Ok lets try this again.
Uninstall Google Chrome using the instructions Here
Then download and install it again, once done let me know if the problem is still there.
searchqu could very well be the culprit, but we took care of that earlier.I've done that but the problem is still there. I've noticed the item 'searchqu' come up in the logs I've posted. Is this the offending article? I've done some reading about it and it looks pretty malicious.
:filefind *Fun4IM* *Bandoo* *Searchnu* *Searchqu* *iLivid* *whitesmoke* *datamngr* *trolltech* :folderfind *Fun4IM* *Bandoo* *Searchnu* *Searchqu* *iLivid* *whitesmoke* *datamngr* *trolltech* :Regfind Fun4IM Bandoo Searchnu Searchqu iLivid whitesmoke datamngr kelkoopartners trolltech
:commands [createrestorepoint] :processes killallprocesses :otl IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2925418 IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/421" FF - prefs.js..extensions.enabledAddons: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd}:3.7.0.6 FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 FF - prefs.js..extensions.enabledAddons: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.6.1.01 FF - prefs.js..extensions.enabledAddons: {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}:15.0.5 O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. :files ipconfig /flushdns /c :commands [emptytemp] [resethosts]
:processes killallprocesses :files C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgbbadfnppehacgnbbpjjbajahlhhkem\1.0_0\ C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\i0zxhjrq.default\extensions\5045d8f65ca4e@5045d8f65ca87.info ipconfig /flushdns /c :commands [REBOOT]
I clicked the link to Text Enhance and recognised the domain immediately. I bought a program from them a couple of years ago. I don't remember agreeing to the Text Enhance add-on and I don't understand why it's only activated itself just recently.
Many, many thanks for your help with this problem. My machine appears to be running more smoothly, and more quickly.
Thanks once again.
Return to Infected? Virus, malware, adware, ransomware, oh my!
Users browsing this forum: No registered users and 176 guests
Contact us:
Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.
Member site: UNITE Against Malware