Quirkymac

I'm just putting it through it's paces at the moment and cleaning up some of the extraneous software. Looking good at this moment though. Nil directs or other issues popping up. Thanks

emsisoft scan results + FRST report files scan_180412-234137.txt Addition.txt FRST.txt

I will start the scan shortly and leave it running overnight...and check it in the morning. I wasn't able to run the emsisoft program with the rootkit check ticked so will leave that off and let you guide me after the scan and clean. I was just typing a message whilst the emsisoft scan started and again when it got to step 2 of 5 (rootkit scan) it froze the computer. Am going to do another scan but custom (with rootkit check turned off) to clean those other issues.

Ublock origin installed

Ok. I've just installed Chrome and the extension you suggested. Do I need to do anything with the issues that the other AV/Antimalware program picked up... I didn't quarantine them all I did is a simple scan and asked for no actions other than report. there were three issues listed (one with firefox one with opera and I can't recall the other one - something in appdata\local It is in message 45 of this thread

dokeyoke

I edited the file and ran the fix results attached Fixlog.txt

Should it be c:\users\pc-\appdata\google rather than c:\pc-\appdata\google

Am I supposed to see a fixlist.txt now?

and a file in that 2.0_0 folder called manifest.json (that also can't be deleted) All say I don't have permission to delete

I've just manually deleted everything I can from that google folder and am getting blocked by a folder called profile1 Inside that is a folder called hjjkhfonangkojdpjcdhldbcicegaohc then digging down further is a folder called 2.0_0 then the following folders _locales _metadata icons all of which cannot be deleted and don't get deleted by blitzblank

Ok just tried to manually select another folder to delete in the first part of the Blitzblank to delete folder C:\test and left the script in place for the c:\pc-\appdata\local\google Log attached. It deleted C:\test without issue but still failed to get rid of \appdata\local\google I also tried manually entering c:\pc-\appdata\local\google for delete in the first part (not the script) and it still failed blitzblank.log

Again...doesn't seem to have deleted that folder Human error detected.... blitzblank.log

I don't think that worked.... blitzblank.log

Ok I couldn't delete the GOOGLE folder in my appdata\local folder. I have followed all the other instructions and made a clean install of Chrome. The good news is there are no more redirects from bookmarks (since that change). MWB was left scanning last night and found another couple of issues scan attached threats.txt

I can't delete the folder in this instruction Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata) that folder includes picasa backup data and all sorts of other stuff. If I try to delete the C:\Users\Your user name\Appdata\Local\GOOGLE\Chrome folder it tells me I don't have permission to do this (despite having ownership and full control of that folder)

Am off to bed....let me know what I next need to do.

scan_180411-205458.txt

Not sure if this is relevant or not but when I open a single chrome browser page I get 7 or 8 versions of Chrome334.exe that start running (as viewed in task manager). I hope this is ok....I am sitting here feeling the need to do something....I am currently running an EMSISOFT scan which has found a couple of things (1/2 way through at present) Trojan.agent.CXBA(B) in Appdata\local\install.dll (PUP) Application.JS,MINER.C(B) in appdata\local\opera software\cache\ (Malware) JS:Trojan.JS.AGENT.SFN(B) in .appdata.....\firefox\profiles\ (PUP) I wasn't able to run that scan if rootkit was ticked...the scan just froze. Unticking rootkit allowed me to at least start the scan. again sorry if I've done the wrong thing. At this stage the scan is set to report only (i.e. not to quarantine) - I didn't want to mess with your process.

MWB has intercepted 35 redirects in the past 12 hours of use.

https://www.virustotal.com/en/file/aa53ffb6fda174b3999a2b637ed9bde70ae2d7c7e1d19af95fb605c420bf2efc/analysis/1523438823/ That is the analysis of the chrome334.exe And a correction to my above posting. MWB is only catching outbound redirects when I click on any of my bookmarks. NOT as I first thought, when I first open Chrome

I submitted the file to virustotal.com for analysis and it comes back as a genuine signed copy of Chrome.exe However it is a hidden file and has a file size of 1553Kb compared to Chrome.exe in the same folder being only 153Kb That makes me think it is being run with some modifiers somewhere which is causing the redirect. Does that sound right? I've run the full scans (as requested above including rootkits, archives, PUPS, PUMS etc) and it's passed muster over the past 5 days of scheduled scans. I'm currently rerunning the scan manually but expect it to come back clear. (update - scan just completed and looks all clear - report attached) The behaviour occurs whenever we click the chrome icon to start a new chrome page when Chrome is not already opened. 114.txt

I'm back and have the website that was blocked. I'm not sure whether I should be concerned by this or not. But this is the website that kept getting blocked a while back. blocked website.txt

I'm away at Cub Scout camp until early next week, so won't be near the computer for a while. Will get back on track and post those logs when I get back.