|
Post by nursedodie on Feb 28, 2015 20:45:59 GMT -8
Nevermind Apparently this is normal, from reading up on chrome. Thank you so much for your time, I really appreciate it!
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 28, 2015 20:49:19 GMT -8
Yes that is Normal On with step 4, Complete system check for any file and cleanup of items and tools used. Special attention to the different settings I have asked for below You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.
Please download Online Scanner and save it to your Desktop. Start with administartor privileges. Select the option Yes, and click on . Choose the following settings: NO!! for Remove found threats (reason for this is we don't want something deleted and then Windows won't load). Click on Start. The virus signature database will begin to download. This may take some time. When completed the Online Scan will begin automatically. Note: This scan might take a long time! Please be patient.When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first! (List found Threats)Now click on Finish Quads
|
|
|
Post by nursedodie on Mar 1, 2015 17:31:05 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Mar 1, 2015 18:18:02 GMT -8
Press the + R Keys on your keyboard at the same time. Type notepad and click OK. Copy the entire content of the codebox below and paste into the notepad (Including start and end) start C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\dyub@3.edu\content\bg.js C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\dyub@3.edu\content\zy6g5sPWF.js C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\dyub@3.edu C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\h@HOVWIgq.net\content\bg.js C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\h@HOVWIgq.net C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\rCHEcSlFW@S.com\content\bg.js C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\rCHEcSlFW@S.com\content\dY.js C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\rCHEcSlFW@S.com C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\WBdAPTGtM@jZ.edu\content\bg.js C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\WBdAPTGtM@jZ.edu end Click File, Save As and type fixlist (.txt may be seen on the end depending on the system setup) as the File Name. Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start FRST. (XP users click run after receipt of Windows Security Warning - Open File). Press the button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop, called Fixlog.txt. To paste or attach back here Quads
|
|
|
Post by nursedodie on Mar 1, 2015 18:26:26 GMT -8
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015 Ran by Mom at 2015-03-01 20:24:47 Run:2 Running from C:\Users\Mom\Desktop Loaded Profiles: Mom (Available profiles: Mom) Boot Mode: Normal ==============================================
Content of fixlist: ***************** start C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\dyub@3.edu\content\bg.js C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\dyub@3.edu\content\zy6g5sPWF.js C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\dyub@3.edu C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\h@HOVWIgq.net\content\bg.js C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\h@HOVWIgq.net C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\rCHEcSlFW@S.com\content\bg.js C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\rCHEcSlFW@S.com\content\dY.js C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\rCHEcSlFW@S.com C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\WBdAPTGtM@jZ.edu\content\bg.js C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\WBdAPTGtM@jZ.edu end *****************
C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\dyub@3.edu\content\bg.js => Moved successfully. C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\dyub@3.edu\content\zy6g5sPWF.js => Moved successfully. C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\dyub@3.edu => Moved successfully. C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\h@HOVWIgq.net\content\bg.js => Moved successfully. C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\h@HOVWIgq.net => Moved successfully. C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\rCHEcSlFW@S.com\content\bg.js => Moved successfully. C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\rCHEcSlFW@S.com\content\dY.js => Moved successfully. C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\rCHEcSlFW@S.com => Moved successfully. C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\WBdAPTGtM@jZ.edu\content\bg.js => Moved successfully. C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\n4gd5o4q.default\extensions\staged\WBdAPTGtM@jZ.edu => Moved successfully.
==== End of Fixlog 20:24:47 ====
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Mar 1, 2015 18:28:24 GMT -8
Tools and Quarantines we used to be removed Please download DelFix by Xplode to your Desktop. toolslib.net/downloads/viewdownload/2-delfix/Double-click to run the program; Note: Windows Vista/7/8 users right-click and choose Run as administratorMake sure the Remove Disinfection tools is ticked / selected in the list Click RunA log will be opened after the operation is finished Copy and Paste it in your next reply Quads
|
|
|
Post by nursedodie on Mar 1, 2015 18:38:54 GMT -8
# DelFix v10.9 - Logfile created 01/03/2015 at 20:37:49 # Updated 27/02/2015 by Xplode # Username : Mom - MOM-PC # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\Mom\Desktop\Addition.txt Deleted : C:\Users\Mom\Desktop\AdwCleaner.exe Deleted : C:\Users\Mom\Desktop\AdwCleaner[R0].txt Deleted : C:\Users\Mom\Desktop\AdwCleaner[S0].txt Deleted : C:\Users\Mom\Desktop\esetsmartinstaller_enu.exe Deleted : C:\Users\Mom\Desktop\Fixlog.txt Deleted : C:\Users\Mom\Desktop\FRST.txt Deleted : C:\Users\Mom\Desktop\FRST64 (1).exe Deleted : C:\Users\Mom\Desktop\FRST64 - Shortcut.lnk Deleted : C:\Users\Mom\Downloads\Addition.txt Deleted : C:\Users\Mom\Downloads\FRST.txt Deleted : C:\Users\Mom\Downloads\FRST64.exe Deleted : HKLM\SOFTWARE\AdwCleaner
########## - EOF - ##########
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Mar 1, 2015 18:43:48 GMT -8
You are free to go on your merry way. You are now fixed / Solved.
Quads
|
|
|
Post by nursedodie on Mar 1, 2015 18:47:43 GMT -8
thank you thank you
|
|