[zep516]

OK.

 

I'm away from my own computer now, but headed back.

 

Can you do a search for that file using FRST, we did that before remember I just want to check it again.

 

Open first, in the search box search fdclient.dll

 

Do a file search and a registry search,

 

Back later tonite

[Advertisements]

Here's the file search log. I'll post the registry saerch a little later, sorry.

 

Farbar Recovery Scan Tool (x64) Version: 17-10-2016

Ran by USER (20-10-2016 20:14:08)

Running from C:\Users\USER\Desktop

Boot Mode: Normal

 

================== Search Files: "fdclient.dll" =============

 

C:\Windows\SysWOW64\fdclient.dll

[2016-07-16 19:42][2016-07-16 19:42] 0125440 ____A () 0FC5EC2E27D9FA617C227B6CD2FC8A09 [File not signed]

 

====== End of Search ======

[BrynnD17]

Here's the file search log. I'll post the registry saerch a little later, sorry.

 

Farbar Recovery Scan Tool (x64) Version: 17-10-2016

Ran by USER (20-10-2016 20:14:08)

Running from C:\Users\USER\Desktop

Boot Mode: Normal

 

================== Search Files: "fdclient.dll" =============

 

C:\Windows\SysWOW64\fdclient.dll

[2016-07-16 19:42][2016-07-16 19:42] 0125440 ____A () 0FC5EC2E27D9FA617C227B6CD2FC8A09 [File not signed]

 

====== End of Search ======

[BrynnD17]

Hi Joe,

 

Here's the registry search log:

 

Farbar Recovery Scan Tool (x64) Version: 17-10-2016

Ran by USER (20-10-2016 21:47:09)

Running from C:\Users\USER\Desktop

Boot Mode: Normal

 

================== Search Registry: "fdclient.dll" ===========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FC24.FieldListCtrl.1\DefaultIcon]

""=""%SystemRoot%\System32\fdclient.dll", 0"

 

====== End of Search ======

[zep516]

Thanks

I'll get back to you on this, I have not forgot you.

Thanks
Joe

[BrynnD17]

Hi Joe. Any more ideas? Thanks

[zep516]

Actually I'm out of ideas and have been away for a while.

Let me speak to another member and get more insight as I don't want to just start deleting files.

[BrynnD17]

Okay. Thanks. Thanks for your time

[zep516]

You're welcome and i have just contacted a member, to have a look at things.

Do you have any symptoms like adds popping up or anything like that ?

Also

Download Silent Runners http://www.silentrun...ent Runners.zip
1. Unzip/extract the file to its own folder:
C:\Silent Runners.
3. Right-click (to run as Administrator) the SilentRunners.vbs inside the folder or on your desktop
to start.
4. A message box will appear asking if you want to skip the supplemental
searches.
5. Press "Yes" to skip [default] or "No" to include them.
6. Another message box will appear saying: "Silent Runners has started. A
message box like this will appear when its done." The tool will scan your
system and create a log by default, in the same directory as the script or
one your desktop. The log is named "Startup Programs (ComputerName)
date/timestamp.txt".
7. When finished, the next message to appear will say: "All Done! the
results are in the file..." (it will provide the full path location of the
log.
8. Copy & paste the log in your next reply.

Note: If you have a script blocking program you may get a warning asking if
you want to allow the script to run. Some will say "malicious script
warning" or something to that effect. There is nothing malicious about this
script, you can click to allow it to execute.


Next


Download zoek.exe to your Desktop: http://hijackthis.nl/smeenk/

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe.

on Windows Vista, 7, 8 and 10 right-click Zoek.exe and select: Run as Administrator
give it a few seconds to appear
copy/paste the entire script inside the codebox below into the input field of Zoek:

autoclean;
    emptyalltemp;
    emptyclsid;

close any open programs.
click the Run script button, and wait. It takes a few minutes to run.
when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
if a reboot is needed, the log will be opened after the reboot.



Post the silent runners log
Post the zoek log

[BrynnD17]

Sorry, haven't logged on in a while. I'll do that asap

[BrynnD17]

Sorry again. Been really busy. Haven't even turned my computer on in the last few days. Please don't close the topic... I'll follow those steps this weekend. Thanks

[BrynnD17]

Hi,

 

I followed the instructions and downloaded silent runners. I could not run it as admin (no option). When I tried to open it, the following notification came up:

 

[BrynnD17]

Here is the zoek log:

 

 

Zoek.exe v5.0.0.1 Updated 19-September-2016

Tool run by USER on Thu 11/03/2016 at 22:05:09.93.

Microsoft Windows 10 Home 10.0.14393  x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\USER\Desktop\zoek.exe [Scan all users] [Script inserted] 

 

==== System Restore Info ======================

 

11/3/2016 10:08:19 PM Zoek.exe System Restore Point Created Successfully.

 

==== Empty Folders Check ======================

 

C:\PROGRA~2\Wondershare deleted successfully

C:\PROGRA~3\Comms deleted successfully

C:\PROGRA~3\DVD Shrink deleted successfully

C:\PROGRA~3\SoftwareDistribution deleted successfully

C:\Users\USER\AppData\Local\ActiveSync deleted successfully

C:\Users\USER\AppData\Local\EmieBrowserModeList deleted successfully

C:\Users\USER\AppData\Local\EmieSiteList deleted successfully

C:\Users\USER\AppData\Local\EmieUserList deleted successfully

C:\Users\USER\AppData\Local\NetworkTiles deleted successfully

C:\Users\USER\AppData\Local\Opera Software deleted successfully

C:\Users\USER\AppData\Local\Skype deleted successfully

C:\Users\USER\AppData\Local\softthinks deleted successfully

C:\Users\USER\AppData\Local\Unity deleted successfully

C:\Users\USER\AppData\Local\VirtualStore deleted successfully

C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

HKEY_USERS\S-1-5-21-77165034-2136077583-516565766-1001\SOFTWARE\Microsoft\Internet Explorer\Approved Extensions\{8E8F97CD-60B5-456F-A201-73065652D099} deleted successfully

 

==== Deleting Services ======================

 

 

==== Deleting Files \ Folders ======================

 

C:\PROGRA~2\Wondershare not found

C:\Users\USER\AppData\Local\Wondershare deleted

C:\PROGRA~2\GUM8F07.tmp deleted

C:\Users\USER\.android deleted

C:\PROGRA~2\Ghostery Storage Server deleted

C:\PROGRA~2\COMMON~1\Wondershare deleted

C:\PROGRA~3\{A328A61B-C332-4C8C-A740-42F7F71DC398} deleted

C:\PROGRA~3\Package Cache deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted

C:\Users\USER\AppData\LocalLow\Unity deleted

"C:\Users\USER\AppData\Local\AVAST Software\APM\USER\T7inRN2DwxeAarpR\kv_pam.db" not deleted

"C:\Users\USER\AppData\Local\AVAST Software\APM\USER\T7inRN2DwxeAarpR\kv_pamcore.db" not deleted

"C:\Users\USER\AppData\Local\AVAST Software\APM\USER\T7inRN2DwxeAarpR\kv_pampub.db" not deleted

"C:\Users\USER\AppData\Local\AVAST Software\APM\USER\T7inRN2DwxeAarpR\pam.db" not deleted

"C:\Users\USER\AppData\Roaming\dlg" deleted

"C:\Users\USER\AppData\Local\AVAST Software" not deleted

"C:\Users\USER\AppData\Local\AVAST Software\APM" not deleted

"C:\Users\USER\AppData\Local\AVAST Software\APM\USER" not deleted

"C:\Users\USER\AppData\Local\AVAST Software\APM\USER\T7inRN2DwxeAarpR" not deleted

 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"[email protected]"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [11/03/2016 09:26 PM]

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"[email protected]"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [11/03/2016 09:26 PM]

 

==== Chromium Look ======================

 

Google Chrome Version: 46.0.2490.86

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

emhginjpijfggbofeediiojmdlmlkoik - C:\Program Files\AVAST Software\Avast\pam\Chrome\pam.crx[]

eofcbnmajmjmplflapaojjnihcjkigck - No path found[]

gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[]

 

passwords - USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik

ESPNCricinfo - USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhlikjoigjegofbedmfmlcfkmhabldh

Chrome Media Router - USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

 

==== Chromium Fix ======================

 

C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik deleted successfully

C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_emhginjpijfggbofeediiojmdlmlkoik_0.localstorage deleted successfully

C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_emhginjpijfggbofeediiojmdlmlkoik_0.localstorage-journal deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="https://www.google.com/?bcutc=sp-006"

"Search Page"="https://www.google.c...={searchTerms}"

"Search Bar"="https://www.google.com/?bcutc=sp-006"

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://go.microsoft..../?LinkId=54896"

"Search Bar"="http://go.microsoft..../?LinkId=54896"

"Start Page"="https://www.google.com/?bcutc=sp-006"

 

==== All HKLM and HKCU SearchScopes ======================

 

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC

HKLM\SearchScopes\{7F2D3445-003E-489B-9CB9-A8EBF99B1DBC} - http://www.bing.com/...=IE11TR&pc=DCJB

HKLM\Wow6432Node\SearchScopes "DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}"

HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC

HKLM\Wow6432Node\SearchScopes\{7F2D3445-003E-489B-9CB9-A8EBF99B1DBC} - http://www.bing.com/...=IE11TR&pc=DCJB

HKLM\Wow6432Node\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - https://www.google.c...q={searchTerms}

HKCU\SearchScopes "DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}"

HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.co...q={searchTerms}

HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...Box&FORM=IESR02

HKCU\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - https://www.google.c...q={searchTerms}

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\emhginjpijfggbofeediiojmdlmlkoik deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully

 

==== Empty IE Cache ======================

 

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\USER\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\USER\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

 

==== Empty FireFox Cache ======================

 

No FireFox Profiles found

 

==== Empty Chrome Cache ======================

 

C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

No Flash Cache Found

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=326 folders=186 87764714 bytes)

 

==== Empty Temp Folders ======================

 

C:\WINDOWS\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\WINDOWS\Temp successfully emptied

C:\Users\USER\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== Deleting Files / Folders ======================

 

"C:\Users\USER\AppData\Local\AVAST Software\APM\USER\T7inRN2DwxeAarpR\kv_pam.db"  not found

"C:\Users\USER\AppData\Local\AVAST Software\APM\USER\T7inRN2DwxeAarpR\kv_pamcore.db"  not found

"C:\Users\USER\AppData\Local\AVAST Software\APM\USER\T7inRN2DwxeAarpR\kv_pampub.db"  not found

"C:\Users\USER\AppData\Local\AVAST Software\APM\USER\T7inRN2DwxeAarpR\pam.db"  not found

"C:\Users\USER\AppData\Local\AVAST Software"  not found

 

==== EOF on Thu 11/03/2016 at 22:24:52.55 ======================

 

 

There was and error message during the scan but the scan completed:

 

[BrynnD17]

This came up when computer rebooted:

 

 HitmanPro_20161103_2248.log   2.18KB   164 downloads

[BrynnD17]

Hello? Joe?

[zep516]

I'm here sorry for delay, lets disable dropbox and remove fdclient again.

We might need to disable dropbox as it may be resyncing the file back.
DropBox to disable or stop.
http://www.ghacks.ne...ing-on-windows/


This one says temporary stopping but it can be permanent if the user never starts it again. (Yeah, the OS is Linux but it is the same for Windows.)
https://superuser.co...syncing-dropbox

Next
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
C:\WINDOWS\SysWoW64\fdclient.dll
Emptytemp:

• Click Format and ensure Wordwrap is unchecked.
• Save as Fixlist.txt to your Desktop (Must be in this location)
• Run FRST/FRST64 and press the Fix button just once and wait.
• If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
• The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.