Page 3 of 8 FirstFirst 1234567 ... LastLast
Results 21 to 30 of 80

Thread: Win32.Load Money and Yandex removal advice please

  1. #21
    Member
    Join Date
    Feb 2013
    Posts
    48

    Lightbulb Fixlist.txt log 6th installment

    2014-03-21 04:03 - 2014-03-21 04:03 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2014-03-21 04:03 - 2014-03-21 04:03 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2014-03-21 04:03 - 2014-03-21 04:03 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
    2014-03-21 04:03 - 2014-03-21 04:03 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
    2014-03-21 04:03 - 2014-03-21 04:03 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2014-03-21 04:03 - 2014-03-21 04:03 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
    2014-03-21 04:03 - 2014-03-21 04:03 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
    2014-03-21 04:03 - 2014-03-21 04:03 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
    2014-03-21 04:03 - 2014-03-21 04:03 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
    2014-03-21 04:03 - 2014-03-21 04:03 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
    2014-03-21 04:03 - 2014-03-21 04:03 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
    2014-03-21 04:03 - 2014-03-21 04:03 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
    2014-03-21 04:03 - 2014-03-21 04:03 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
    2014-03-21 04:03 - 2014-03-21 04:03 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
    2014-03-21 04:03 - 2014-03-21 04:03 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2014-03-21 04:03 - 2014-03-21 04:03 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2014-03-21 04:03 - 2014-03-21 04:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2014-03-21 04:03 - 2014-03-21 04:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2014-03-21 04:03 - 2014-03-21 04:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
    2014-03-21 04:03 - 2014-03-21 04:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2014-03-21 04:03 - 2014-03-21 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
    2014-03-21 04:03 - 2014-03-21 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2014-03-21 04:03 - 2014-03-21 04:03 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2014-03-21 04:02 - 2014-03-21 04:02 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
    2014-03-20 04:25 - 2009-07-14 10:49 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents
    2014-03-20 04:25 - 2009-07-14 07:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
    2014-03-20 04:25 - 2009-07-14 07:52 - 00000000 ____D () C:\Program Files\Windows Portable Devices
    2014-03-20 04:25 - 2009-07-14 07:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
    2014-03-20 04:25 - 2009-07-14 07:52 - 00000000 ____D () C:\Program Files\DVD Maker
    2014-03-20 04:25 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
    2014-03-20 04:25 - 2009-07-14 05:37 - 00000000 ____D () C:\Program Files\Common Files\System
    2014-03-20 04:07 - 2009-07-14 05:05 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
    2014-03-20 04:02 - 2014-03-20 04:02 - 00000000 ____D () C:\Windows\system32\SPReview
    2014-03-20 04:02 - 2014-03-20 04:02 - 00000000 ____D () C:\Windows\system32\EventProviders
    2014-03-20 04:02 - 2014-03-20 04:00 - 00000000 ____D () C:\Windows\system32\MRT
    2014-03-19 23:54 - 2014-03-19 23:54 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Media Player Classic
    2014-03-19 18:28 - 2014-03-15 14:08 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-03-19 16:29 - 2014-03-16 00:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-03-19 16:29 - 2014-03-16 00:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-03-19 16:18 - 2014-03-16 00:29 - 00002012 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2014-03-19 16:17 - 2014-03-19 16:17 - 00000000 ____D () C:\Program Files\McAfee Security Scan
    2014-03-16 11:35 - 2014-03-16 10:58 - 00000000 ____D () C:\ProgramData\AnySend
    2014-03-16 11:34 - 2014-03-16 10:58 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\AnySend
    2014-03-16 11:15 - 2014-03-16 10:56 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\sweet-page
    2014-03-16 11:04 - 2014-03-16 11:04 - 00000000 ____D () C:\Windows\system32\appmgmt
    2014-03-16 10:58 - 2014-03-16 10:31 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\DRPSu
    2014-03-16 10:54 - 2014-03-16 10:55 - 01492336 _____ (Drivers For Free) C:\Users\gokarna\Downloads\DFFDriverDownloadManager.exe
    2014-03-16 10:54 - 2014-03-16 10:54 - 00626056 _____ ( ) C:\Users\gokarna\Downloads\DriversForFreeSetup.exe
    2014-03-16 10:36 - 2014-03-16 10:35 - 00000000 ____D () C:\ProgramData\Guard.Mail.Ru
    2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Opera Software
    2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Opera
    2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
    2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Opera
    2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Chromium
    2014-03-16 10:31 - 2014-03-16 10:31 - 00000000 ____D () C:\Program Files\DIFX
    2014-03-16 10:31 - 2014-03-04 12:29 - 00017638 _____ () C:\Windows\DPINST.LOG
    2014-03-16 10:29 - 2014-03-16 10:27 - 06782358 _____ (Kuzyakov Artur) C:\Users\gokarna\Downloads\2694_LAN_Win7-64_Win7_7006_.exe
    2014-03-16 00:36 - 2014-03-16 00:36 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Macromedia
    2014-03-16 00:29 - 2014-03-16 00:29 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
    2014-03-16 00:29 - 2014-03-16 00:29 - 00000000 ____D () C:\ProgramData\McAfee
    2014-03-16 00:24 - 2014-03-16 00:24 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2014-03-16 00:24 - 2014-03-15 15:22 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-03-15 21:41 - 2014-03-15 20:40 - 00000000 ____D () C:\Users\gokarna\Documents\Sexy Stockings and Smoking Girls_files
    2014-03-15 21:25 - 2014-03-15 21:25 - 01069920 _____ (Solid State Networks) C:\Users\gokarna\Downloads\install_reader11_en_mssa_aaa_aih(1).exe
    2014-03-15 20:40 - 2014-03-15 20:40 - 00101217 _____ () C:\Users\gokarna\Documents\Sexy Stockings and Smoking Girls.htm
    2014-03-15 18:38 - 2014-03-08 11:09 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Microsoft Games
    2014-03-15 15:38 - 2014-03-15 15:38 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
    2014-03-15 15:27 - 2009-07-14 05:04 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140328-215512.backup
    2014-03-15 15:23 - 2014-03-15 15:23 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Apple Computer
    2014-03-15 15:22 - 2014-03-15 15:22 - 00000000 ____D () C:\ProgramData\Apple Computer
    2014-03-15 15:22 - 2014-03-15 15:22 - 00000000 ____D () C:\Program Files\iTunes
    2014-03-15 15:22 - 2014-03-15 15:22 - 00000000 ____D () C:\Program Files\iPod
    2014-03-15 15:22 - 2014-03-15 15:02 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-03-15 15:02 - 2014-03-15 15:02 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Apple
    2014-03-15 15:02 - 2014-03-15 15:02 - 00000000 ____D () C:\ProgramData\Apple
    2014-03-15 15:02 - 2014-03-15 15:02 - 00000000 ____D () C:\Program Files\Bonjour
    2014-03-15 15:02 - 2014-03-15 15:02 - 00000000 ____D () C:\Program Files\Apple Software Update
    2014-03-15 14:39 - 2014-03-15 14:34 - 137699152 _____ (Apple Inc.) C:\Users\gokarna\Downloads\iTunesSetup.exe
    2014-03-15 14:33 - 2014-03-15 14:33 - 00559280 _____ (Safer-Networking Ltd. ) C:\Users\gokarna\Downloads\spybot2-license(1).exe
    2014-03-15 14:33 - 2014-03-15 14:06 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
    2014-03-15 14:08 - 2014-03-15 14:08 - 00002123 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2014-03-15 14:04 - 2014-03-15 14:04 - 00559280 _____ (Safer-Networking Ltd. ) C:\Users\gokarna\Downloads\spybot2-license.exe
    2014-03-15 12:33 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\NDF
    2014-03-15 10:37 - 2014-03-04 12:19 - 00109280 _____ () C:\Users\gokarna\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-03-15 08:33 - 2014-03-15 08:31 - 00003885 _____ () C:\Windows\IE9_main.log
    2014-03-13 09:00 - 2014-03-04 12:55 - 00000000 ____D () C:\Program Files\Beetel Connection Manager

    Some content of TEMP:
    ====================
    C:\Users\gokarna\AppData\Local\Temp\ose00000.exe
    C:\Users\gokarna\AppData\Local\Temp\Quarantine.exe
    C:\Users\gokarna\AppData\Local\Temp\_is76F.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\system32\winlogon.exe => MD5 is legit
    C:\Windows\system32\wininit.exe => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\services.exe => MD5 is legit
    C:\Windows\system32\User32.dll => MD5 is legit
    C:\Windows\system32\userinit.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit
    C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-04-09 08:51

    ==================== End Of Log ============================

    Hoping this reveals my Winload Money and Yandex problems

    Now moving on to safe mode JRT operation

  2. #22
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    After you run JRT, let me know by posting. I will have a fixlog for you to run after that.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #23
    Member
    Join Date
    Feb 2013
    Posts
    48

    Default JRT.txt

    Hello again Juliet,

    I followed the instruction for bringing up 'safe mode' went into it and downloaded the JRT program again. It seems to present no difference to the first time which You thought corrupted. Although you told me to expect it to be automatically saved on the desktop and I directed it so, nevertheless it did not and I had to make my own copy which I c and p here :

    ================================================================
    [ ]
    [ Junkware Removal Tool (JRT) by Thisisu ]
    [ Version 6.1.4 (04.06.2014:1) ]
    [ Information about this tool can be found at ]
    [ www.thisisudax.org ]
    [ ]
    [ ]
    [ Please save any work in your browsers before proceeding. ]
    [ Your desktop may temporarily disappear during this scan. ]
    [ A Windows Explorer window may also open. ]
    [ These actions are normal. Don't panic. ]
    [ ]
    [ ** DISCLAIMER ** ]
    [ ]
    [ This software is provided "as is" without ]
    [ warranty of any kind. You may use this software ]
    [ at your own risk. ]
    [ ]
    [ Click the [X] in the top-right corner of this window ]
    [ if you wish to exit. Otherwise, ]
    ================================================================

    Press any key to continue . . .

    Creating a registry backup
    Checking Startup
    Checking Modules

    A bad module has been detected!
    A reboot is required to remove modules.

    Press 'y' to reboot now
    Press 'n' to reboot later
    Reboot now? [y,n]

    I decided to do the reboot as when I asked you did not say not to. I hope I did right, also, that the result is that I will soon be out of this technical jungle.

    Yesterday I heard for the first time about the pernicious and prevalent malware 'Heartbleed' it sounds very ominous, could you advise me on how best to protect against it ?

    Thanking you very much as always, Wendy

    Wendy

  4. #24
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Yesterday I heard for the first time about the pernicious and prevalent malware 'Heartbleed' it sounds very ominous, could you advise me on how best to protect against it ?
    This enters through exploits and unpatched systems.

    Have you had an alert this is on your machine?
    http://support.emsisoft.com/topic/14...tbleed-threat/
    Heartbleed Threat


    Please delete the version of Farbar Recovery Scan Tool you have now the tool has been updated since you downloaded this one.
    Save it to your desktop.

    Please download Farbar Recovery Scan Tool

    (use correct version for your system.....Which system am I using?)

    Once you have the new one on desktop please download the file I will have attached to your desktop.(hope it works, if not I'll try again)

    Slide the file Fixlog next to the Farbar Recovery Scan Tool Icon.

    Run/Open FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Please post the logs when done and give me an update on how the computer is at the moment.
    Last edited by Juliet; 2014-04-13 at 23:24. Reason: added info #2
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #25
    Member
    Join Date
    Feb 2013
    Posts
    48

    Default Fixlog and FRST next to each other on desktop but .......

    Hi Juliet,

    I have deleted the old version of FRST and it is next to the fixlog on the desktop BUT when I open FRST and click fix it comes back with the message that the Fixlog and FRST need to be located in the same folder/place ??? Its a Huh ? moment - not what you expected to happen. So of course no log has been generated.

    So hoping you can get back to me soon although it is now the middle of the night in the USA where you are - I live in Turkey.

    Best regards, Wendy

  6. #26
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Did you delete the old version and download the updated?, plus save it to desktop?
    Can you see the Farbar Recovery Scan Tool Icon.....slide the fixlog you downloaded I saved in my earlier post next to it?, then open Farbar Recovery Scan Tool and click on fix?
    Last edited by Juliet; 2014-04-16 at 23:09.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #27
    Member
    Join Date
    Feb 2013
    Posts
    48

    Thumbs down Yes I did but.....

    .......didn't phrase my sentence properly so you could understand that, sorry about that. Yes I did delete the old copy of FRST and download it next to the Fixlog to the desktop and then run it. and the reult was as I said above the program complained that they were not in the same place as each other .

    Its getting to be quite a while (April 1st) since I first consulted this forum and have still got that high level infection Win32.Load Money although that annoying Yandex has gone. It has been that after running my Spybot purchase over my system that Win.32 would be detected and then once 'fixed' would disappear for a wee while however, this evening I ran the scan and t didn't 'fix' it until the second attempt.

    Btw I followed up the Heartbleed thing and acted as suggested by the Mashable site.

    Hoping you can soon get me disinfected, Wendy

  8. #28
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Hoping you can soon get me disinfected
    I've honestly been trying to

    Next, Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
    If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

    Internet Explorer
    How to reset Internet Explorer settings
    http://support.microsoft.com/kb/923737

    Firefox
    Click on Help / Troubleshooting Information then click on the Reset Firefox button.

    Chrome
    Chrome - Reset browser settings
    https://support.google.com/chrome/answer/3296214?hl=en
    ~~~~~~~~~~~~~~~~~~~

    Download OTM by OldTimer Here & save it to your desktop.
    * Save it to your desktop.
    * Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    * Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    Code:
    :Files
    C:\Users\gokarna\AppData\Roaming\sweet-page
    C:\Users\gokarna\AppData\Local\Temp\ose00000.exe
    C:\Users\gokarna\AppData\Local\Temp\Quarantine.exe
    C:\Users\gokarna\AppData\Local\Temp\_is76F.exe
    C:\Users\gokarna\AppData\Roaming\Yandex
    C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\Extensions\vb@yandex.ru 
    C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\searchplugins\yqs-barff-yandex.xml
    C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\Extensions\vb@yandex.ru
    :Commands
    [emptytemp]
    [Reboot]


    * Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    * Click the red Moveit! button.
    * Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    * Close OTM and reboot your PC.


    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


    ~~~~~~~~~~~~~~~~~~~

    • Please download RogueKillerX64.exe and save to the desktop.
    • Close all windows and browsers
    • Right-click the program and select 'Run as Administrator'
    • Press the scan button.
    • A report opens on the desktop named - RKreport.txt
    • Please copy and past the results at pastebin.com and post the link to the log in your next reply.


    ~~~~~~~~~~~~~~~~~~~~

    If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
    Emergency Backup Procedure - Tech Support Forum

    Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

    How to use ComboFix

    Download ComboFix from here:
    Link 1
    Link 2
    Link 3

    Place ComboFix.exe on your Desktop <--Important
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
      * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.



      You can get help on disabling your protection programs here
    • Double click on ComboFix.exe & follow the prompts.
    • You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
    • Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
    • When finished, it shall produce a log for you. Post that log in your next reply

      Note:
      Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


      Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

      ---------------------------------------------------------------------------------------------
    • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

      Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
      Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
      ---------------------------------------------------------------------------------------------
    • If there are Internet issues after running ComboFix:
      Internet Explorer:
      Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
      Firefox:
      Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
      Chrome:
      Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
      Safari
      Launch Safari
      Go to general settings menu
      Then in Preferences/ Advanced
      Then on line click Proxies change settings ...
      Click Internet Options, then click the Connections tab, click Network Settings.
      Disable option (uncheck) for the use of proxy server ...



    Please post:
    OTM log
    RKreport.txt
    ComboFix.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #29
    Member
    Join Date
    Feb 2013
    Posts
    48

    Question Reset all browsers but....

    Hi Juliet,

    I do appreciate you are doing your best and that it is proving tricky.

    I have an hit an unexpected problem following your instructions :

    I reset all the browsers and then read through your instructions and then carried them out as far as downloading OTM, running it and copying and pasting into its window in the indicated places when suddenly,any warning everything except it disappeared and I couldn't go back to see what the next move was !

    So I shut down and rebooted the computer and re-opened this site. I then read ahead. As you go on to point out, I need to print out or copy your instructions in a notepad doc and place them on a external memory drive so as not to lose access to them if the computer has to go offline BUT I can't, I am unable to use the save function !! I planned to copy the notepad doc to my ex drive to refer to as I haven't got a printer.

    I will take a break now before I copy them out by hand and await your comments.

    Kind regards, Wendy

  10. #30
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Download Windows Repair (all in one) from http://www.bleepingcomputer.com/down...-one-portable/

    Install the program then run



    Go to step 3 and allow it to run SFC



    On the start repairs tab click start


    Select the following items and tick restart system when finished

    Reset Registry Permissions
    Reset File Permissions
    Register System Files
    Repair WMI
    Repair Windows Firewall
    Repair Internet Explorer
    Repair Hosts File
    Remove Policies Set By Infections
    Repair Missing Start menu Icons
    Repair Icons
    Repair Winsock & DNS Cache
    Remove Temp Files
    Repair Proxy Settings
    Unhide Non System Files
    Repair Windows Updates
    Set windows Services To Default
    Repair MSI (windows Installer)
    Repair File Associations
    Repair windows Safe mode

    After that come back and tell me if that has made a difference.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •