Jump to content

Gadzoox

Member
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Cool! I'm removing 'PC-Doctor' & taking my chances from there. By the way, found by running linux Mint, could still use Thunderbird for email, bypassing windows. I might switch over. Thanx for all!
  2. Thx for responding Kevin ! Haha, should see how many windows I had open. I ran AdwCleaner, no blood ...see file. I ran JRT, not except... repaired some reg values, &... ~~~ Folders Successfully deleted: [Folder] C:\ProgramData\pcdr OK, I see others reporting pcdr as a problem, e.g. http://en.community.dell.com/support-forums/software-os/f/3524/t/19362805 (reports getting from a mal webpage) http://www.bleepingcomputer.com/forums/t/533167/pcdr-folder-with-virus-keeps-coming-back/ So far, my C:\ProgramData\pcdr not returned. Otherwise no prob's, I never install toolbars etc., & at least try being careful, ha. So I dunno, thanx indeed, any next steps ? Cheers Gadz PS: Hold the phone, just saw this in my prog-files: C:\Program Files\PC-Doctor\ ... (pcdr.ini, etc.) >> seems Lenovo used to include this, then switched. Blame it on them. I can use Revo uninstaller, unless you have a better suggest ? ~ Gadz AdwCleanerS0.txt JRT.txt
  3. Hi Emisoft, esp. Kevin Zoll, I'm a PC user with a potential malware Q, which shares a loopback address mentioned in one of your malware-fixes online, this past week. http://support.emsisoft.com/topic/17265-high-ram-usage/ Could I briefly ask about best steps / tactics? >> My story: Windows 7, Lenovo Thinkpad. I was recently running Lenovo update, which said "unable to connect to the proxy server". Looking at my Internet settings (IE), >> LAN settings, under 'Automatic Configuration': + Automatically detect settings. (was Checked, as usual for Earthlink / Time-Warner). + 'Use automatic configuration' script, was checked, with this localhost loopback: http://127.0.0.1:8445/okf.pac >> I just saw, you advised a fix for removing this same address, on your post cited above. So yesterday, I removed this loopback, unchecked 'Use automatic configuration', & closed Internet settings. When I reopened IE settings, 'automatic config. script' was still unchecked, but the loopback address was still there, greyed out. I searched my registry for this address, found the loopback in three entries at these keys: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc\Parameters\Internet\ManualProxies HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NlaSvc\Parameters\Internet\ManualProxies HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies I backed up registry & deleted all 3. However, that loopback remains in my IE settings, albeit greyed-out, as long as 'automatic config. script' is unchecked. >> So far as I know, it loops back to a proxy port on my LAN server. I almost never use IE, prefer Firefox, so no idea how long its been this way. I infrequently use, & still have installed two VPN's: OkayFreedom & Cyberghost. These VPN seem fairly mainstream, & I found no complaints they do this kinda thing. So I feared malware. As per yr recommends, I ran these anti-malwares, tho nothing came up, except some IE 'ProxyEnable' Registry items (I can likely change those): 1) CCleaner, (excluding windows logs). 2) M$ Malicious software removal, reports nothing. 3) Malwarebytes' Anti-Malware, reports nothing... see log, (AMWB.txt). 4) OTL, see logs (2). 5) Emisoft EEK, smart-scan, see log (a2scan_150515-143323.txt) 6) FRST64, see logs (2). I attach six (6) logs here. Finally, I had purchased this laptop last fall from a (reputable) refurbisher, who said he reconstituted Windows from the 'Lenovo Recovery' partition. Well, maybe this is a standard in Lenovo's special sauce. Can I briefly ask 4 you suggestion ? ~ Regards, Gadzoox AMWB.txt OTL.Txt Extras.Txt a2scan_150515-143323.txt FRST.txt Addition.txt
×
×
  • Create New...