[DonnaB]

I'll be here..

[Advertisements]

FIXLOG

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2014
Ran by Chilson at 2014-11-11 18:54:42 Run:2
Running from C:\Users\Chilson\Desktop\AAA FRST2
Loaded Profile: Chilson (Available profiles: Chilson & avery)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\iDeals Shopping Optimizer\ideals-shopping-optimizer.xpi
CHR HKLM\...\Chrome\Extension: [ekiinghkbmjmlcladgkjbkodgplhdphp] - C:\Program Files\iDeals Shopping Optimizer\chrome-powl-deals.crx []
2014-11-01 19:29 - 2014-11-06 15:02 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
C:\Users\Chilson\AppData\Local\temp\dllnt_dump.dll
C:\Users\Chilson\AppData\Local\temp\Quarantine.exe
C:\Users\Chilson\AppData\Local\temp\sqlite3.dll
AlternateDataStreams: C:\ProgramData\TEMP:38020A20
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
*****************

HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => value deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ekiinghkbmjmlcladgkjbkodgplhdphp" => Key deleted successfully.
"C:\Program Files\iDeals Shopping Optimizer\chrome-powl-deals.crx" => File/Directory not found.
C:\ProgramData\Windows Genuine Advantage => Moved successfully.
C:\Users\Chilson\AppData\Local\temp\dllnt_dump.dll => Moved successfully.
C:\Users\Chilson\AppData\Local\temp\Quarantine.exe => Moved successfully.
C:\Users\Chilson\AppData\Local\temp\sqlite3.dll => Moved successfully.
C:\ProgramData\TEMP => ":38020A20" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.

==== End of Fixlog ====

[The_Omni]

FIXLOG

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2014
Ran by Chilson at 2014-11-11 18:54:42 Run:2
Running from C:\Users\Chilson\Desktop\AAA FRST2
Loaded Profile: Chilson (Available profiles: Chilson & avery)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\iDeals Shopping Optimizer\ideals-shopping-optimizer.xpi
CHR HKLM\...\Chrome\Extension: [ekiinghkbmjmlcladgkjbkodgplhdphp] - C:\Program Files\iDeals Shopping Optimizer\chrome-powl-deals.crx []
2014-11-01 19:29 - 2014-11-06 15:02 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
C:\Users\Chilson\AppData\Local\temp\dllnt_dump.dll
C:\Users\Chilson\AppData\Local\temp\Quarantine.exe
C:\Users\Chilson\AppData\Local\temp\sqlite3.dll
AlternateDataStreams: C:\ProgramData\TEMP:38020A20
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
*****************

HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => value deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ekiinghkbmjmlcladgkjbkodgplhdphp" => Key deleted successfully.
"C:\Program Files\iDeals Shopping Optimizer\chrome-powl-deals.crx" => File/Directory not found.
C:\ProgramData\Windows Genuine Advantage => Moved successfully.
C:\Users\Chilson\AppData\Local\temp\dllnt_dump.dll => Moved successfully.
C:\Users\Chilson\AppData\Local\temp\Quarantine.exe => Moved successfully.
C:\Users\Chilson\AppData\Local\temp\sqlite3.dll => Moved successfully.
C:\ProgramData\TEMP => ":38020A20" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.

==== End of Fixlog ====

[DonnaB]

Perfect! Now, boot the computer and connect to the internet and let me know the results.

We will need to connect the problem computer to run the ESET scan on it.

[The_Omni]

OK posting from the infected computer now.  So far so good.  Observing a coule of things, Neither Firefox or Chrome are showing installed on the computer.  I have had to relog into this site on each post.  Other than that it seems much better.

 

Woring on ESET now

[DonnaB]

OK posting from the infected computer now. So far so good.

Great!
 

Neither Firefox or Chrome are showing installed on the computer.

Go to Start > Control Panel > Programs and Features. They should be located there as being installed. You may have to go the following locations, right click on the executable(s) and send a shortcut to the task bar or desktop.

Start > Computer > Local Disk C: > Program Files > Mozilla Firefox > firefox.exe

Start > Computer > Local Disk C: > Program Files > Google > Chrome > Application > chrome.exe

No need to do it now though, if you have started the ESET scan. If they are not located in the Programs and Features found in the Control Panel they can always be re-installed.

As for having to relog into the site, you should see an option to stay logged in, Remember Me or something similar on the log in screen. Just place a checkmark in the box and you should stay logged in when you re-enter the site unless you click on Sign Out.

[The_Omni]

Just a heads up, I am fighting with McAfee antivirus plus, it won't completely shutdown,  the instructions on that page referenced don't cover it.  I am trying a msconfig diagnostic reboot now.

[DonnaB]

Ah... Try the following in the links, if needed:

http://www.wikihow.com/Disable-McAfee

Here's a link to the McAfee site. See the second post by Dinz for instructions:

https://community.mc.../43708?tstart=0

[The_Omni]

Ok I give, short of deinstall McAfee I dont know how to completely stop it

[DonnaB]

Did you try the instructions in one of the links I provided above?

Does the owner of the computer have the product license handy so we can uninstall, then re-install? If not, Magical Jelly Bean Keyfinder might be able to find it. I know it will find the product key for the OS, MS word and other paid for software. Worth a try!!

[The_Omni]

ok uninstalling, hate to do it as she has a paid subscription and I don't have he mcafee details to reload it

[The_Omni]

Yeah I had already tried all the things mentioned in those instructions, plus a few others, uninstalling now,  I will deal with her when it comes time, besides that product really s&%%^ks or she wouldnt be in this fix to start with, right?

[The_Omni]

Sorry if I sound irritated just a lot going on here, and McAfee got on my nerves 

[The_Omni]

Is there any way to tell if the scanner is working?  I didn't get a start button or a measure of progress?

[DonnaB]

besides that product really s&%%^ks or she wouldnt be in this fix to start with, right?

I have never been a big fan of McAfee or Norton myself, so I have to agree with you on that.

Sorry if I sound irritated just a lot going on here, and McAfee got on my nerves

No apologies necessary! I can only imagine what you are going through! I help many elderlies at a local hi-rise in my town. Many think that their browser is the internet and not a conduit to access the internet. It's not easy helping those who do not understand the technology.

Is there any way to tell if the scanner is working? I didn't get a start button or a measure of progress?

Did you get the option to click YES, and then click on I accept the Terms of Use, etc., etc.?

[The_Omni]

Here is what I see

Attached Thumbnails

•