Hello,
I have a netbook infected by extentions on chrome and mozilla : extutil, managera and CinemaP*i3c. Avast, adwclenaer and hitmanpro didn’t fix the probleme. I don’t know what to do. I come to you to have your help.
i join the malwarebytes anti malware’s log, the two rapports of farbar recovery scan tool. But the aswMBR programme didn’t work, i have a bleu screen (on windows8) and the computeur shut down.
thank’s in advance.
Nico
Could you let me know if this stops them
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File 2015-01-22 19:33 - 2014-12-15 11:29 - 00000000 ____D () C:\Program Files (x86)\b4bdb80d-a644-43db-9f8c-85efdc9821f3 2015-01-22 19:33 - 2014-12-15 11:25 - 00000000 ____D () C:\Program Files (x86)\d16b9cc8-75c8-412d-af85-a0febd739181 EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
thank’s for your help,
Windows seems to get better, previously i had erased mozilla, can i install it now to test on the web ? (the netbook i try to cleaned is not the one i use to write now). the rapports are on attached piece.
regards
nico
Yes, re-install and let me know of any problems
not good, i had installed mozilla. after 10 seconds on amazon, avast detect a menace (join piece), and on the first clic on the site, 1 new tab and 1 new ad’s windows.
Could you run a fresh FRST scan for me please
should I click on “FIX” on the FRST prog ? or not ;D
Clicking fix will not do anything … if needed, a fix has to be made first
OK looks like a hidden element
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
thank’s again for your time,
no change for the laptop, same reaction on firefox : many windows open on the first click.
nico
OK nothing showing there, so we will use a different tack
Uninstall Firefox. Then run a fresh FRST scan and I will remove all traces of Firefox. Then I will give you a link to download a fresh copy of firefox
ok,
controle panel / uninstall program : ok
OK this will remove all the remnants I can see of Firefox
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: FF DefaultSearchEngine: Google (avast) FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006 FF SearchEngineOrder.1: Google (avast) FF SelectedSearchEngine: Google (avast) FF Homepage: https://www.google.com/?trackid=sp-006 FF Keyword.URL: https://www.google.com/search/?trackid=sp-006 FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF SearchPlugin: C:\Users\Adeline Louise\AppData\Roaming\Mozilla\Firefox\Profiles\apnyqtek.default\searchplugins\google-avast.xml FF Extension: extensionhidemyasscom - C:\Users\Adeline Louise\AppData\Roaming\Mozilla\Firefox\Profiles\apnyqtek.default\Extensions\extension@hidemyass.com [2014-12-19] FF Extension: WOT - C:\Users\Adeline Louise\AppData\Roaming\Mozilla\Firefox\Profiles\apnyqtek.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-12-15] FF Extension: Adblock Plus - C:\Users\Adeline Louise\AppData\Roaming\Mozilla\Firefox\Profiles\apnyqtek.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-15] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-30] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] 2015-01-24 10:56 - 2015-01-24 10:54 - 00243712 _____ () C:\Users\Adeline Louise\Desktop\Firefox Setup Stub 35.0.exe 2015-01-11 16:33 - 2015-01-11 16:54 - 00000000 ____D () C:\Program Files (x86)\IncludeRunner 2014-12-29 11:41 - 2015-01-04 16:13 - 00000000 ____D () C:\Windows\system32\AutoUpdateLicense C:\Program Files (x86)\Mozilla Firefox C:\Users\Adeline Louise\AppData\Roaming\Mozilla EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Download and re-install Firefox from here https://www.mozilla.org/en-GB/firefox/new/
YES ;D
after a first try it’s working very well.
the cleaning is ok, but what about prevention ?
obviously avast + adwcleaner some time, don’t work anymore.
in the forum : http://forums.whatthetech.com/index.php?showtopic=102251 their good practice are : avast + malwarebytes’ antimalware
and they link to :
http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/ who preconize :
avast + malwarebytes’ antimalware + SpywareBlaster + SpywareGuard +ZoneAlarm and NoScript + Norton Safeweb for firefox.
if you have a link to a good solution for protecting 3 pc on w7 and 2 laptop on w8, for family user, and i also care about general organisation ( administrator session, java, flash, acrobat reader …)
thank you very much for your time, my sister in law will realy enjoy her heathly laptop.
nico
Looks like whatever it was, was hidden in the roaming directory which FF leaves behind
Here are some recommendations for you
Subject to no further problems 
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean 
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Remove Combofix
Click Start then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
In the box copy/paste the following command:
ComboFix /Uninstall
Note that there is a space between " ComboFix " and " /Uninstall " .
Then click OK (or press Enter ).
Wait for the uninstall process to complete.
Remove tools
Download and run Delfix
https://dl.dropboxusercontent.com/u/73555776/delfix.JPG
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
https://dl.dropboxusercontent.com/u/73555776/javara.JPG
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent install this programme to lock down and prevent crypto ransome ware
https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG
Update and run weekly to keep your system clean
Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme 
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe 
::)to be sure, you recommend : CryptoPrevent + Malwarebytes. + Unchecky WITH ? avast
Yep, Cryptoprevent locks out encryption malware.
Unchecky stops most pups from installing when you download a programme from the net
Malwarebytes as a monthly checker, no need to run resident
24 hour later, everything is ok. the laptop run correctly. I will now extand this protection to the other pc i have. BIG THANK’S for your work.
regards
nico
My pleasure