FB timeline remover hijacked browser

I installed several weeks ago a Google chrome extension that removed the timeline on Facebook, after I did this this extension was removed from the Extension store. ( I was looking for it again and found it gone - for a friend.) It worked fine for about a month. yesterday another friend sent me the url to a website that had a FB timeline remover named the same thing as the extension. Immediately upon opening Chrome I got my home page which was my Facebook page went to message center where new message with the url was in it---PLUS 2 tabs opened up to the url that was in the message. I had my friend delete the message and clear cache as I did same thing to rid the url from message center. that worked but upon reopening Google chrome several times even after reboots the extra 2 tabs to that offending URL opened up again and again.

I went into extensions and disabled the extension ( that worked fine for over a month) called FB timeline remover and the offending 2 tabs have not opened again. Don't know if it was coincidence or that the developer of the extension went rogue or something. I need to know that there is no problem with my PC even though the tabs stopped only after removal of the extension I am still concerned it planted something on my computer.

I ran all the test in your read me file, sypware and malware were clean. As for anything else I have not a clue. Please review the logs and let me know if I should do something else. Am also including the url in zip format in notepad so you know the site that kept opening up.

to follow is SAS log
Thanks you

Acer laptop
8 gig ram
windows 7 home 64 bit
Intel I3 processor

 

SAS log it was clean no threats found here is image of browser with 2 offending uncalled up tabs when this first started.
http://img.photobucket.com/albums/v732/earlybirdebay/browserhijack.gif

 

I ran the 2 utilities recommended here is the log files. I disabled zone alarm and other protection software plus changed the account control setting like in first instructions I followed. Chances are i won't be able to get back until tomorrow to followup but will certainly followup I think both logs were clear or ok.
I did get a timeline remover at timelineremover dot com I think that is what your link is for same add-on only from the developers web site. Thank goodness for 2 PC s use desktop for reading instructions and test the laptop in question.rolleyes

will use your link to the timeline add-on for my desktop --- thanks

 

I ran this in instructions above
Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /uninstall
I got zone alarm message something was trying to take control of my computer I allowed it something about a handler? anyway it seemed like nothing was happening then got message antivirus etc was still running and could not proceed-- I closed the zone alarm and got another message it was still running and click ok to proceed at my own risk--- I had to resort to turning off laptop with power button when screenwent black and nothing was happening??? I can still see Combo fix and other files I put on desktop still on the PC. SHOULD I rerun the run command again with time stopping Zone alarm first?? I am not sure what the uninstall did if anything.

PLUS I am unsure about next step I see it says IF running Vista go to the MGtools folder--I am running windows 7 so do I skip that? go to the bat file to uninstall MGtool think? Wanted to make sure what to do with the combo fix NOT???? working or how to check to see if it did work, and if to skip the Vista line-- I think I already re-enabled the user account control thru the control panel.?? -tiny bit confused now.

 

Ok I reread instructions took image of the cdrive and combofix in listed there see image and when I got combofix I put it on desktop but I can't remember if it installed and where it might of gone?? to a default location on the cdrive I don't remember it asking where to install it I put the combofix on desktop and from there clicked to use it in the first few steps of malware removal--- if this information helps clear up my message. I included this image to show combofix is listed in my cdrive and also the combofix exe file is still on my desktop as if the log files it created so they were easily found to attach.
will do nothing else until I hear from you. PC seems to be running ok after that black screen and lack of doing anything I described so await your instructions. thanks so much do appreciate your help .
http://img.photobucket.com/albums/v732/earlybirdebay/cdriveafteruninstalldidntwork.jpg

 

Thank you will do asap.

 

Problem?? I did all in this post and found when I went to turn off system restore it was already off so I turned it on, I do know it was on and I didn't turn it off. don't know how it happened...
But that might not be the problem I had a windows update to do but didn't do it while in process of doing everything on this post so left it to do after completing my investigation and fixes on this post. The update failed, along with all the fixes thru the windows sites I found to make the update work. it is an update for Windows defender which I never used and if it ran in background i didn't know it but it has always installed the updates when they came out, now they do not I was wondering if the Malwarebytes program still on my PC in trial version is what the problem might be?
The following is what i wrote on a message board Answers for Windows on the same error code I got so thought you might tell me something since the last update with Windows update on the Windows Defender that was successful was April 16th and everything i have done to my PC was here at this post started on april 18th??
I did not do this part it was wrong update

Run CheckSUR to verify there are no system packages that have become damaged. mine is KB915597 could find no checksur for mine?

<<http://support.microsoft.com/kb/947821>>

and this part check was OK nothing found corrupted.
Run SFC /Scannow to make sure there is no system corruption.

<<http://support.microsoft.com/kb/929833>>

AM puzzled and don't know what to do can't find where to hide that update or if all windows updates will have problem.??? :cry



copy of my post to Windows answers.http://answers.microsoft.com/en-us/windows/forum/windows_vista-windows_update/windowsupdate8007007e-windowsupdatedt000/32e60622-ce49-4dda-a158-23a74efb74dc?tm=1335470238023

I have 15 Wupdate failed now have tried everything, several times. on this post. plus the 2 links on the details page. I even went to download the latest WDefender definitions manually to see if the notice would go away Win update still finds this update and fails Last good update was April 16th In the meantime I had downloaded malwarebytes anitmalware Don't know if this cause the Windows Defender service to stop I checked that also and the WD is not listed in my programs list either. SO---- i do not know what has happened. I tried to update many times did the instructions in this post above manually downloaded the definitions and installed, ran the Microsoft fix tool 4 times with administration rights turned off Zone Alarm Extreme Security and the trial version of Antimalwarebytes. All to no avail. the update is still coming up and failing.

Intel 64 bit Windows 7 home premium on i3 intel processor of Acer laptop with 8 gig ram.

Zone Alarm Extreme Security has never interfiered with Windows defender only new program is the Anit-Malwarebytes-Anti malware in trial version .

--------update details------------------
Definition Update for Windows Defender - KB915597 (Definition 1.125.402.0)

details of failed install

Installation date: ‎4/‎26/‎2012 3:16 PM

Installation status: Failed

Error details: Code 8007007E

Update type: Important

Install this update to revise the definition files used to detect spyware and other potentially unwanted software. Once you have installed this item, it cannot be removed.

More information:
http://www.microsoft.com/athome/security/spyware/software/about/overview.mspx

Help and Support:
http://go.microsoft.com/fwlink/?LinkId=52661