Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Something on my laptop is eating 25gig a day of my data limit [Solved]

malware malware - virus trojan??????

  • This topic is locked This topic is locked

#76
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, I think your computer is clean at this point. However, there is one final check I'd like you do to do.

 

Security Check

Download Security Check from here or here.

  • Save it to your Desktop.
  • Right click and select Run as Administrator SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

Advertisements


#77
grancarol

grancarol

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

ok here is the text output from checkup

 

 Results of screen317's Security Check version 0.99.87 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 65 
 Java version out of Date!
 Adobe Flash Player 14.0.0.145 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (3.6.25) Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

 

 

I noticed that it said something about checking for anti-virus software. Somewhere along the line I uninstalled Norton we discussed installing defender or avast but I never did it. We also talked about a program called unchecky (I think). It looks like my computer is good as new but I think I could probably use some advice about protecting it now that it is healthy again. ;) 
 

 


  • 0

#78
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I noticed that it said something about checking for anti-virus software. Somewhere along the line I uninstalled Norton we discussed installing defender or avast but I never did it.

 

Yes, you definately need an a/v in place. Both do an excellent job, so you can't go wrong with either. Defender is free and there are free versions of Avanst, so it's your choice. BTW I use both (not on the same machine. One a/v per machine) and both work well.

 

 

We also talked about a program called unchecky (I think).

 

I have information on that which I will provide below.

 

It looks like my computer is good as new but I think I could probably use some advice about protecting it now that it is healthy again.

 

A couple of things first. You Adobe, Java and Firefox are out of date. Adobe and Java have huge vulnerabilities, so it's important to keep them up to date. Instructions to follow. Also, I am providing information for Crypto Prevent. Make sure you do this one! When you're done with the Adobe, Java and Firefox updates, re-run Security Check and post the log so I can be sure that the updates worked correctly.

 

Assuming everything below goes well, in the next post we'll remove all the tools we've used so far and I'll send you on your way :)

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

  • Download the latest version of the Java Runtime Environment (JRE) Version from Here and save it to your desktop.
  • On the Java SE Runtime Environment page, click the button to "Accept License Agreement".
  • Under the Java SE Runtime Environment 7u55 heading:
    To install the version for your system:
    • For Windows 32 bit systems, look for Windows x86 Offline 27.81MB, click the jre-7u55-windows-i586.exe file and save it to your desktop. Do Not run it from the Java site.
  • Close any programs you may have running - especially your web browser.

Uninstall all versions of Java

  • Click the Start Orb, then Control Panel. Under the Programs or Programs and Features section click Uninstall a program. The list of installed programs will populate.
  • Remove all older versions of Java. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE or J2SE
     
  • Right click each program and click Uninstall and follow the on screen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
    -- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

Install the latest JAVA

Back on your desktop:

  • Right click the jre-7u55-Windows-i586.exe file and click Run as Administrator and OK the UAC prompt to install the newest version.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version. It's on the Update tab in Java in the Control Panel.
[Note:] The Java Quick Starter (JQS.exe) adds a service to improve the initial start up time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > You will have to be in Classic View to see Java(It looks like a coffee cup). Double-click on Java click the Advanced Tab click Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

Update Adobe Reader

Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy.

  • Click the Start Orb and click Control Panel. Under the Programs heading click Uninstall a program
  • Remove ALL instances of Adobe Reader. The version(s) I see on the computer are:
    • Adobe Reader 9
  • Right click each program and cilck Uninstall
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, download the latest version of Adobe Reader from Here.
  • Remove the check mark next to Yes, install McAfee Security Scan Plus-optional box.
  • Click the Download Now button to download Adobe Reader and follow the directions.

Your Firefox is out of date.

Uninstall Firefox

  • Click the Start Orb and click Control Panel.
  • On the Control Panel, find the Programs section and click Uninstall a program. The list of installed programs will populate.
  • Right click the Mozilla Firefox program ans click uninstall.
  • Close the Control Panel and reboot the computer.

Download and Install Firefox

If you don't want to keep Firefox, skip this part. If you use Firefox and want the newest version,ccomplete the instructions below.

  • Click here to go to the Firefox page.
  • Click the Download button and save the Firefox Setup Stub 29.0.1.exe file to the desktop.
  • Close the browser.
  • Back on the desktop, right click the Firefox Setup Stub 29.0.1.exe file and click Run as Administrator to start the installation. OK any UAC prompts you get.
  • Follow the on screen instructions to install Firefox

 

CryptoPrevent install this programme to lock down and prevent crypto ransom-ware. (This is really important!)
 

 Update Other Programs

Alongside keeping Windows updated, other programs installed on your computer should also be kept current as they too can introduce security risks.

Filehippo Update Checker will scan your computer for out of date programs and provide download links for the updates. This is worth doing on a regular basis.

Recommended Programs

Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

 

Web Of Trust is a browser add-on designed to alert the user before interacting with a potentially malicious website. It will highlight green if a site is known to be safe.
 

Adblock is a firefox browser add-on that blocks annoying banners, pop-ups and video ads.

General Advice

  • When browsing the internet, look closely at the links you click on. Some aren't always what they seem
  • Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
  • Don't open email attachments unless you are expecting them. Even an email from your best friend can be infected, they might not have sent it.
  • Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.

You may also find some information and tips at this thread: How did I get infected in the first place?
and COMPUTER SECURITY - a short quide to staying safer online
 


  • 0

#79
grancarol

grancarol

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

I got most of the things you suggested downloaded and installed but I am having a little bit of a problem... I cannot get to several of the sights (I think it maybe the sights that are https sights) explorer would not pull google so I could find windows defender it would not go to the firefox link or the web of trust link. It pulls up another tab but that is it. it goes blank and the link disappears out of the address box at the top.

Thanks!


  • 0

#80
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

There's no download necessary for Defender. It's part of the Windows 7 Operating System. Here is a video detailing how to Start and Stop Defender.

 

I cannot get to several of the sights

I might be that the links are old and not functioning. It's really difficult to keep up with some of this stuff. Other than Defender, which sites are you not able to get to?


  • 0

#81
grancarol

grancarol

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

It would not pull up www.google.com or www.mywot.com or www.mozilla.org. When I clicked on the link a new browser tab would open and the link would appear briefly in the address line and then it would disapear and everything just remained blank. Normally there is an error message saying there is a problem with the link but in this case there was nothing no spinning icon indicating that it was thinking just a blank page with nothing in the address line. What I did notice was the links that I was able to get to (checky, Filehippo, Java and CryptoPrevent) were http:\\ links and all the ones that would not come up were https:\\ links. Maybe that is just coincidental.


  • 0

#82
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Honestly, that makes me nervous. It could mean the return of an infection or it could mean that one of the new programs is blocking access to those sites. Are you still running that one monitoring program that I had you download (not your meter that you've had all along)? If so, try uninstalling that and see what happens?

 

If that doesn't solve the issue; I assume you have FileHippo and Unchecky installed now. Try uninstalling Unchecky first and test. If no go, uninstall File Hippo and test.

 

That would put you back where you were when things worked fine, right? If it still doesn't work, then perform a FRST scan and post for me.

 

(BTW, yes, HTTPS is a good hint that that port is being blocked. We just have to figure out what is blocking it!)

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.


  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.


  • 0

#83
grancarol

grancarol

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

ok I uninstalled Unchecky and filehippo and I still cannot getto the https sites so I ran the Farbar Recovery Scan Tool and here are the results.

Attached Files


  • 0

#84
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Let's try this and see if it helps.

 

FRST.gif Fix with Farbar Recovery Scan Tool



icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    
    HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: *:\$Recycle.Binexe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: ** <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: *:\$Recycle.Binscr <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *:\$Recycle.Bincom <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
    
    HKLM Group Policy restriction on software: *:\$Recycle.Binpif <====== ATTENTION
    
    HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
    
    end
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!


  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

 


  • 0

#85
grancarol

grancarol

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

hey Sorry it took me so long. Thank you for hanging with me. Here is the log file.

THANKS!

Attached Files


  • 0

Advertisements


#86
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

hey Sorry it took me so long.

 

Not a problem :)

 

Thank you for hanging with me.

 

You are quite welcome :thumbsup:  And, thank you for sticking with me! :) We are on this quest together ;)

 

The burning question now is....can you get to HTTPS sites and everything else you want to get to?


  • 0

#87
grancarol

grancarol

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

:no: unfortunately no I still cant get to https sites.


  • 0

#88
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Are you having the https problem with ie, ff or both? If not both, could you check with both browsers. That would help me determine if the issue is browser based or machine based.
  • 0

#89
grancarol

grancarol

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

all I have on my computer now is explorer. I uninstalled firefox then I could not get to the website to download and reinstall...


  • 0

#90
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Since you're blocked from https sites, see if you can download this file.

 

  • Right-click on 51e15692b05a4-MiniToolbox.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • In the main window please checkmark the following checkboxes:
    •  
  • Flush DNS;
  • Report IE Proxy Settings;
  • Reset IE Proxy Settings;
  • Report FF Proxy Settings;
  • Reset FF Proxy Settings;
  • List content of Hosts;
  • List IP configuration;
  • List Winsock Entries;
  • List last 10 Event Viewer log;
  • List Installed Programs;
  • List Devices (Only problems);
  • List Users, Partitions and Memory size;
  • List Minidump Files.
  • Click Go and wait paiently.
  • Upon completion (a reboot may be needed) a file called Result.txt will be saved on your desktop.
 
Please include the content of that file in your next reply.

 


  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, malware - virus trojan??????

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP