Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected or not


  • This topic is locked This topic is locked
45 replies to this topic

#1 boneyeye

boneyeye

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 20 July 2016 - 09:07 PM

Have spent 3dys and have got rid of a lot of stuff like.PUP,PUMs, Program Management Console, iMesh Varient(from old files), SSDT(Hook), and Multiple Popup ads. There are 4 files in Windows\Temp which multiply after "boot" to 9. They are all beginning with etilgs_ ---remaining addresses are filled of numbers and figures. There are 4 of these files I cannot delete at all as I get a reply of: This file cannot be removed because they are open in Real Times Disktop services. I do hope someone can help.Attached File  Addition.txt   42.95KB   2 downloads

Attached Files

  • Attached File  FRST.txt   27.01KB   3 downloads


BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,664 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:20 AM

Posted 21 July 2016 - 04:16 AM

Hello boneyeye and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Those files you are worried about are fine: they are database files used by the public domain database called SQLite, (if you look at the name “etilqs”, it is SQLite backwards and the numbers are random so that they won’t conflict with any similarly-named file. . Both Chrome and Firefox use SQLite to store data including cookies.

I’ll look at your logs and reply as soon as I can.

 

Satchfan
 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 satchfan

satchfan

  • Malware Response Team
  • 2,664 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:20 AM

Posted 21 July 2016 - 06:37 AM

Nothing bad in those logs, just a bit of tidying up.

Your version of Java is out-of-date and need to be removed and updated.

Having the latest updates and removing old versions ensures there are no security vulnerabilities in your system.

Uninstall Java 8 Update 66

NEXT

Install the latest version of Java:

Java

NOTE – when you install Java, before clicking on Install, be sure to Uncheck “Install the Ask Toolbar and make Ask my default search provider”

Java.gif

Even though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.

More information can be found here.

===================================================

Run Farbar Recovery Scan Tool

Open notepad (Start >All Programs > Accessories > Notepad). Please copy the entire contents of the code box below and paste it into Notepad.

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-25] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-25] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1319180840-607967409-162622875-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -  No File
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-25] (Oracle Corporation)
S3 cpuz134; \??\C:\Users\user\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{00BB2764-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{6935DB93-21E8-4CCC-BEB9-9FE3C77A297A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{6BF52A52-394A-11D3-B153-00C04F79FAA6}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{78A51822-51F4-11D0-8F20-00805F2CD064}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{83B8BCA6-687C-11D0-A405-00AA0060275C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{C5621364-87CC-4731-8947-929CAE75323E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{cd3afa8f-b84f-48f0-9393-7edc34128127}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1000_Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{00BB2764-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{6935DB93-21E8-4CCC-BEB9-9FE3C77A297A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{6BF52A52-394A-11D3-B153-00C04F79FAA6}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{78A51822-51F4-11D0-8F20-00805F2CD064}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{83B8BCA6-687C-11D0-A405-00AA0060275C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{C5621364-87CC-4731-8947-929CAE75323E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{cd3afa8f-b84f-48f0-9393-7edc34128127}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1004_Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{00BB2764-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{6935DB93-21E8-4CCC-BEB9-9FE3C77A297A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{6BF52A52-394A-11D3-B153-00C04F79FAA6}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{78A51822-51F4-11D0-8F20-00805F2CD064}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{83B8BCA6-687C-11D0-A405-00AA0060275C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{C5621364-87CC-4731-8947-929CAE75323E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{cd3afa8f-b84f-48f0-9393-7edc34128127}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1319180840-607967409-162622875-1005_Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocServer32 -> no filepath
Task: {08561F45-AA00-4297-85C9-2D9554BE5713} - System32\Tasks\{54BCC3D2-5547-4802-BA87-7A69415C28C8} => pcalua.exe -a C:\Users\user\Downloads\JavaSetup8u66.exe -d C:\Users\user\Downloads
Task: {60F86FE1-C0D5-426C-AD29-B08E9A04A49E} - \{9F4C238F-A5CD-4D6E-ACA0-96FB925C690D} -> No File <==== ATTENTION
Task: {69B1E5BD-AB89-4947-BF13-9A3F4A866CC6} - \CreateChoiceProcessTask -> No File <==== ATTENTION
Task: {7E590FC1-D025-4312-A80D-A7077935E9C1} - \SidebarExecute -> No File <==== ATTENTION
Task: {B7A504DD-0902-4D97-AE65-E7F68494C297} - \User_Feed_Synchronization-{6905C3E1-D018-439D-86AF-C98A02A54AD2} -> No File <==== ATTENTION
Task: {C20DE020-D03B-4191-AF5C-D877023B86CB} - \ReimageUpdater -> No File <==== ATTENTION
EmptyTemp:

NOTE: this script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

Can you tell me if you have any other problems or question.

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#4 boneyeye

boneyeye
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 21 July 2016 - 02:44 PM

Attached File  Fixlog.txt   428bytes   2 downloadsSatchfan, thank you so much for your help. I am OAP and was quite worried as I pay all utillities with bank on this Compt/Desktop. I was never very good at copy/paste, never grasped it, but i used the drag\drop method Boneyeye



#5 satchfan

satchfan

  • Malware Response Team
  • 2,664 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:20 AM

Posted 21 July 2016 - 04:01 PM

That log was empty.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 boneyeye

boneyeye
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 21 July 2016 - 05:26 PM

Attached File  Fixlog.txt   428bytes   3 downloadsI am so sorry, my ducks are not in a row today



#7 satchfan

satchfan

  • Malware Response Team
  • 2,664 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:20 AM

Posted 21 July 2016 - 06:00 PM

You attached it fine but for some reason the log is empty.

 

Please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit “Scan”.

Logs to include with next post:

New Frst.txt
New Addition.txt


Thanks

Satchfan
 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 boneyeye

boneyeye
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 21 July 2016 - 06:30 PM

I have it but the writing looks to get lost in the transfer. It does say scan is complete and there is no files leftover it is blank after that. i did as advised and Hopefully the new logs are attached.Again thank you for your help.

Attached Files


Edited by boneyeye, 21 July 2016 - 06:36 PM.


#9 boneyeye

boneyeye
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 21 July 2016 - 06:51 PM

I have found it Ihad dumped it in Bin

Attached Files



#10 satchfan

satchfan

  • Malware Response Team
  • 2,664 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:20 AM

Posted 21 July 2016 - 06:59 PM

Your new log shows that the "fix" didn't happen.

 

You have also downloaded another version of FRST which is in your Downloads folder. In order for fixes to work, both FRST and the fixlog must be located in the same place.

 

Please delete the version of FRST you have here:

 

C:\Users\user\Downloads\FRST

 

Next, we'll try a different way of running the fix, (assuming that the original version of FRST is still on your desktop and fixlist.txt also).

  • double-click on FRST to run it and, once it starts up, click on Fix, (not Scan)
  • it should find the fixlist and work through it.

Please attach that new one.

 

BTW, I won't reply again tonight as it's nearly 1am here and I have laser eye treatment at the hospital early(-ish) tomorrow.

 

You may need a little patience but don't worry, your computer is fine and just needs tidied up.

 

Thanks

 

Satchfan

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 boneyeye

boneyeye
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 24 July 2016 - 01:22 AM

Satchfan I deleted the old version before downloading the new version but I can start all over again with the new version, if you like, it is no trouble. Now I hope your eye lasering was ok. I have had five laser treatments in 2yrs for 2cateracts and Gloucoma here in Southern Ireland so I know what you are talking about. I will not come back to this thread for at least 1wk. as you need to rest the eye. After that I will check back occasionally. So you can give me a bell at this thread when you are better. best of look and thanks again. Boneyeye   



#12 satchfan

satchfan

  • Malware Response Team
  • 2,664 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:20 AM

Posted 24 July 2016 - 04:23 AM

Hi boneyeye

 

Thanks for the consideration but my eye is fine, (just a bit of scar tissue to be removed after the cataract op).

 

As soon as you're ready, please post a new FRST log but please remember to place a tick next to Attach.txt also.

 

Thanks.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 boneyeye

boneyeye
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 24 July 2016 - 04:30 PM

Delighted allis well. Please find 2 files attachedI hope.

Attached Files



#14 boneyeye

boneyeye
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 24 July 2016 - 04:38 PM

And this one.Thank You

#15 boneyeye

boneyeye
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 24 July 2016 - 04:41 PM

The FRST>txt file is giving me trouble uploading




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users