Skip to main content

Comments

8 comments

  • Support

    Hi WMunro,

     

    Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

    Turn off all programs, including browsers.
    Double-click on AdwCleaner to start the program.

    Click on the Scan button.
    Wait until the search has finished.

    Click on the Log file button.
    A report will be displayed, copy its content and paste into your reply.
    If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[R0].txt.

    0
  • Support

    Thank you for uploading new FRST logs. It can be rather confusing for me, if you run other tools while I'm trying to help you.

     

    1. Do you want to have restrictions on Google Chrome or is it some malware/adware that have set them?

    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

     

    2. CHR Extension: (AIR MILES®) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\appfomlmpcknnkbfalincopigifmfkjk [2015-08-03]
    That Chrome extension maybe is adware: https://www.herdprotect.com/manifest.json-715941043edbf13cba71c5380df6ada88afa767e.aspx(only read, don't click on it)

     

    3. Please, start Notepad.
    Copy all text that is in the box:

    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Run: [] => [X]
    Toolbar: HKU\S-1-5-21-4018269850-2397705212-1335466313-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    Toolbar: HKU\S-1-5-21-4018269850-2397705212-1335466313-1001 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No File
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
    R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-07] (GFI Software)
    AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:BDU
    AlternateDataStreams: C:\Users\Cameron\Downloads\adwcleaner_5.007 (1).exe:BDU
    AlternateDataStreams: C:\Users\Cameron\Downloads\adwcleaner_5.007.exe:BDU
    AlternateDataStreams: C:\Users\Cameron\Downloads\ccsetup509.exe:BDU
    AlternateDataStreams: C:\Users\Cameron\Downloads\HousecallLauncher64.exe:BDU
    AlternateDataStreams: C:\Users\Wendy\Desktop\WcInstaller.exe:BDU
    AlternateDataStreams: C:\Users\Wendy\Downloads\Adaware_Installer (7).exe:BDU
    AlternateDataStreams: C:\Users\Wendy\Downloads\adwcleaner_5.007 (1).exe:BDU
    AlternateDataStreams: C:\Users\Wendy\Downloads\adwcleaner_5.007.exe:BDU
    AlternateDataStreams: C:\Users\Wendy\Downloads\FRST64.exe:BDU
    AlternateDataStreams: C:\Users\Wendy\Downloads\LavasoftPrivacyToolbox.exe:BDU
    AlternateDataStreams: C:\Users\Wendy\Downloads\mbam-setup-2.1.8.1057.exe:BDU
    AlternateDataStreams: C:\Users\Wendy\Downloads\Windows-KB890830-x64-V5.21.exe:BDU
    IE trusted site: HKU\S-1-5-21-4018269850-2397705212-1335466313-1001\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-4018269850-2397705212-1335466313-1001\...\microsoft.com -> hxxp://office.microsoft.com
    IE trusted site: HKU\S-1-5-21-4018269850-2397705212-1335466313-1001\...\webcompanion.com -> hxxp://webcompanion.com
    Reboot:
    and paste in Notepad. Check that no files have been split on two lines.
    Save the file as fixlist.txt on the desktop.

    Exit all programs.
    Start FRST, please.
    Click the Fix button.
    Wait until the tool has finished.

    It creates a log file, called Fixlog.txt, on the desktop.
    Please, paste the content of that file in your reply.

     

     

    4. Do you still have "high stairs" problems or any other problem?

    If yes, please describe them.

    0
  • Customer

    Have tried a few other "virus removal" tools so have reattached all files.

    thanksFRST.txtAddition.txtAdwCleanerC3.txt

    0
  • Support

    Do you want that I write a script to FRST that removes the Chrome restrictions and/or deletes the AIR MILES® Chrome Extension?

     

    Please, either upload a screenshot with only the message from MBAM or write the content of it in your reply. Now it's too small, I can't read it.

     

    Does MBAM block domains when you're using Internet Explorer and are there redirections in Internet Explorer?

    0
  • Customer

    Attached is the fixlog. When going to google chrome, it redirects me to Yahoo. Canada. Not as many popups as before fix--but it seems the malwarebytes anti malware is stopping the popups Fixlog.txt

    attached a screen shot

    0
  • Customer

    Sorry, I was away for a few days. I deleted Airmiles extention. Today it seems fine and not redirecting me to Yahoo. I will follow up tomorrow.

    thank you

    0
  • Support

    No need to apologize.

     

    Good and I hope it continues to be fine.

     

    You're welcome

    0
  • Support

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.


    If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.


    Everyone else please begin a New Topic.


    Thank you !

    0

Please sign in to leave a comment.