Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About metaed

  • Rank

Profile Information

  • Gender
    Not Telling
  • Location
  1. Thank you for all your help. I am returning the PC to the user in much better condition than it was when I came to you for help.
  2. Results: Scan_160811-165749.txt I am seeing one issue possibly related to the infection. According to the Security and Maintenance control panel, Windows Defender is configured as real-time virus protection and is turned off. I cannot turn it on, and cannot run Windows Defender: "This app is turned off by group policy." From my reading, I can turn it on at registry key "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" by deleting the value named "DisableAntiSpyware". Do you agree this is the correct action to take? I agree perfectly with your advice to the user.
  3. Results: Fixlog.txt FRST.txt Addition.txt As for how it is working: The popups are gone. I have done some simple things, such as open a browser. If you feel the PC is ready, I will return it to the user and wait to see if she finds anything unusual. I have some final steps to take, bearing in mind the PC was infected by a child who learned his mother's password: - check virus protection, firewall, and automatic update settings - move administrator level access to a separate user profile - put new strong passwords on all user profiles - add screen saver with password protect
  4. I created fixlist.txt, ran a Fix on the infected PC, and rebooted. Fixlog.txt (Just FYI, the reboot triggered Windows Update, because the messages "Getting Windows ready" and "Working on updates" came up and the system rebooted twice. So there have been some Windows fixes just installed.) After the update I re-ran RST64 with the "addition.txt" option checked. FRST.txt Addition.txt
  5. The link that I am trying to download from has title attribute "Download attachment" and href attribute "http://support.emsisoft.com/index.php?app=core&module=attach&section=attach&attach_id=54917". Apparently the attachment is private, because I cannot click to download, nor can I right-click and "save as" to download. Both give me a message that I am not permitted to access the attachment. Here are screenshots showing the link I am using, the left-click results, and the right-click results.
  6. The problem is occurring on a clean computer. Right click and "save as" offers to save the file index.php. The browser reports "Failed - Forbidden".
  7. Getting a message from this website "You do not have permission to view this attachment" when I try to download and save fixlist.txt. How do I recover?
  8. Thank you for your kind welcome. Same as before, FRST posted errors and failed to update. Then it allowed me to perform the search you requested. Search.txt is enclosed.
  9. This Windows 10 Home PC was brought to me because of popup ads. Prior to being directed to the forum, I ran MBAM and quarantined about 1,100 objects, and ran EEK and quarantined 56 objects. These runs were in Safe Mode because the PC would not install software when booted normally. EEK reported "The following objects were not removed for your own safety: C:\WINDOWS\SYSTEM32\DNSAPI.dll C:\WINDOWS\SysWOW64\dnsapi.dll" At this point I stopped, found the forum, and followed the directions in START HERE. 1. Booted in Normal mode. 2. Ran EEK from C:\EEK, Update, Malware Scan, scan on
  • Create New...