|
Post by nursedodie on Feb 28, 2015 18:40:34 GMT -8
Well in my haste I did download and move to desktop but wasn't thinking it would just put a shortcut.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 28, 2015 19:34:44 GMT -8
Press the + R Keys on your keyboard at the same time. Type notepad and click OK. Copy the entire content of the codebox below and paste into the notepad (Including start and end) start (Oracle Corporation) C:\Users\Mom\Downloads\chromeinstall-8u31.exe C:\Users\Mom\Downloads\chromeinstall-8u31.exe AppInit_DLLs-x32: c:/progra~3/{e9c20~1/171~1.0/faca.dll => c:\ProgramData\{E9C20101-B940-D087-08C6-A005D844738B}\1.7.1.0\faca.dll [649216 2015-01-17] () c:\ProgramData\{E9C20101-B940-D087-08C6-A005D844738B}\1.7.1.0\faca.dll BootExecute: autocheck autochk * sdnclean64.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION FF DefaultSearchEngine: Vosteran FF SelectedSearchEngine: Vosteran FF Homepage: hxxp://vosteran.com/?f=1&a=vst_cmi_15_03_ff&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0Bzy0AyB0ByD0BzytB0DzyyDtN0D0Tzu0StCtCtCtBtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0AyB0FyBzz0EzytGtAyEyDyEtGyDyB0CtDtG0DtA0E0AtGtCtAyE0DyCzz0DtDtB0AtByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FyDtCyEyByCtCtG0FtC0CtCtGyEtCyCyDtGzy0BzytAtG0DyC0DzyyB0FyCzyzz0DtDtC2Q&cr=427983926&ir= FF Extension: PriceoLeess - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\Extensions\w54@ymRFb.com [2015-01-17] FF HKU\S-1-5-21-1763819868-3983550937-2236360535-1000\...\Firefox\Extensions: [{E2339FAF-7AF6-F9C1-62C8-8D4C95CBE173}] - C:\Program Files (x86)\ver4SpeedCheck\185.xpi FF Extension: No Name - C:\Program Files (x86)\ver4SpeedCheck\185.xpi [Not Found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] S3 EraserUtilDrv11311; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [X] S3 EraserUtilDrv11411; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11411.sys [X] S0 xmng; System32\drivers\mhdnch.sys [X] R2 8aed4564; c:\Program Files (x86)\PragmaRunner\PragmaRunner.dll [1634304 2015-02-05] () [File not signed] Hosts: Task: {0D4C955B-407D-4CB6-A5D0-9E0058CDD1AB} - \GeniusBox No Task File <==== ATTENTION Task: {505019C4-1005-42EE-9B7C-07215EA6FEE6} - System32\Tasks\CleanerPro_Start => C:\Program Files (x86)\Cleaner Pro\CleanerPro.exe C:\Program Files (x86)\Cleaner Pro\CleanerPro.exe Task: {76D2914F-C1CC-44B3-B269-C8D2A94D089D} - \ITECIR Filter Application for RCMM No Task File <==== ATTENTION Task: {8B743F7C-4A1B-40D3-A793-643A5F08DD53} - System32\Tasks\CleanerPro_Popup => C:\Program Files (x86)\Cleaner Pro\Splash.exe C:\Program Files (x86)\Cleaner Pro\Splash.exe Task: {97597E7C-FE59-4AF6-85C9-782ACBC12C6E} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION Task: {BA99A51E-F56C-4639-8550-1C166E760B54} - \avaxvxvcxe No Task File <==== ATTENTION Task: {ED73FA88-FF9B-4AB4-B500-3BF49637933B} - System32\Tasks\Check Updates => C:\Users\Mom\AppData\Local\GeniusBox\updater.exe C:\Users\Mom\AppData\Local\GeniusBox\updater.exe Task: {FCF0367B-048C-461B-9131-4EFAC25E5259} - System32\Tasks\Validate Installation => C:\Users\Mom\AppData\Local\GeniusBox\updater.exe c:\Program Files (x86)\PragmaRunner\PragmaRunner.dll c:\Program Files (x86)\PragmaRunner Reboot: end Click File, Save As and type fixlist (.txt may be seen on the end depending on the system setup) as the File Name. Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start FRST. (XP users click run after receipt of Windows Security Warning - Open File). Press the button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop, called Fixlog.txt. To paste or attach back here Quads
|
|
|
Post by nursedodie on Feb 28, 2015 19:50:09 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 28, 2015 19:55:25 GMT -8
Read carefully
Download Adwcleaner www.bleepingcomputer.com/download/adwcleaner/ on to your desktop The Blue Download Now @bleeping Computer button and run a scan ( Scan Button). It will create a log after. Or there is a Report button, ONE SCAN ONLY
Attach or paste the log back here Quads
|
|
|
Post by nursedodie on Feb 28, 2015 20:04:55 GMT -8
[URL=http://wikisend.com/download/751364/AdwCleaner[R0].txt]AdwCleaner[R0].txt[/URL]
|
|
|
Post by nursedodie on Feb 28, 2015 20:06:52 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 28, 2015 20:09:41 GMT -8
a) Click the Scan Button and wait for the scan to finish,. (already done if Adwcleaner is left pending) b) Make sure all of the items under each TAB are to be ticked. c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted.[/span] d) It should create a new log afterwards (with S0 in the name). Here is a Screenshot example Quads
|
|
|
Post by nursedodie on Feb 28, 2015 20:20:40 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 28, 2015 20:31:52 GMT -8
Now your system should have freed up now??
Quads
|
|
|
Post by nursedodie on Feb 28, 2015 20:38:14 GMT -8
Is this normal? All these chrome processes running? I have killed them many times prior to today but they keep coming back. Attachments:
|
|