WMunro

Members
  • Content Count

    8
  • Joined

  • Last visited

Community Reputation

0 Neutral

About WMunro

  • Rank
    Newbie
  1. Sorry, I was away for a few days. I deleted Airmiles extention. Today it seems fine and not redirecting me to Yahoo. I will follow up tomorrow. thank you
  2. Attached is the fixlog. When going to google chrome, it redirects me to Yahoo. Canada. Not as many popups as before fix--but it seems the malwarebytes anti malware is stopping the popups Fixlog.txt attached a screen shot
  3. Have tried a few other "virus removal" tools so have reattached all files. thanksFRST.txtAddition.txtAdwCleanerC3.txt
  4. The infection is still there. Here is my fixlog txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2015 01 Ran by Alan at 2015-01-16 09:22:40 Run:1 Running from C:\Users\Alan\Desktop Loaded Profiles: Alan (Available profiles: Alan) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [gmsd_se_8] => [X] GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1418132790&from=tugs&uid=KINGSTONXSV300S37A120G_50026B77490369BD&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1418132790&from=tugs&uid=KINGSTONXSV300S37A120G_50026B77490369BD&q={searchTerms} Hosts: Hosts file not detected in the default directory Tcpip\..\Interfaces\{EF885E64-14B2-4652-99B0-A93E03F8AD46}: [NameServer] 31.168.224.106,5.135.12.52 FF Plugin: @microsoft.com/GENUINE -> disabled No File CHR HKU\S-1-5-21-885031716-1343160219-1764188400-1000\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - No Path CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path S2 BackupStack; [X] <==== ATTENTION S2 Update Lampy Lighty; "C:\Program Files (x86)\Lampy Lighty\updateLampyLighty.exe" [X] "C:\Program Files (x86)\Lampy Lighty" S1 {d441afc2-977b-40eb-b688-431b09118e9e}Gw64; system32\drivers\{d441afc2-977b-40eb-b688-431b09118e9e}Gw64.sys [X] Task: {A557D312-1840-44AA-8F66-4CBB1C22D9D5} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION C:\Program Files (x86)\MyPC Backup Folder: C:\ProgramData\600440862 CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKLM-x32\...\Run: [gmsd_se_8] => [X] => Error: No automatic fix found for this entry. "C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found. HKLM\SOFTWARE\Policies\Google => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EF885E64-14B2-4652-99B0-A93E03F8AD46}\\NameServer => Value not found. "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully. HKU\S-1-5-21-885031716-1343160219-1764188400-1000\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd => Key not found. BackupStack => Service not found. Update Lampy Lighty => Service not found. "C:\Program Files (x86)\Lampy Lighty" => File/Directory not found. {d441afc2-977b-40eb-b688-431b09118e9e}Gw64 => Service not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A557D312-1840-44AA-8F66-4CBB1C22D9D5} => Key not found. C:\Windows\System32\Tasks\LaunchSignup not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup => Key not found. "C:\Program Files (x86)\MyPC Backup" => File/Directory not found. ========================= Folder: C:\ProgramData\600440862 ======================== Directory Not Found ========= ipconfig /flushdns ========= ========= End of CMD: ========= ========= netsh winsock reset catalog ========= ========= End of CMD: ========= ========= netsh int ip reset c:\resetlog.txt ========= and adw cleaner log # AdwCleaner v4.107 - Report created 16/01/2015 at 09:32:15 # Updated 07/01/2015 by Xplode # Database : 2015-01-13.2 [Live] # Operating System : Windows 7 Professional Service Pack 1 (32 bits) # Username : Alan - ALAN-THINK # Running from : C:\Users\Alan\Desktop\adwcleaner_4.107 (1).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17496 -\\ Google Chrome v39.0.2171.95 ************************* AdwCleaner[R0].txt - [15705 octets] - [09/01/2015 11:48:02] AdwCleaner[R1].txt - [933 octets] - [16/01/2015 09:30:04] AdwCleaner[s0].txt - [15925 octets] - [09/01/2015 11:49:59] AdwCleaner[s1].txt - [857 octets] - [16/01/2015 09:32:15] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [916 octets] ##########