|
Post by jhujaejyt on Apr 21, 2015 0:37:28 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Apr 21, 2015 11:13:58 GMT -8
Is is a Business system / Workstation, just by the way game files are policied to not allow to run??
Quads
|
|
|
Post by jhujaejyt on Apr 21, 2015 21:31:19 GMT -8
Quads,
Yes.
Also, video links and some Sites are blocked.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Apr 21, 2015 21:43:03 GMT -8
Press the + R Keys on your keyboard at the same time. Type notepad and click OK. Copy the entire content of the codebox below and paste into the notepad (Including start and end) start HKLM-x32\...\Run: [] => [X] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: WhioteOffersApP -> {e84dcdd1-aec9-4603-ab09-2394df47e16e} -> C:\Program Files (x86)\WhioteOffersApP\pECqjDIXTYaUbJ.x64.dll [2015-04-12] () BHO-x32: WhioteOffersApP -> {e84dcdd1-aec9-4603-ab09-2394df47e16e} -> C:\Program Files (x86)\WhioteOffersApP\pECqjDIXTYaUbJ.dll [2015-04-12] () Toolbar: HKU\S-1-5-21-2327794469-1620323118-2559063464-2249 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File C:\Program Files (x86)\WhioteOffersApP CHR Extension: (WhioteOffersApP) - C:\Users\alopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\beeljjnbgepelmdlamoohibejfjoodbp [2015-04-12] 2015-04-13 09:36 - 2015-04-13 10:23 - 00000000 ____D () C:\Program Files (x86)\SalePPllus 2015-04-12 16:17 - 2015-04-12 16:24 - 00000000 ____D () C:\AdwCleaner 2015-04-12 08:49 - 2015-04-12 08:56 - 00000000 ____D () C:\Program Files (x86)\Redirect Path 2015-04-12 08:48 - 2015-04-12 08:56 - 00000000 ____D () C:\Program Files (x86)\BroowwsiNgClEaroly 2015-04-12 08:48 - 2015-04-12 08:48 - 00000000 ____D () C:\Program Files (x86)\WhioteOffersApP 2015-04-12 08:48 - 2015-04-12 08:48 - 00000000 ____D () C:\Program Files (x86)\ActiveDeals 2015-02-06 08:26 - 2015-04-19 09:02 - 0000020 _____ () C:\Users\alopez\AppData\Roaming\appdataFr3.bin C:\Users\Administrator\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.5.65301.exe C:\Users\Administrator\AppData\Local\Temp\bdg825E.exe C:\Users\Administrator\AppData\Local\Temp\Setup.exe C:\Users\alopez\AppData\Local\Temp\HitmanPro.exe Reboot: end Click File, Save As and type fixlist (.txt may be seen on the end depending on the system setup) as the File Name. Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start FRST. (XP users click run after receipt of Windows Security Warning - Open File). Press the button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop, called Fixlog.txt. To paste or attach back here Quads
|
|
|
Post by jhujaejyt on Apr 21, 2015 22:12:10 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Apr 21, 2015 22:24:41 GMT -8
Busy dealing with 2 users,
1) who did not take note of the guidelines and is now tying to teah me how to do things
and a user (2 profiles) trying the luck that way after ignoring the guidelines blatantly and still think they are smarter.
Is it just Google Chrome that has the problem now??
Quads
|
|
|
Post by jhujaejyt on Apr 21, 2015 22:58:54 GMT -8
Quads,
Thank you very much.
My browsing is way much better now, unlike before that it always crashes or freezes.
I think my IE has no more issue.
For my Chrome, I got this ad that pops-up when clicking a link from a homepage though the intended link opens this ad also opens.
And, I still have this "System Infected: Fake Plug-in Activity 2 Detected" popping out once in a while, though unlike before that it comes out whenever I launch a browser.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Apr 21, 2015 23:06:47 GMT -8
Chrome is different in how it works with this compared to IE and Firefox and thus is dealt with differently,
Does anyone use the Google Account to sign into on that system??
Quads
|
|
|
Post by jhujaejyt on Apr 21, 2015 23:13:42 GMT -8
Quads,
Yes. Our company email is synch with the Google Account, I always need to sign-in to my google account to access my emails, and I think also to access our network.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Apr 21, 2015 23:20:58 GMT -8
The trouble is if you have the Chrome sync turned on as that saves the browser data to be synced back if it goes missing even if it is a bad extension or bad data I investigated one more entry, It won't fix the Dev problem with Chrome yet Press the + R Keys on your keyboard at the same time. Type notepad and click OK. Copy the entire content of the codebox below and paste into the notepad (Including start and end) start CHR Extension: (Redirect Path) - C:\Users\alopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomidfkchockcldhbkggjokdkkebmdll [2015-04-12] CHR Extension: (Shorter Google URLs) - C:\Users\alopez\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpjmhibanjbicehodjphiofpdpllahpm [2015-04-13] end Click File, Save As and type fixlist (.txt may be seen on the end depending on the system setup) as the File Name. Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start FRST. (XP users click run after receipt of Windows Security Warning - Open File). Press the button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop, called Fixlog.txt. To paste or attach back here Quads
|
|