Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help w/FRST logs...NEWBIE [Closed]

farbar frst virus malware windows 7 64-bit

  • This topic is locked This topic is locked

#1
stephspomer

stephspomer

    New Member

  • Member
  • Pip
  • 3 posts

Hello,

I have tried, REPEATEDLY, to learn how to use, read, interpret the logs created by FARBAR's FRST Recovery Tool. I give. I have a degree in Computer Science and have been a developer for over 20 years and honestly... I just cannot figure this out.

So, after YEARS of limping it alone, I am asking for help... I don't even know HOW to correctly upload the logs, if there is "sensitive" or "personal" information that I should first redact or if I should just upload "as is".

 

All i do know, or very much suspect, is that I have been hacked or have one (or two, three or four) heck of an infection(s)!

Any help would be oh-so-very-much-gratefully-appreciated.

 

Thank you

An Embarrassed Dev;_


  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Hi, Stephspomer.
 
Welcome to GTG Forums! EPFGbk7.gif
 
No one must feel embarrassed when asking for help. In a way, we are all learners here, learning from our mistakes, learning from others, learning from what we are dealing with. 
 
So...
 
If you need help, then you have to follow these steps, for a start:

Download Farbar Recovery Scan Tool and save it to your desktop. --> Important

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)


  • 0

#3
stephspomer

stephspomer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Hello Grecian Geek! Thank you Thank you Thank you for the amazingly swift response! I am uploading my log files as you've outlined.... let me know if i did it right:)

Attached Files


  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Yes! 
 
You did it perfectly!  :thumbsup: 
 
Have in mind, however, that since it is already late here, I will be back with a reply tomorrow afternoon my time.
 
Here are some ground rules you have to consider during the cleaning process:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


  • 0

#5
stephspomer

stephspomer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Understood, Grecian Geek:)

Thank you again!

And I will do my best to follow your instructions to the LETTER;)

Have a great evening.

TTYT:)


Edited by stephspomer, 28 September 2021 - 12:29 PM.

  • 0

#6
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Hello, Stephspomer.
 
Can you please tell me why do you think the computer is infected? Please describe to me the symptoms in detail, if it is possible. 
 
=====================================================
 
Here are my first comments/instructions regarding your logs:
 
 
1. You ran FRST in Safe mode
 
Any reason running the FRST tool in Safe mode? If no reason, then please sign in with Normal mode and continue from there. 
 
 
2. Policies restrictions

 
Do you recognize these restrictions on specific policies?
 
HKU\S-1-5-21-2051312817-2871648933-3297728195-1010\...\Policies\system: [ConnectHomeDirToRoot] 0
HKU\S-1-5-21-2051312817-2871648933-3297728195-1010\Software\Policies\...\system: [disablecmd] 0
HKU\S-1-5-21-2051312817-2871648933-3297728195-1010\Software\Policies\...\system: [DenyRsopToInteractiveUser] 0
 
 
3. Uninstall Adobe Flash Player

Adobe Flash Player is no longer supported and keeping it installed is a security risk. You have these versions of the product installed:
 
Adobe Flash Player 30 ActiveX 
Adobe Flash Player 30 NPAPI 
Adobe Flash Player 32 PPAPI 

Please go on to uninstall them all.
 
 
4. Antivirus program / malware removal tools
 
You have no antivirus program and the Windows Defender, functioning as anti-spyware in Windows 7 is out of date. Instead, you have several executable files leading to malware removal tools. Have in mind that many of these tools are no more used, while others have to be updated in order to run effectively. I would add the lines in regard to these tools in the fix for removal, but I thought to ask you first, in case you need them for educational purposes. If this is not the case then please remove everything:

(Trend Micro Inc.) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\HijackThis.exe
(Farbar) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\FarSvSca.exe
(Don HO don.h@free.fr) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\npp.8.1.4.Installer.x64.exe
20(Swearware) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\ComboFix.exe
(VIPRE Security) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\vipre-advanced-security-trial.exe
(Adlice Software ) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\RogueKiller_setup.exe
(SUPERAntiSpyware) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\SUPERAntiSpyware.exe
(SurfRight B.V.) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\HitmanPro_x64.exe
(Malwarebytes) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\AdwCleaner.exe
(Bleeping Computer, LLC) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\rkill-unsigned.exe
(Zemana Ltd. ) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\AntiMalware_Setup-z3m.exe
(Malwarebytes ) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\mb3-setup-1878.1878-3.8.3.2965.exe

Regarding the antivirus, we will come to that again, when we finish cleaning.
 
 
 5. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL -> No File
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL -> No File
AlternateDataStreams: C:\ProgramData:Easy$Duplicate$Finder [140]
AlternateDataStreams: C:\Users\All Users:Easy$Duplicate$Finder [140]
AlternateDataStreams: C:\ProgramData\Application Data:Easy$Duplicate$Finder [140]
SearchScopes: HKU\S-1-5-21-2051312817-2871648933-3297728195-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
MSCONFIG\Services: McAfee WebAdvisor => 2
MSCONFIG\startupreg: McAfeeSafeConnect => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
C:\Program Files (x86)\McAfee Safe Connect
FirewallRules: [{64F9B558-C70A-48F3-93EE-8FE949184956}] => (Allow) C:\Program Files (x86)\Steam\steam.exe => No File
FirewallRules: [{23A6D05F-5C73-4DC3-B3D3-B08A480CB162}] => (Allow) C:\Program Files (x86)\Steam\steam.exe => No File
FirewallRules: [{70359B4F-2032-4D7C-8B16-A14C8773A792}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{468348CE-C606-4EC9-995E-FA7A877434B2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{DC7E3650-CD04-4AC1-BC63-B8B5583E37FF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{B7609DA6-24CD-4616-B2E4-600BF7A7EA3F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{D3D808CD-06BC-4112-8948-0CF19CDFDDEE}C:\users\stephs hp elite.stephsgrayhp\desktop\game\ostriv.v0.3.0.3\ostriv.v0.3.0.3\ostriv\x64\ostriv.exe] => (Allow) C:\users\stephs hp elite.stephsgrayhp\desktop\game\ostriv.v0.3.0.3\ostriv.v0.3.0.3\ostriv\x64\ostriv.exe => No File
FirewallRules: [UDP Query User{25EB54C5-CC61-4630-9118-2BA8F8174C33}C:\users\stephs hp elite.stephsgrayhp\desktop\game\ostriv.v0.3.0.3\ostriv.v0.3.0.3\ostriv\x64\ostriv.exe] => (Allow) C:\users\stephs hp elite.stephsgrayhp\desktop\game\ostriv.v0.3.0.3\ostriv.v0.3.0.3\ostriv\x64\ostriv.exe => No File
FirewallRules: [TCP Query User{6921AE2F-8751-4653-825D-36E63A6C3D08}C:\users\stephs hp elite.stephsgrayhp\desktop\game\ostriv.v0.3.0.3\ostriv.v0.3.0.3\ostriv\x32\ostriv.exe] => (Allow) C:\users\stephs hp elite.stephsgrayhp\desktop\game\ostriv.v0.3.0.3\ostriv.v0.3.0.3\ostriv\x32\ostriv.exe => No File
FirewallRules: [UDP Query User{7D8A8B1D-8336-4E1C-AFEB-DB9000ACA532}C:\users\stephs hp elite.stephsgrayhp\desktop\game\ostriv.v0.3.0.3\ostriv.v0.3.0.3\ostriv\x32\ostriv.exe] => (Allow) C:\users\stephs hp elite.stephsgrayhp\desktop\game\ostriv.v0.3.0.3\ostriv.v0.3.0.3\ostriv\x32\ostriv.exe => No File
FirewallRules: [{BF126AA4-93E0-4BB4-A936-B260BB90E6EC}] => (Block) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [{C5AC69DF-3F96-48DE-85B9-6A584B6CB94B}] => (Allow) C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Temp\7zS36A0\HP.EasyStart.exe => No File
FirewallRules: [TCP Query User{1AAC7C71-79DD-4726-9530-320684FEE86A}C:\users\stephs hp elite.stephsgrayhp\appdata\local\temp\7zs7117\enterprisedu.exe] => (Allow) C:\users\stephs hp elite.stephsgrayhp\appdata\local\temp\7zs7117\enterprisedu.exe => No File
FirewallRules: [UDP Query User{FFAAA1C8-2884-441F-855D-8600A71243B3}C:\users\stephs hp elite.stephsgrayhp\appdata\local\temp\7zs7117\enterprisedu.exe] => (Allow) C:\users\stephs hp elite.stephsgrayhp\appdata\local\temp\7zs7117\enterprisedu.exe => No File
FirewallRules: [{FB517CEA-5F96-41EF-952C-705527C7A60A}] => (Block) C:\users\stephs hp elite.stephsgrayhp\appdata\local\temp\7zs7117\enterprisedu.exe => No File
FirewallRules: [{E85068A4-D7D7-4672-BA3C-B395E2C17478}] => (Block) C:\users\stephs hp elite.stephsgrayhp\appdata\local\temp\7zs7117\enterprisedu.exe => No File
FirewallRules: [{13D5F55F-244C-48BE-80D6-6FA500151FA5}] => (Allow) C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{904DD7B1-73E5-4503-9231-7AA9B1209AF7}] => (Allow) C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Roaming\Zoom\bin\airhost.exe => No File
HKU\S-1-5-21-2051312817-2871648933-3297728195-1001\...\Run: [Windscribe] => "C:\Program Files (x86)\Windscribe\Windscribe.exe" -os_restart
C:\Program Files (x86)\Windscribe
HKU\S-1-5-21-2051312817-2871648933-3297728195-1001\...\MountPoints2: {33586c8d-3a48-11e9-84a2-2c59e5b9da1b} - E:\windows\AutoRun.exe
HKU\S-1-5-21-2051312817-2871648933-3297728195-1001\...\MountPoints2: {5cb923ce-1e1e-11e9-9842-2c59e5b9da1b} - E:\windows\AutoRun.exe
HKU\S-1-5-21-2051312817-2871648933-3297728195-1001\...\MountPoints2: {5cb92416-1e1e-11e9-9842-2c59e5b9da1b} - E:\windows\AutoRun.exe
HKU\S-1-5-21-2051312817-2871648933-3297728195-1001\...\MountPoints2: {7cd1f3c1-59dd-11ea-b0d5-2c59e5b9da1b} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2051312817-2871648933-3297728195-1001\...\MountPoints2: {7cd1f3cf-59dd-11ea-b0d5-2c59e5b9da1b} - E:\HTC_Sync_Manager_PC.exe
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D00AE86-E9F9-43A0-82A4-79EBA59183E2}] -> "C:\Program Files (x86)\Avira\Scout\Application\58.0.3029.2783\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
C:\Program Files (x86)\Avira
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\Stephs HP Elite\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\Stephs HP Elite.STEPHSGRAYHP\NTUSER.pol: Restriction <==== ATTENTION
Task: {1286D389-4890-4EDB-8115-DD3A4B18256C} - \{6C07F1FA-041D-4677-9E0E-A34AEB08A60F} -> No File <==== ATTENTION
Task: {13E72FE4-DFF2-4CDA-ABB7-959617E9A0AD} - \{DE32699B-5F53-4647-BC20-D23DA1AA995E} -> No File <==== ATTENTION
Task: {218A7FCE-B4FF-4F2C-8554-8B89773642CE} - \{3183EA9F-B79F-4348-83A8-C83F79F566F0} -> No File <==== ATTENTION
Task: {27C66E95-3C31-4F24-84EB-2F86CA876538} - \{AEC12F12-7F2F-4312-AA51-B771656A0011} -> No File <==== ATTENTION
Task: {2FD3EF11-397D-44E4-9E81-D6DABDC8267D} - \{4A46DB2C-1BF0-4E42-A3B6-4DD59A66B8D8} -> No File <==== ATTENTION
Task: {3A059635-30A9-4F83-80D7-0DC80C89912F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {496197B3-7355-4A5E-A25F-62284A003E0C} - \{19B904CD-55C2-43AB-A0AF-A143A5EC39D9} -> No File <==== ATTENTION
Task: {8023BB4E-DEBF-45F4-BB9B-F141F73BDD32} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks -> No File <==== ATTENTION
Task: {898A47E3-0320-45CA-81E5-BB4A3284F805} - \{D5143D3E-57D0-437D-A153-934233133CB6} -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe <==== ATTENTION
Task: {B6C80976-BA3B-4572-950A-263783BC89B8} - \Games\UpdateCheck_S-1-5-21-2051312817-2871648933-3297728195-1001 -> No File <==== ATTENTION
Task: {C8E2143C-EFC4-4EDB-8C3C-314B04725042} - \{06830E4B-CEB4-4B53-A258-9E4AB44B9287} -> No File <==== ATTENTION
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask -> No File <==== ATTENTION
Task: {D7904B9D-AD56-4A18-A371-B4170AC856F7} - \{ECB6370C-17B3-45F3-B9E6-ECDDE736A4B3} -> No File <==== ATTENTION
Task: {DC8784C2-B5E8-49A2-AD98-F315C3FF25C8} - \{7DC38035-F04B-4A85-831B-8AEB2C7D92AF} -> No File <==== ATTENTION
Task: {E207A07D-88CA-41DD-A23B-456BAA88103F} - \{53E90FAB-5F85-4EFB-8553-69293AAAA6DB} -> No File <==== ATTENTION
Task: {E2CBE2F0-4114-4CDB-822F-CA7199D72C0A} - \{84EF4C11-F574-486D-8055-46EC9B5E58CE} -> No File <==== ATTENTION
Task: {EEBDA907-EE80-488D-BD76-5602FAFF13F0} - \Microsoft\Windows\Media Center\StartRecording -> No File <==== ATTENTION
Task: {F1AF1AF3-B7E0-4CF0-84C8-454BC656F16B} - \{903A76E8-FF34-441C-9CBC-8509B1F048EE} -> No File <==== ATTENTION
Task: {FF409BC3-5D1D-499D-9D98-EA7E679E9EA3} - \{5D420FA5-C70D-4BD3-8594-1164BA08204A} -> No File <==== ATTENTION
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-08-14] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
S4 AGMService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe" [X]
S4 AGSService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]
S4 AviraOptimizerHost; "C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe" [X]
U3 aswbdisk; no ImagePath
U1 avgbdisk; no ImagePath
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 esihdrv; \??\C:\Users\STEPHS~1.STE\AppData\Local\Temp\esihdrv.sys [X] <==== ATTENTION
S3 MFE_RR; \??\C:\Users\STEPHS~1.STE\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION
S2 NDivert; system32\DRIVERS\NDivert.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
S3 TsUsbGD; \SystemRoot\system32\drivers\TsUsbGD.sys [X]
U0 vlflt; no ImagePath
2017-04-25 19:23 - 2017-04-25 19:23 - 005478400 _____ () C:\Program Files (x86)\GUT58B7.tmp
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
EmptyTemp: 
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

  • 0

#7
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Hello.

 

Do we have any progress here?


  • 0

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Hi.

 

Asking for help, providing your logs for analysis and then go away, is not just a simple thing. Plus, it's not kind at all. People spend a remarkable amount of time to analyse the logs and, as you know, time is valuable for all of us.
 
So.. due to lack of feedback, this topic has been closed.
 
If you need this topic reopened, please contact a staff member, or send me a personal message (hoover with the mouse on my profile name and choose Send message).

  • 0






Similar Topics


Also tagged with one or more of these keywords: farbar, frst, virus, malware, windows 7, 64-bit

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP