[zep516]

OK,

Did you reset Chrome if not do so..

Please do this one more time, need to make sure it's right. Unless you can find the fixlog.txt on your desktop post it.

A few items to fix;
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-615137952-235082984-2108559562-1004] ATTENTION => Default URLSearchHook is missing
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
S3 TDKLIB; \??\C:\Users\Genna\AppData\Local\Temp\ExtactTemp\TdkLib64.sys [X]
2015-08-16 10:19 - 2014-11-16 12:43 - 00000000 __SHD C:\Users\Genna\AppData\Local\EmieBrowserModeList
2015-08-16 10:19 - 2014-04-30 18:21 - 00000000 __SHD C:\Users\Genna\AppData\Local\EmieUserList
2015-08-16 10:19 - 2014-04-30 18:21 - 00000000 __SHD C:\Users\Genna\AppData\Local\EmieSiteList
Task: {09724424-73E9-4985-AAF7-BABC1866DB36} - \DonutQuotes -> No File <==== ATTENTION
Task: {D11679FE-9AB7-4EBC-A6BC-DFBAEE673882} - System32\Tasks\{7EF4D32A-28FA-4CF4-8B23-FAB223BBA47D} => pcalua.exe -a "C:\Program Files (x86)\donutleads\uninstall.exe"
C:\Users\Genna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptcy0dd.dll
C:\Users\Genna\AppData\Local\Temp\jna2660324884185932600.dll
C:\Users\Genna\AppData\Local\Temp\jna2968711618457328810.dll
C:\Users\Genna\AppData\Local\Temp\jna8485977506312132074.dll
C:\Users\Genna\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
C:\Users\Genna\AppData\Local\Temp\sqlite3.dll
C:\Program Files (x86)\donutleads
AlternateDataStreams: C:\Users\Genna\SkyDrive:ms-properties
2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\Genna\AppData\Roaming\HRZHEL
2014-09-01 04:18 - 2014-09-01 04:18 - 0001248 _____ () C:\Users\Genna\AppData\Roaming\QCARYUG
2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\Genna\AppData\Roaming\SWGXET
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state OFF
Emptytemp:

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
 

[Advertisements]

Is this it?

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by Genna (2015-08-16 19:30:25) Run:2
Running from C:\Users\Genna\Desktop
Loaded Profiles: Genna & UpdatusUser (Available Profiles: Genna & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-615137952-235082984-2108559562-1004] ATTENTION => Default URLSearchHook is missing
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
S3 TDKLIB; \??\C:\Users\Genna\AppData\Local\Temp\ExtactTemp\TdkLib64.sys [X]
2015-08-16 10:19 - 2014-11-16 12:43 - 00000000 __SHD C:\Users\Genna\AppData\Local\EmieBrowserModeList
2015-08-16 10:19 - 2014-04-30 18:21 - 00000000 __SHD C:\Users\Genna\AppData\Local\EmieUserList
2015-08-16 10:19 - 2014-04-30 18:21 - 00000000 __SHD C:\Users\Genna\AppData\Local\EmieSiteList
Task: {09724424-73E9-4985-AAF7-BABC1866DB36} - \DonutQuotes -> No File <==== ATTENTION
Task: {D11679FE-9AB7-4EBC-A6BC-DFBAEE673882} - System32\Tasks\{7EF4D32A-28FA-4CF4-8B23-FAB223BBA47D} => pcalua.exe -a "C:\Program Files (x86)\donutleads\uninstall.exe"
C:\Users\Genna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptcy0dd.dll
C:\Users\Genna\AppData\Local\Temp\jna2660324884185932600.dll
C:\Users\Genna\AppData\Local\Temp\jna2968711618457328810.dll
C:\Users\Genna\AppData\Local\Temp\jna8485977506312132074.dll
C:\Users\Genna\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
C:\Users\Genna\AppData\Local\Temp\sqlite3.dll
C:\Program Files (x86)\donutleads
AlternateDataStreams: C:\Users\Genna\SkyDrive:ms-properties
2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\Genna\AppData\Roaming\HRZHEL
2014-09-01 04:18 - 2014-09-01 04:18 - 0001248 _____ () C:\Users\Genna\AppData\Roaming\QCARYUG
2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\Genna\AppData\Roaming\SWGXET
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state OFF
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
TDKLIB => service removed successfully
C:\Users\Genna\AppData\Local\EmieBrowserModeList => moved successfully.
C:\Users\Genna\AppData\Local\EmieUserList => moved successfully.
C:\Users\Genna\AppData\Local\EmieSiteList => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09724424-73E9-4985-AAF7-BABC1866DB36}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09724424-73E9-4985-AAF7-BABC1866DB36}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DonutQuotes => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D11679FE-9AB7-4EBC-A6BC-DFBAEE673882}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D11679FE-9AB7-4EBC-A6BC-DFBAEE673882}" => key removed successfully
C:\WINDOWS\System32\Tasks\{7EF4D32A-28FA-4CF4-8B23-FAB223BBA47D} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7EF4D32A-28FA-4CF4-8B23-FAB223BBA47D}" => key removed successfully
C:\Users\Genna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptcy0dd.dll => moved successfully.
C:\Users\Genna\AppData\Local\Temp\jna2660324884185932600.dll => moved successfully.
C:\Users\Genna\AppData\Local\Temp\jna2968711618457328810.dll => moved successfully.
C:\Users\Genna\AppData\Local\Temp\jna8485977506312132074.dll => moved successfully.
C:\Users\Genna\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll => moved successfully.
C:\Users\Genna\AppData\Local\Temp\sqlite3.dll => moved successfully.
"C:\Program Files (x86)\donutleads" => File/Folder not found.
C:\Users\Genna\SkyDrive => ":ms-properties" ADS removed successfully.
C:\Users\Genna\AppData\Roaming\HRZHEL => moved successfully.
C:\Users\Genna\AppData\Roaming\QCARYUG => moved successfully.
C:\Users\Genna\AppData\Roaming\SWGXET => moved successfully.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state OFF =========

Ok.

========= End of CMD: =========

EmptyTemp: => 434.8 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 19:32:29 ====

[growley]

Is this it?

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by Genna (2015-08-16 19:30:25) Run:2
Running from C:\Users\Genna\Desktop
Loaded Profiles: Genna & UpdatusUser (Available Profiles: Genna & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-615137952-235082984-2108559562-1004] ATTENTION => Default URLSearchHook is missing
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
S3 TDKLIB; \??\C:\Users\Genna\AppData\Local\Temp\ExtactTemp\TdkLib64.sys [X]
2015-08-16 10:19 - 2014-11-16 12:43 - 00000000 __SHD C:\Users\Genna\AppData\Local\EmieBrowserModeList
2015-08-16 10:19 - 2014-04-30 18:21 - 00000000 __SHD C:\Users\Genna\AppData\Local\EmieUserList
2015-08-16 10:19 - 2014-04-30 18:21 - 00000000 __SHD C:\Users\Genna\AppData\Local\EmieSiteList
Task: {09724424-73E9-4985-AAF7-BABC1866DB36} - \DonutQuotes -> No File <==== ATTENTION
Task: {D11679FE-9AB7-4EBC-A6BC-DFBAEE673882} - System32\Tasks\{7EF4D32A-28FA-4CF4-8B23-FAB223BBA47D} => pcalua.exe -a "C:\Program Files (x86)\donutleads\uninstall.exe"
C:\Users\Genna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptcy0dd.dll
C:\Users\Genna\AppData\Local\Temp\jna2660324884185932600.dll
C:\Users\Genna\AppData\Local\Temp\jna2968711618457328810.dll
C:\Users\Genna\AppData\Local\Temp\jna8485977506312132074.dll
C:\Users\Genna\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
C:\Users\Genna\AppData\Local\Temp\sqlite3.dll
C:\Program Files (x86)\donutleads
AlternateDataStreams: C:\Users\Genna\SkyDrive:ms-properties
2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\Genna\AppData\Roaming\HRZHEL
2014-09-01 04:18 - 2014-09-01 04:18 - 0001248 _____ () C:\Users\Genna\AppData\Roaming\QCARYUG
2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\Genna\AppData\Roaming\SWGXET
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state OFF
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
TDKLIB => service removed successfully
C:\Users\Genna\AppData\Local\EmieBrowserModeList => moved successfully.
C:\Users\Genna\AppData\Local\EmieUserList => moved successfully.
C:\Users\Genna\AppData\Local\EmieSiteList => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09724424-73E9-4985-AAF7-BABC1866DB36}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09724424-73E9-4985-AAF7-BABC1866DB36}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DonutQuotes => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D11679FE-9AB7-4EBC-A6BC-DFBAEE673882}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D11679FE-9AB7-4EBC-A6BC-DFBAEE673882}" => key removed successfully
C:\WINDOWS\System32\Tasks\{7EF4D32A-28FA-4CF4-8B23-FAB223BBA47D} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7EF4D32A-28FA-4CF4-8B23-FAB223BBA47D}" => key removed successfully
C:\Users\Genna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptcy0dd.dll => moved successfully.
C:\Users\Genna\AppData\Local\Temp\jna2660324884185932600.dll => moved successfully.
C:\Users\Genna\AppData\Local\Temp\jna2968711618457328810.dll => moved successfully.
C:\Users\Genna\AppData\Local\Temp\jna8485977506312132074.dll => moved successfully.
C:\Users\Genna\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll => moved successfully.
C:\Users\Genna\AppData\Local\Temp\sqlite3.dll => moved successfully.
"C:\Program Files (x86)\donutleads" => File/Folder not found.
C:\Users\Genna\SkyDrive => ":ms-properties" ADS removed successfully.
C:\Users\Genna\AppData\Roaming\HRZHEL => moved successfully.
C:\Users\Genna\AppData\Roaming\QCARYUG => moved successfully.
C:\Users\Genna\AppData\Roaming\SWGXET => moved successfully.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state OFF =========

Ok.

========= End of CMD: =========

EmptyTemp: => 434.8 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 19:32:29 ====

[growley]

Norton removed FRST64, there is another folder on desktop FRST-older version, I tried that but it went through everything and said no fixlist found

Do I need to disable Norton again and re-download FRST?

[zep516]

Yes that is it.. Good work !

You don't need to do anything. The last log is all I wanted for now.

[zep516]

How are things now any better ?

[growley]

Much better than before, but when using internet explorer many webpages end up not responding, does not seem to happen in Chrome.

I need to figure out how to route through Chrome again because right now all my desktop shortcuts go through internet explorer, and most of my 'world' is in Google.

[zep516]

I would,

Reset Internet Explorer settings.

To do that
See Here. On that page, Look under the topic "Reset Internet Explorer settings"
 
Have to call it a nite.
Let me know how things are after that.

Thanks
Joe

[growley]

Things are so much better, how much crap was on here and where did it come from?

Got a pop up notification from Norton: Chrome Protection Alert

The Norton Chrome extensions are not enabled. Install these extensions to protect your device and your identity when you surf with Chrome.

Do I want this?

[zep516]

Hello,

Lots of stuff was on there that Anti Virus programs don't necessarily detect. Most of the adware comes from downloading, especially video players, pc optimizers and the like.

Norton Chrome extensions are not enabled.

One of those extensions is probably;
Norton safe search, that may change your default search in Chrome to "Norton Safe search" Norton Safe Search uses Ask.com

Personally I would not use the extensions.

Next

Download Security Check by screen317 from Here or Here
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

[growley]

 Results of screen317's Security Check version 1.007  

   x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Disabled!  

Norton Security Suite   

Windows Defender        

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Adobe Flash Player 18.0.0.232  

 Google Chrome (44.0.2403.155) 

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 

````````````````````End of Log`````````````````````` 

[zep516]

Hello,

Everything is as it should be. If there are no further issue we can now remove the programs and log files that were downloaded and created using Dellfix.

Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run.
• The program will run for a few seconds and display a notepad report.
  Paste it for my review.

[growley]

that link brought me to the weird sign in page 'Piwik'

[zep516]

Strange. What browser ?

Try delfix from bleeping computer see below;

http://www.bleepingc...ownload/delfix/

[growley]

It was Chrome, had a bit of trouble with delfix, ended up disabling Norton for 1 hour to let it run, it kept downloading and then when I clicked on it, said removed.

anyway:

 

# DelFix v1.010 - Logfile created 18/08/2015 at 19:09:07

# Updated 26/04/2015 by Xplode

# Username : Genna - MOMMALAPTOP

# Operating System : Windows 8.1  (64 bits)

 

~ Removing disinfection tools ...

 

Deleted : C:\FRST

Deleted : C:\AdwCleaner

Deleted : C:\Users\Genna\Desktop\FRST-OlderVersion

Deleted : C:\AdwCleaner[C1].txt

Deleted : C:\AdwCleaner[S1].txt

Deleted : C:\AdwCleaner[S2].txt

Deleted : C:\Users\Genna\Desktop\Addition.txt

Deleted : C:\Users\Genna\Desktop\Fixlog.txt

Deleted : C:\Users\Genna\Desktop\FRST.txt

Deleted : C:\Users\Genna\Desktop\JRT.txt

Deleted : C:\Users\Genna\Downloads\SecurityCheck.exe

Deleted : HKLM\SOFTWARE\AdwCleaner

 

~ Cleaning system restore ...

 

Deleted : RP #91 [Scheduled Checkpoint | 07/28/2015 09:58:03]

Deleted : RP #92 [Scheduled Checkpoint | 08/05/2015 02:01:26]

Deleted : RP #93 [Windows Update | 08/12/2015 23:41:39]

Deleted : RP #94 [Removed Amazon Browser App | 08/16/2015 14:43:14]

Deleted : RP #96 [Restore Point Created by FRST | 08/16/2015 15:01:33]

Deleted : RP #97 [Removed Java 7 Update 71 | 08/16/2015 23:12:06]

Deleted : RP #98 [Removed Java 7 Update 71 | 08/16/2015 23:13:39]

Deleted : RP #100 [Restore Point Created by FRST | 08/16/2015 23:30:50]

 

New restore point created !

 

~ Resetting system settings ... OK

 

########## - EOF - ##########

[zep516]

Looks good.

Lets let it run for a day or 2 before I close the topic.

Joe