Post by dbrisen on Nov 23, 2014 21:57:29 GMT -8
The reason it did not correct the issue is that the Fixlist.txt file was downloaded as a HTML document instead of a text file.
Not a problem; we will go to plan B.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
start
CloseProcesses:
HKU\S-1-5-21-2626883384-2933607310-17556466-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2626883384-2933607310-17556466-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-2626883384-2933607310-17556466-1000\...\MountPoints2: {53a22b3b-5eee-11df-a4ca-00038a000015} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2626883384-2933607310-17556466-1000\...\MountPoints2: {9a247572-7ee4-11e2-a054-00038a000015} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2626883384-2933607310-17556466-1000\...\MountPoints2: {9a444b1c-a68b-11df-87dc-00265e126359} - "F:\WD SmartWare.exe" autoplay=true
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Edwardian Advent Calendar.lnk
ShortcutTarget: JL Edwardian Advent Calendar.lnk -> C:\Program Files (x86)\JL Edwardian Advent Calendar\JL Edwardian Advent Calendar.exe (No File)
SearchScopes: HKLM -> {F866DC5B-A053-40B9-BCDE-375ED3441201} URL = www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {F866DC5B-A053-40B9-BCDE-375ED3441201} URL = www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\.DEFAULT -> DefaultScope {682A7A5C-953E-4F46-BE75-B46823CC9E8B} URL =
SearchScopes: HKU\S-1-5-21-2626883384-2933607310-17556466-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2626883384-2933607310-17556466-1000 -> {F866DC5B-A053-40B9-BCDE-375ED3441201} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
2014-11-14 16:30 - 2014-11-14 16:30 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
C:\Users\User\AppData\Local\Temp\_is2338.exe
C:\Users\User\AppData\Local\Temp\_isBC2.exe
C:\Users\User\AppData\Local\Temp\_isE8D8.exe
C:\Users\User\AppData\Local\Temp\_isF2B7.exe
C:\Users\User\AppData\Local\Temp\_isFCA6.exe
C:\Windows\SysWOW64\000*.tmp
HKU\S-1-5-21-2626883384-2933607310-17556466-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
CustomCLSID: HKU\S-1-5-21-2626883384-2933607310-17556466-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Reboot:
end
NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Not a problem; we will go to plan B.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
start
CloseProcesses:
HKU\S-1-5-21-2626883384-2933607310-17556466-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2626883384-2933607310-17556466-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-2626883384-2933607310-17556466-1000\...\MountPoints2: {53a22b3b-5eee-11df-a4ca-00038a000015} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2626883384-2933607310-17556466-1000\...\MountPoints2: {9a247572-7ee4-11e2-a054-00038a000015} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2626883384-2933607310-17556466-1000\...\MountPoints2: {9a444b1c-a68b-11df-87dc-00265e126359} - "F:\WD SmartWare.exe" autoplay=true
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Edwardian Advent Calendar.lnk
ShortcutTarget: JL Edwardian Advent Calendar.lnk -> C:\Program Files (x86)\JL Edwardian Advent Calendar\JL Edwardian Advent Calendar.exe (No File)
SearchScopes: HKLM -> {F866DC5B-A053-40B9-BCDE-375ED3441201} URL = www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {F866DC5B-A053-40B9-BCDE-375ED3441201} URL = www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\.DEFAULT -> DefaultScope {682A7A5C-953E-4F46-BE75-B46823CC9E8B} URL =
SearchScopes: HKU\S-1-5-21-2626883384-2933607310-17556466-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2626883384-2933607310-17556466-1000 -> {F866DC5B-A053-40B9-BCDE-375ED3441201} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
2014-11-14 16:30 - 2014-11-14 16:30 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
C:\Users\User\AppData\Local\Temp\_is2338.exe
C:\Users\User\AppData\Local\Temp\_isBC2.exe
C:\Users\User\AppData\Local\Temp\_isE8D8.exe
C:\Users\User\AppData\Local\Temp\_isF2B7.exe
C:\Users\User\AppData\Local\Temp\_isFCA6.exe
C:\Windows\SysWOW64\000*.tmp
HKU\S-1-5-21-2626883384-2933607310-17556466-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
CustomCLSID: HKU\S-1-5-21-2626883384-2933607310-17556466-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Reboot:
end
NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.