We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
de-bugging i-pad
Comments
-
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013 02
Ran by SYSTEM on MINWINPC on 12-09-2013 15:20:59
Running from F:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [200704 2008-09-03] (Alps Electric Co., Ltd.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3810304 2008-12-22] (Dell Inc.)
HKLM\...\Run: [Dell Webcam Central] - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [446635 2008-06-03] (Creative Technology Ltd.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [1735760 2009-01-09] (Dell Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-05-07] (Intel Corporation)
HKLM\...\Run: [dellsupportcenter] - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [483420 2008-12-14] (IDT, Inc.)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [887432 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Connection Manager] - C:\Program Files\O2\Connection Manager\emmsn.exe [3779504 2010-08-03] (Telef!nica I+D)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [X]
HKU\Rose\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-20] (Microsoft Corporation)
HKU\Rose\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [ 2010-08-24] (TomTom)
HKU\Rose\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [ 2009-03-05] (Safer-Networking Ltd.)
HKU\Rose\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2011-01-22] (Google Inc.)
HKU\Rose\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-06-21] (Skype Technologies S.A.)
HKU\Rose\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-20] (Microsoft Corporation)
HKU\Rose\...\Run: [Google Update] - [x]
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
ShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
Startup: C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
========================== Services (Whitelisted) =================
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-12-14] (Andrea Electronics Corporation)
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation)
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-13] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-13] (Secunia)
S2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-01-29] (SupportSoft, Inc.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-12-14] (IDT, Inc.)
S2 TGCM_ImportWiFiSvc; C:\Program Files\O2\Connection Manager\ImpWiFiSvc.exe [199600 2010-08-02] (Telef!nica I+D)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-22] (Dell Inc.)
S2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{f5bcd340-d062-07d2-560a-ffd3597a14f2}\ \...\???\{f5bcd340-d062-07d2-560a-ffd3597a14f2}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
==================== Drivers (Whitelisted) ====================
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-22] (Broadcom Corporation)
S0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)
S3 OA009Ufd; C:\Windows\System32\DRIVERS\OA009Ufd.sys [133632 2009-03-05] (Creative Technology Ltd.)
S3 OA009Vid; C:\Windows\System32\DRIVERS\OA009Vid.sys [271552 2009-03-19] (Creative Technology Ltd.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-12 01:45 - 2013-09-12 01:45 - 00000000 ____D C:\Program Files\ESET
2013-09-11 11:54 - 2013-09-11 11:54 - 00000134 _____ C:\Users\Rose\Desktop\User Accounts - Shortcut.lnk
2013-09-11 09:57 - 2013-09-11 10:29 - 2489435892 _____ C:\avenger.txt
2013-09-11 09:57 - 2013-09-11 09:57 - 00001960 _____ C:\Windows\PFRO.log
2013-09-11 09:57 - 2013-09-11 09:57 - 00000000 ____D C:\Avenger
2013-09-10 04:58 - 2013-09-10 04:59 - 00062942 _____ C:\Users\Rose\Documents\cc_20130910_135845.reg
2013-09-10 03:11 - 2013-09-10 03:11 - 00000256 _____ C:\Users\Rose\Desktop\People Near Me - Shortcut.lnk
2013-09-10 02:57 - 2013-09-10 02:57 - 00000134 _____ C:\Users\Rose\Desktop\Bluetooth Devices - Shortcut.lnk
2013-09-08 14:07 - 2013-09-08 14:28 - 00000000 ____D C:\ProgramData\Danpn373
2013-08-27 14:16 - 2013-08-01 20:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-14 14:55 - 2013-07-24 18:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-14 14:55 - 2013-07-24 18:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-14 14:55 - 2013-07-24 18:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-14 14:55 - 2013-07-24 18:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-14 14:55 - 2013-07-24 18:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-14 14:55 - 2013-07-24 18:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-08-14 14:55 - 2013-07-24 18:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-08-14 14:55 - 2013-07-24 18:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-14 14:55 - 2013-07-24 18:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-14 14:55 - 2013-07-24 18:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-14 14:55 - 2013-07-24 18:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-14 14:55 - 2013-07-24 18:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-08-14 14:55 - 2013-07-24 18:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-08-14 14:55 - 2013-07-24 18:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-14 14:55 - 2013-07-24 18:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-14 14:55 - 2013-07-24 18:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-08-13 12:44 - 2013-07-17 11:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-13 12:44 - 2013-07-10 01:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-13 12:44 - 2013-07-09 04:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-13 12:44 - 2013-07-07 20:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-08-13 12:44 - 2013-07-07 20:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-13 12:44 - 2013-07-07 20:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-13 12:44 - 2013-07-07 20:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-13 12:44 - 2013-07-07 20:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-13 12:44 - 2013-07-07 20:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-13 12:44 - 2013-07-04 20:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-13 12:44 - 2013-06-15 05:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\icaapi.dll
2013-08-13 12:44 - 2013-06-15 03:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
==================== One Month Modified Files and Folders =======
2013-09-12 15:19 - 2013-09-12 15:19 - 00000000 ____D C:\FRST
2013-09-12 05:33 - 2006-11-02 04:47 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-12 05:33 - 2006-11-02 04:47 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-12 03:04 - 2010-09-07 07:57 - 00000000 ____D C:\Users\Rose\AppData\Roaming\67E49E331C3E7BE91C39FE7C79763D77
2013-09-12 03:01 - 2009-10-27 04:39 - 00001356 _____ C:\Users\Rose\AppData\Local\d3d9caps.dat
2013-09-12 01:45 - 2013-09-12 01:45 - 00000000 ____D C:\Program Files\ESET
2013-09-12 00:08 - 2010-10-07 11:01 - 00000000 ____D C:\Users\Rose\AppData\Local\Windows Live
2013-09-11 22:45 - 2010-07-23 02:35 - 00000000 ____D C:\Users\Rose\AppData\Roaming\Skype
2013-09-11 11:54 - 2013-09-11 11:54 - 00000134 _____ C:\Users\Rose\Desktop\User Accounts - Shortcut.lnk
2013-09-11 10:35 - 2010-09-08 22:32 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-11 10:29 - 2013-09-11 09:57 - 2489435892 _____ C:\avenger.txt
2013-09-11 09:57 - 2013-09-11 09:57 - 00001960 _____ C:\Windows\PFRO.log
2013-09-11 09:57 - 2013-09-11 09:57 - 00000000 ____D C:\Avenger
2013-09-11 09:57 - 2011-08-07 02:24 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-09-11 08:31 - 2012-01-22 05:37 - 00000908 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-11 08:31 - 2010-09-07 09:44 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-11 07:53 - 2006-11-02 02:33 - 00703198 _____ C:\Windows\System32\PerfStringBackup.INI
2013-09-10 07:26 - 2009-06-23 07:04 - 00000000 ____D C:\users\Rose
2013-09-10 05:33 - 2010-07-23 02:36 - 00000000 ____D C:\Users\Rose\AppData\Local\Google
2013-09-10 04:59 - 2013-09-10 04:58 - 00062942 _____ C:\Users\Rose\Documents\cc_20130910_135845.reg
2013-09-10 03:11 - 2013-09-10 03:11 - 00000256 _____ C:\Users\Rose\Desktop\People Near Me - Shortcut.lnk
2013-09-10 02:57 - 2013-09-10 02:57 - 00000134 _____ C:\Users\Rose\Desktop\Bluetooth Devices - Shortcut.lnk
2013-09-09 04:46 - 2012-11-26 11:30 - 00002377 _____ C:\Users\Public\Desktop\Skype.lnk
2013-09-08 14:28 - 2013-09-08 14:07 - 00000000 ____D C:\ProgramData\Danpn373
2013-09-08 14:08 - 2010-07-23 02:35 - 00000000 ____D C:\Program Files\Google
2013-09-04 14:19 - 2011-10-30 09:36 - 00002039 _____ C:\Users\Rose\Desktop\Google Chrome.lnk
2013-08-18 10:57 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-15 14:47 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2013-08-15 14:23 - 2013-08-07 13:28 - 00000000 ____D C:\Windows\System32\MRT
2013-08-15 14:20 - 2006-11-02 02:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-08-14 15:12 - 2009-05-14 05:08 - 00000000 ____D C:\ProgramData\Microsoft Help
Files to move or delete:
====================
ZeroAccess:
C:\Users\Rose\AppData\Local\Google\Desktop\Install\{f5bcd340-d062-07d2-560a-ffd3597a14f2}
ZeroAccess:
C:\Program Files\Google\Desktop\Install\{f5bcd340-d062-07d2-560a-ffd3597a14f2}
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-07-19 13:06:07
Restore point made on: 2013-07-23 13:04:45
Restore point made on: 2013-07-25 09:23:49
Restore point made on: 2013-07-31 14:02:58
Restore point made on: 2013-08-06 13:29:27
Restore point made on: 2013-08-07 13:28:13
Restore point made on: 2013-08-13 12:39:17
Restore point made on: 2013-08-14 14:49:59
Restore point made on: 2013-08-18 03:23:40
Restore point made on: 2013-08-20 10:13:29
Restore point made on: 2013-08-23 14:11:24
Restore point made on: 2013-08-27 14:16:41
Restore point made on: 2013-08-28 13:44:31
Restore point made on: 2013-08-31 03:19:45
Restore point made on: 2013-08-31 03:38:39
Restore point made on: 2013-09-03 13:27:36
Restore point made on: 2013-09-10 05:04:26
Restore point made on: 2013-09-10 05:17:22
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 3033.63 MB
Available physical RAM: 2718.43 MB
Total Pagefile: 2934.28 MB
Available Pagefile: 2795.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.31 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:134.36 GB) (Free:49.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: () (Removable) (Total:0.12 GB) (Free:0.08 GB) FAT
Drive x: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.08 GB) NTFS
==================== MBR & Partition Table ==================
=========0 -
I'll PM you my email address as those logs aren't fitting into one post.0
-
-
sent it, hope it arrives, new one to me?0 -
Yes, got it. I'll go through it in a minute, just got something else to do first.
0 -
Using your computer.
- Click Start
- Type notepad in the search programs and files box and click Enter.
- A blank Notepad page should open.
- Copy/Paste all of the contents of the code box below into Notepad. Do not include Code:
HKU\Rose\...\Run: [Google Update] - [x] S2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [x] S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{f5bcd340-d062-07d2-560a-ffd3597a14f2}\ \...\???\{f5bcd340-d062-07d2-560a-ffd3597a14f2}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) C:\Program Files\Google\Desktop\Install\{f5bcd340-d062-07d2-560a-ffd3597a14f2} C:\Users\Rose\AppData\Local\Google\Desktop\Install\{f5bcd340-d062-07d2-560a-ffd3597a14f2} C:\ProgramData\Danpn373 DeleteJunctionsIndirectory: C:\Program Files\Windows Defender- Save it as fixlist.txt and save to your USB flashdrive
Insert the USB drive into the infected computer & start FRST as before when you ran a scan earlier, but this time use the Fix option..- Start the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Use the arrow keys to select the Repair your computer menu item.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account an click Next.
On the System Recovery Options menu you will get the following options:- Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Select Command Prompt
Once in the Command Prompt:
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e![:\](https://forums.moneysavingexpert.com/resources/emoji/confused.png ":\")
frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press the Fix button once and wait.
[*]FRST will process fixlist.txt
[*]When finished, it will produce a log fixlog.txt on your USB flashdrive.
[*]Exit out of Recovery Environment and post the log.0 -
Hi, it,s telling me it cannot fin fixlist? from stick? when I press fix, yet it,s there on mine when I plug it in and expand it.Using your computer.- Click Start
- Type notepad in the search programs and files box and click Enter.
- A blank Notepad page should open.
- Copy/Paste all of the contents of the code box below into Notepad. Do not include Code:
HKU\Rose\...\Run: [Google Update] - [x] S2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [x] S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{f5bcd340-d062-07d2-560a-ffd3597a14f2}\ \...\???\{f5bcd340-d062-07d2-560a-ffd3597a14f2}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) C:\Program Files\Google\Desktop\Install\{f5bcd340-d062-07d2-560a-ffd3597a14f2} C:\Users\Rose\AppData\Local\Google\Desktop\Install\{f5bcd340-d062-07d2-560a-ffd3597a14f2} C:\ProgramData\Danpn373 DeleteJunctionsIndirectory: C:\Program Files\Windows Defender- Save it as fixlist.txt and save to your USB flashdrive
Insert the USB drive into the infected computer & start FRST as before when you ran a scan earlier, but this time use the Fix option..- Start the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Use the arrow keys to select the Repair your computer menu item.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account an click Next.
On the System Recovery Options menu you will get the following options:- Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Select Command Prompt
Once in the Command Prompt:
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type efrst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press the Fix button once and wait.
[*]FRST will process fixlist.txt
[*]When finished, it will produce a log fixlog.txt on your USB flashdrive.
[*]Exit out of Recovery Environment and post the log.
same as before F not e0 -
hi, it,s not e on mine, it,s f;;was before.You should have save the file fixlist.txt to your USB flashdrive e: - can you see this file?
just inserted flash back in my pc, and opened it up with the copied text there.f.
d e dont work when I plug it in infected pc.
stumped?
it was f for the logs I posted from it before.
cannot seewhere/if I,m going wrong
there,s only 2 removables in computer, d and f, no e
tried them all0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.7K Mortgages, Homes & Bills
- 177.4K Life & Family
- 258.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards