Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Removal of virus has blocked internet. PLEASE PLEASE HELP

23 Jun 2015   #91
ChronicX

Windows 7 Home Premium 64
 
 

Here is the latest SysLook report.




Attached Files
File Type: txt SystemLook.txt (2.7 KB, 6 views)
My System SpecsSystem Spec
.
23 Jun 2015   #92
cottonball

Windows 7 Home Premium
 
 

Let's give this a whirl...

Please open Notepad and paste the following text to it:

Code:
[HKEY_LOCAL_MACHINE\SOFTWARE\Dyn\Installed]
"PureLeads"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\PureLeads]
In Notepad, click File > Save as...
Save the file to the Desktop
File name: PLfix2.reg
Make sure the Save as Type field says: All Files
Next, please go to the Desktop and double-click on PLfix2.reg
Click Yes to merge it in the Registry.

Now, please go back to Control Panel > Folder Options
Select: Show hidden files, folders, and drives
Uncheck: Hide protected operating system files

Please search for and remove the following folder:
C:\Program Files (x86)\PureLead

The following files:
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\plsapp64.lnk

...and let's see if we can remove this one:
C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\plsapp64.dll

But, you need to open a Command Prompt as Administrator

At the Command Prompt:
Type: CD \

At the C:\ prompt, copy/paste with mouse:
takeown /f "C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\plsapp64.dll"

Now, run the cacls command to give yourself full control rights to the file:
cacls "C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\plsapp64.dll" /G user:F

The last part of the command needs the user name. I think in your case it is user??

When done, use SystemLook once gain, and provide the results.
My System SpecsSystem Spec
23 Jun 2015   #93
ChronicX

Windows 7 Home Premium 64
 
 

When I tried to merge, this is what popped up.


Attached Thumbnails
Removal of virus has blocked internet. PLEASE PLEASE HELP-plfixnotify.png  
My System SpecsSystem Spec
.

23 Jun 2015   #94
ChronicX

Windows 7 Home Premium 64
 
 

The only one of those files I could find was the last one. The other ones were not able to be located by Windows or manually.


Attached Thumbnails
Removal of virus has blocked internet. PLEASE PLEASE HELP-cmdfinish.png  
My System SpecsSystem Spec
23 Jun 2015   #95
ChronicX

Windows 7 Home Premium 64
 
 

Image of file directory and latest syslook results.


Attached Thumbnails
Removal of virus has blocked internet. PLEASE PLEASE HELP-dirpic.png  
My System SpecsSystem Spec
23 Jun 2015   #96
cottonball

Windows 7 Home Premium
 
 

Oooops!!

Code:
REGEDIT4
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Dyn\Installed]
"PureLeads"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\PureLeads]
Brains are dense today! Sorry for the goof!!


Quote:
The only one of those files I could find was the last one.
Which file did you find and remove?

Please use SystemLook once again, after doing the Registry merge above.

Thanks!
My System SpecsSystem Spec
23 Jun 2015   #97
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

@ ChronicX, we see you have run Combofix..... can you find and post the log from
C:\Qoobox combofix.txt? please. Just copy and paste it in your next reply.
My System SpecsSystem Spec
24 Jun 2015   #98
ChronicX

Windows 7 Home Premium 64
 
 

Hey, Cotton, sorry for the silence, real life always gets in the way. I will run the tests now. The image is of the path of the file I thought I'd deleted but as you can see it is still there. I manually deleted it but it's a sticky one apparently. The other files just were flat not located. Hope you are having a great day!


Attached Thumbnails
Removal of virus has blocked internet. PLEASE PLEASE HELP-dirimage.png  
My System SpecsSystem Spec
24 Jun 2015   #99
ChronicX

Windows 7 Home Premium 64
 
 

Latest Combofix report.


Attached Files
File Type: txt recentcf.txt (24.2 KB, 5 views)
My System SpecsSystem Spec
24 Jun 2015   #100
cottonball

Windows 7 Home Premium
 
 

Hello, CX!

Heading for a Doctor's appt. and a few other things in a few minutes, so, will get back here later.

Please post some new results for SystemLook when you are done.

Please, do copy and paste them right on this thread, vs. attaching the results. Will be using my tablet while waiting, and it is easier to just look at the results on the tablet.

Thanks!
My System SpecsSystem Spec
Reply

 Removal of virus has blocked internet. PLEASE PLEASE HELP




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
help with possible virus removal?
I thought there was a section here, that gave details on what to submit here, in order for a professional from within to examine the content and then give further instruction. Is it still here, or is it gone? I looked under security. Hmm, I'm missing something...Thx, DM
System Security
Virus Removal
Just bought a laptop pretty decently priced even with the virus problem. I am just having problems getting rid of this one. It has content explorer which sets up proxy so after disabling it i can not get on net to install removal sofware. It has wb.exe, pc health, a password viewer, scorpion...
System Security
Want ideas for Virus removal if virus shows up in safemode CMD
Hi, Looking for general ideas on how everyone else handles a strong virus. If the virus is showing up in Windows regular mode, it opens in safemode and opens in safmode with command prompt. Besides the usual such as boot to repair mode and use system restore, dock hard drive to another pc and...
System Security
Virus Removal
My Microsoft Security Essentials keeps alerting me to something called: Name: Exploit:HTML/IframeRef.gen Alert Level: Severe I click remove but sometime later the message pops up again saying to remove. I have clicked remove quite enough times now but still the pop-up appears. I have also...
System Security
no internet after virus removal
I removed a virus from my friends e machine net book a week or so ago it was the system tool 2012 virus.it was removed fully and have checked this via AV and malwarebytes etc.but since then the internet always finds wifif points and connects but always says limited connection.problem is he lost his...
Network & Sharing
After Virus Removal
After virus removal, this message has been popping up every time I start the computer. What do I do to restore these two DLL files? Startup repair has done nothing and I don't want to system restore because I just installed tons of drivers.
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 13:04.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App