Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows/syswow64...can't find an appropriate solution


  • This topic is locked This topic is locked

#61
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts

OK.

 

I'm away from my own computer now, but headed back.

 

Can you do a search for that file using FRST, we did that before remember I just want to check it again.

 

Open first, in the search box search fdclient.dll

 

Do a file search and a registry search,

 

Back later tonite


  • 0

Advertisements


#62
BrynnD17

BrynnD17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Here's the file search log. I'll post the registry saerch a little later, sorry.
 
Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by USER (20-10-2016 20:14:08)
Running from C:\Users\USER\Desktop
Boot Mode: Normal
 
================== Search Files: "fdclient.dll" =============
 
C:\Windows\SysWOW64\fdclient.dll
[2016-07-16 19:42][2016-07-16 19:42] 0125440 ____A () 0FC5EC2E27D9FA617C227B6CD2FC8A09 [File not signed]
 
====== End of Search ======

  • 0

#63
BrynnD17

BrynnD17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hi Joe,

 

Here's the registry search log:

 

Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by USER (20-10-2016 21:47:09)
Running from C:\Users\USER\Desktop
Boot Mode: Normal
 
================== Search Registry: "fdclient.dll" ===========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FC24.FieldListCtrl.1\DefaultIcon]
""=""%SystemRoot%\System32\fdclient.dll", 0"
 
====== End of Search ======

  • 0

#64
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Thanks

I'll get back to you on this, I have not forgot you.

Thanks
Joe :)
  • 0

#65
BrynnD17

BrynnD17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Hi Joe. Any more ideas? Thanks
  • 0

#66
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Actually I'm out of ideas and have been away for a while.

Let me speak to another member and get more insight as I don't want to just start deleting files.
  • 0

#67
BrynnD17

BrynnD17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Okay. Thanks. Thanks for your time
  • 0

#68
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
You're welcome and i have just contacted a member, to have a look at things.

Do you have any symptoms like adds popping up or anything like that ?

Also

Download Silent Runners http://www.silentrun...ent Runners.zip
1. Unzip/extract the file to its own folder:
C:\Silent Runners.
3. Right-click (to run as Administrator) the SilentRunners.vbs inside the folder or on your desktop
to start.
4. A message box will appear asking if you want to skip the supplemental
searches.
5. Press "Yes" to skip [default] or "No" to include them.
6. Another message box will appear saying: "Silent Runners has started. A
message box like this will appear when its done." The tool will scan your
system and create a log by default, in the same directory as the script or
one your desktop. The log is named "Startup Programs (ComputerName)
date/timestamp.txt".
7. When finished, the next message to appear will say: "All Done! the
results are in the file..." (it will provide the full path location of the
log.
8. Copy & paste the log in your next reply.

Note: If you have a script blocking program you may get a warning asking if
you want to allow the script to run. Some will say "malicious script
warning" or something to that effect. There is nothing malicious about this
script, you can click to allow it to execute.


Next


Download zoek.exe to your Desktop: http://hijackthis.nl/smeenk/

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe.

on Windows Vista, 7, 8 and 10 right-click Zoek.exe and select: Run as Administrator
give it a few seconds to appear
copy/paste the entire script inside the codebox below into the input field of Zoek:

autoclean;
    emptyalltemp;
    emptyclsid;
close any open programs.
click the Run script button, and wait. It takes a few minutes to run.
when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
if a reboot is needed, the log will be opened after the reboot.



Post the silent runners log
Post the zoek log
  • 0

#69
BrynnD17

BrynnD17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Sorry, haven't logged on in a while. I'll do that asap
  • 0

#70
BrynnD17

BrynnD17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Sorry again. Been really busy. Haven't even turned my computer on in the last few days. Please don't close the topic... I'll follow those steps this weekend. Thanks
  • 0

Advertisements


#71
BrynnD17

BrynnD17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hi,

 

I followed the instructions and downloaded silent runners. I could not run it as admin (no option). When I tried to open it, the following notification came up:

 

Capture.PNG


  • 0

#72
BrynnD17

BrynnD17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Here is the zoek log:

 

 
Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by USER on Thu 11/03/2016 at 22:05:09.93.
Microsoft Windows 10 Home 10.0.14393  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\USER\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
11/3/2016 10:08:19 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Wondershare deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\DVD Shrink deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\USER\AppData\Local\ActiveSync deleted successfully
C:\Users\USER\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\USER\AppData\Local\EmieSiteList deleted successfully
C:\Users\USER\AppData\Local\EmieUserList deleted successfully
C:\Users\USER\AppData\Local\NetworkTiles deleted successfully
C:\Users\USER\AppData\Local\Opera Software deleted successfully
C:\Users\USER\AppData\Local\Skype deleted successfully
C:\Users\USER\AppData\Local\softthinks deleted successfully
C:\Users\USER\AppData\Local\Unity deleted successfully
C:\Users\USER\AppData\Local\VirtualStore deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
HKEY_USERS\S-1-5-21-77165034-2136077583-516565766-1001\SOFTWARE\Microsoft\Internet Explorer\Approved Extensions\{8E8F97CD-60B5-456F-A201-73065652D099} deleted successfully
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Wondershare not found
C:\Users\USER\AppData\Local\Wondershare deleted
C:\PROGRA~2\GUM8F07.tmp deleted
C:\Users\USER\.android deleted
C:\PROGRA~2\Ghostery Storage Server deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\PROGRA~3\{A328A61B-C332-4C8C-A740-42F7F71DC398} deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\Users\USER\AppData\LocalLow\Unity deleted
"C:\Users\USER\AppData\Local\AVAST Software\APM\USER\T7inRN2DwxeAarpR\kv_pam.db" not deleted
"C:\Users\USER\AppData\Local\AVAST Software\APM\USER\T7inRN2DwxeAarpR\kv_pamcore.db" not deleted
"C:\Users\USER\AppData\Local\AVAST Software\APM\USER\T7inRN2DwxeAarpR\kv_pampub.db" not deleted
"C:\Users\USER\AppData\Local\AVAST Software\APM\USER\T7inRN2DwxeAarpR\pam.db" not deleted
"C:\Users\USER\AppData\Roaming\dlg" deleted
"C:\Users\USER\AppData\Local\AVAST Software" not deleted
"C:\Users\USER\AppData\Local\AVAST Software\APM" not deleted
"C:\Users\USER\AppData\Local\AVAST Software\APM\USER" not deleted
"C:\Users\USER\AppData\Local\AVAST Software\APM\USER\T7inRN2DwxeAarpR" not deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [11/03/2016 09:26 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [11/03/2016 09:26 PM]
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.86
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
emhginjpijfggbofeediiojmdlmlkoik - C:\Program Files\AVAST Software\Avast\pam\Chrome\pam.crx[]
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[]
 
passwords - USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik
ESPNCricinfo - USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhlikjoigjegofbedmfmlcfkmhabldh
Chrome Media Router - USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
==== Chromium Fix ======================
 
C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik deleted successfully
C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_emhginjpijfggbofeediiojmdlmlkoik_0.localstorage deleted successfully
C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_emhginjpijfggbofeediiojmdlmlkoik_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC
HKLM\SearchScopes\{7F2D3445-003E-489B-9CB9-A8EBF99B1DBC} - http://www.bing.com/...=IE11TR&pc=DCJB
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{7F2D3445-003E-489B-9CB9-A8EBF99B1DBC} - http://www.bing.com/...=IE11TR&pc=DCJB
HKLM\Wow6432Node\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - https://www.google.c...q={searchTerms}
HKCU\SearchScopes "DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.co...q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...Box&FORM=IESR02
HKCU\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - https://www.google.c...q={searchTerms}
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\emhginjpijfggbofeediiojmdlmlkoik deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\USER\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\USER\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=326 folders=186 87764714 bytes)
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\USER\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\USER\AppData\Local\AVAST Software\APM\USER\T7inRN2DwxeAarpR\kv_pam.db"  not found
"C:\Users\USER\AppData\Local\AVAST Software\APM\USER\T7inRN2DwxeAarpR\kv_pamcore.db"  not found
"C:\Users\USER\AppData\Local\AVAST Software\APM\USER\T7inRN2DwxeAarpR\kv_pampub.db"  not found
"C:\Users\USER\AppData\Local\AVAST Software\APM\USER\T7inRN2DwxeAarpR\pam.db"  not found
"C:\Users\USER\AppData\Local\AVAST Software"  not found
 
==== EOF on Thu 11/03/2016 at 22:24:52.55 ======================
 
 
There was and error message during the scan but the scan completed:
 
Capture2.PNG

  • 0

#73
BrynnD17

BrynnD17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

This came up when computer rebooted:

 

Attached File  HitmanPro_20161103_2248.log   2.18KB   29 downloads


  • 0

#74
BrynnD17

BrynnD17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Hello? Joe?
  • 0

#75
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
I'm here sorry for delay, lets disable dropbox and remove fdclient again.

We might need to disable dropbox as it may be resyncing the file back.
DropBox to disable or stop.
http://www.ghacks.ne...ing-on-windows/


This one says temporary stopping but it can be permanent if the user never starts it again. (Yeah, the OS is Linux but it is the same for Windows.)
https://superuser.co...syncing-dropbox

Next
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
C:\WINDOWS\SysWoW64\fdclient.dll
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP