRUY2nZs" ADS removed successfully.
C:\ProgramData\Microsoft => ":SepiSszDayzLpWgEBEb9xTgasJOIBi" ADS removed successfully.
C:\ProgramData\Microsoft => ":TGe8UAM78QwSnOpFD0qP" ADS removed successfully.
C:\ProgramData\Microsoft => ":Y24mw7nr2C6FogP4XCsIsXmZ0Qfh" ADS removed successfully.
C:\ProgramData\Microsoft => ":yQNz3A3YKhj7h7gjRKAHzgOxe" ADS removed successfully.
"C:\Users\Rick Bruner\Cookies" => ":2uhjDIQ9x7CJPFeSTmuQCKx0wP" ADS not found.
"C:\Users\Rick Bruner\Cookies" => ":8HnDqpGmzFEf0Md4ZyOJrhd" ADS not found.
"C:\Users\Rick Bruner\Cookies" => ":nMOmQRSFPr1Be9OnOcm53BbI" ADS not found.
"C:\Users\Rick Bruner\Cookies" => ":Nq7GpaYDJqrKh1kO" ADS not found.
"C:\Users\Rick Bruner\Cookies" => ":v06E9Dbp5OdvtGCjEzW5ctui" ADS not found.
"C:\Users\Rick Bruner\Local Settings" => ":7oHYxZ8jF1ID3rSwIKDxypsM" ADS not found.
"C:\Users\Rick Bruner\Local Settings" => ":biHY1bdLe2UFzIYvE1rZeF7EXvkY" ADS not found.
"C:\Users\Rick Bruner\Local Settings" => ":LHPjYqDydEay17VCdMMZAqcn" ADS not found.
"C:\Users\Rick Bruner\Local Settings" => ":NSt7cMWmtV1VvGmouC1utT8" ADS not found.
"C:\Users\Rick Bruner\Local Settings" => ":vs28jTZr6peJEAHgHWlmi8I2ZK4" ADS not found.
C:\Users\Rick Bruner\AppData\Local => ":7oHYxZ8jF1ID3rSwIKDxypsM" ADS removed successfully.
C:\Users\Rick Bruner\AppData\Local => ":biHY1bdLe2UFzIYvE1rZeF7EXvkY" ADS removed successfully.
C:\Users\Rick Bruner\AppData\Local => ":LHPjYqDydEay17VCdMMZAqcn" ADS removed successfully.
C:\Users\Rick Bruner\AppData\Local => ":NSt7cMWmtV1VvGmouC1utT8" ADS removed successfully.
C:\Users\Rick Bruner\AppData\Local => ":vs28jTZr6peJEAHgHWlmi8I2ZK4" ADS removed successfully.
C:\Users\Rick Bruner\AppData\Local\22ZyhkFmL => ":eDLxweyIRnGZo3Rq5JBtn" ADS removed successfully.
C:\Users\Rick Bruner\AppData\Local\3GDZpriK6 => ":Tj3ISNs3UjwJdNzd64Wg" ADS removed successfully.
"C:\Users\Rick Bruner\AppData\Local\Application Data" => ":7oHYxZ8jF1ID3rSwIKDxypsM" ADS not found.
"C:\Users\Rick Bruner\AppData\Local\Application Data" => ":biHY1bdLe2UFzIYvE1rZeF7EXvkY" ADS not found.
"C:\Users\Rick Bruner\AppData\Local\Application Data" => ":LHPjYqDydEay17VCdMMZAqcn" ADS not found.
"C:\Users\Rick Bruner\AppData\Local\Application Data" => ":NSt7cMWmtV1VvGmouC1utT8" ADS not found.
"C:\Users\Rick Bruner\AppData\Local\Application Data" => ":vs28jTZr6peJEAHgHWlmi8I2ZK4" ADS not found.
C:\Users\Rick Bruner\AppData\Local\Temp => ":EKnuQ2vPaNdgQrG9lGs96S" ADS removed successfully.
C:\Users\Rick Bruner\AppData\Local\Temp => ":Jsr1RBY0Z5NjJwZv7PGpI8m" ADS removed successfully.
C:\Users\Rick Bruner\AppData\Local\Temp => ":OhGGgET8GF4BPabAreD6187" ADS removed successfully.
C:\Users\Rick Bruner\AppData\Local\Temp => ":vopSKslVa1XYWXRyFln6itMt0" ADS removed successfully.
"C:\Users\Rick Bruner\AppData\Local\Temporary Internet Files" => ":8jVRgK8kN4NxfOTBKoLY" ADS not found.
"C:\Users\Rick Bruner\AppData\Local\Temporary Internet Files" => ":WVqDrZl4C4Fis4Fr9NFvi9Cx4" ADS not found.
C:\Users\Rick Bruner\AppData\Local\X2AMH7vePt => ":1Sm0HnG8VAi3Dfv8BQPsh" ADS removed successfully.

==== End of Fixlog ====

Link to post
Share on other sites

What does the script do?

It removes some empty registry entries and files that no longer point to anything, resets one malware related entry back to a default value, and removes a lot of Alternate Data Streams (ADS) that had been attached to several folders:

http://www.symantec.com/connect/articles/windows-ntfs-alternate-data-streams

 

I forgot to save the results of the ESET scanner.  All the files it found and removed were in a directory associated with AdwCleaner tool.

That's good, it means that all the itens found were items that AdwCleaner had already quarantined. I hadn't asked you to run AdwCleaner as I saw that you already had.

Since several of the ADS entries were not found, I'd like to see another FRST log to make sure they are all gone.

 

Re-run Farbar Recovery Scan Tool

Double-click to run it. When the tool opens click Yes to disclaimer.

Press Scan button.

It will create a log (FRST.txt) in the same directory the tool is run.

Please post the contents of FRST.txt in your next reply.

 

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.