CeciliaB

There were only three files that was quarantined by FRST: ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log ProgramData\Lavasoft\Web Companion\Options\ActiveFeatures.zip Users\Nyein.xBAD Removing those files can't make add-ons disappear in Chrome. Something else must have happened in the computer at approx. the same time. Please scan with FRST again and upload the new FRST.txt.

Hi Nyein, sorry but you forgot to upload the file.

Hi Nyein, It's possible that the fixlist.txt with too many returns destroyed something in the profile of Chrome. We can try to restore everything in the quarantine of FRST since that should restore the add-ons if FRST removed them. Please, start Notepad. Copy all text that is in the box: CloseProcesses: Folder: C:\FRST\Quarantine RestoreQuarantine: Reboot: and paste in Notepad. There should be only four lines. If an extra return has been inserted between the word "Folder:" and the path "C:\FRST\Quarantine", the quarantine folder will be deleted and no restoration can be done. Save the file as fixlist.txt on the desktop. Exit all programs. Start FRST, please. Click the Fix button. Wait until the tool has finished. It creates a log file, called Fixlog.txt, on the desktop. Please, paste the content of that file in your reply. Have the add-ons been restored?

I wrote (several times with different wordings): But you do this: For me this means that you think that you know more than I do about getting rid of malware and adware. Why ask me when you don't follow what I reply. I have also written several times that this isn't a forum for problems with Linux, hardware and other stuff not related to adaware programs, malware and adware, but you continue asking such questions. I think I'm wasting my time trying to help you.

Hi Lissa, This is a forum for problems with adaware products, malware and adware, it isn't a general forum for all kind of computer problems. You have to find a forum for computer problems, maybe the forum of Tom's Hardware since it seems to be hardware related.

Hi Nyein, Extensions to which program and can you give an example of a missing extension? The fix did very little since fixlist.txt contains a lot of returns that shouldn't be there. But don't try again until the problem with the missing extensions has an explanation. Sorry, but you haven't mentioned a message about another instance before. Please give me more details about that.

Nyein, you're welcome 1. Please, start Notepad. Copy all text that is in the box: CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-2809528103-2808818042-3570622398-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2019-01-07] (Lavasoft) HKU\S-1-5-21-2809528103-2808818042-3570622398-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180521__yaie SearchScopes: HKU\S-1-5-21-2809528103-2808818042-3570622398-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__180521__yaie&p={searchTerms} FF Homepage: Mozilla\Firefox\Profiles\6wzytc6l.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180521__yaff FF NewTab: Mozilla\Firefox\Profiles\6wzytc6l.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180521__yaff FF SearchPlugin: C:\Users\Nyein Chan\AppData\Roaming\Mozilla\Firefox\Profiles\6wzytc6l.default\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-21] CHR DefaultSearchURL: Default -> hxxps://defaultsearch.co/?q={searchTerms} CHR DefaultSearchKeyword: Default -> Default Search 2019-01-07 17:52 - 2018-05-21 07:23 - 000000000 ____D C:\Users\Nyein Chan\AppData\Local\Lavasoft 2019-01-07 17:47 - 2018-05-21 07:22 - 000000000 ____D C:\Users\Nyein Chan\AppData\Roaming\Lavasoft IE trusted site: HKU\S-1-5-21-2809528103-2808818042-3570622398-1000\...\webcompanion.com -> hxxp://webcompanion.com Reboot: and paste in Notepad. Check that no files have been split on two lines. Save the file as fixlist.txt in the same folder as the FRST program. Exit all programs. Start FRST, please. Click the Fix button. Wait until the tool has finished. It creates a log file, called Fixlog.txt. Please, paste the content of that file in your reply. 2. Please go through the settings in all your browsers and change the start page and the search providers according to your preferences. 3. Do you see any signs of web companion now?

Hi Nyein Chan, Have you tried the other two alternatives on the page that ooze linked to? If no alternative works in your computer, please see this post:

Hi garen123, There is no adaware for mobile phones.

Avira uninstallation: https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/88 I don't know anything about the other two products and you've to ask in their forums if you can't find any information from their manufacturers. Let us take care of PC2 Compaq desktop pc now. 1. Disconnect everything that isn't necessary, e.g. all USB drives. Don't use that computer for anything else than following my instructions. 2. Try to remove Avast with their special clean program, as you did with the first computer. 3. Try to find a similar program for Comodo, but only on their website. Search for information about uninstallation in their forum. When done, activate adaware antivirus and restart the computer. 4. Uninstall all programs that you don't use. Restart the computer. 5. Scan with FRST and attach FRST.txt and Addition.txt to your reply. 6. Scan with AdwCleaner and attach its log file to your reply. Remember that this forum only handles problems related to some products from adaware software, malware and adware. If you've a problem with another program, you've to ask the manufacturer of that program or in a forum specializing in that program.

Good! I can't see any more malicious files in that computer. Time for the next computer, please run FRST and attach the new FRST.ext and Addition.txt (I'll only read shortcut.txt if you say that there is a problem with some shortcuts). Don't use that computer for anything else than doing what I ask you to do.

1. According to the logs you've installed RogueKiller and that program probably has erased the malicious files. I quote: Since you've several computers, don't use the computer that I'm trying to clean to anything except what I ask you to do. Can you follow that? 2. Please upload this file to virustotal.com: C:\Windows\System32\drivers\TchS2Helper.sys

1. Can you explain why files and folders that were visible in the latest logs from FRST, no longer existed when FRST wanted to remove them? Have you run some other antivirus, antimalware or similar program that I haven't asked you to run? 2. Please, start Notepad. Copy all text that is in the box: CreateRestorePoint: CloseProcesses: C:\Program Files (x86)\XWX C:\Program Files (x86)\whe Reboot: and paste in Notepad. Check that no files have been split on two lines. Save the file as fixlist.txt on the desktop. Exit all programs. Start FRST, please. Click the Fix button. Wait until the tool has finished. It creates a log file, called Fixlog.txt, on the desktop. Please, paste the content of that file in your reply. 3. Scan with FRST and attach FRST.txt and Addition.txt. See my previous reply to you: https://forum.adaware.com/index.php?/topic/36933-xubuntu-live-usb-infected-systweak-trials-bytefence-others/&do=findComment&comment=155320 I don't know.

Good! Please, start Notepad. Copy all text that is in the box: CreateRestorePoint: CloseProcesses: HKLM-x32\...\RunOnce: [] => [X] S3 MThhOD; C:\Program Files\MThhOD\OGI5OWM3NDU3M.exe [1137544 2018-12-30] () 2018-12-31 17:08 - 2019-01-02 01:46 - 000000000 ____D C:\ProgramData\ALLPlayer 2018-12-31 17:08 - 2018-12-31 17:08 - 000000000 ____D C:\ProgramData\{F86B0233-9A85-4589-8AAF-524CC4F8211B} 2018-12-31 17:03 - 2018-12-31 17:03 - 000000000 ____D C:\Windows\Tasks\ImCleanDisabled 2018-12-31 15:26 - 2018-12-31 15:26 - 000000000 ____D C:\ProgramData\{E0224FF9-7AE3-4F9E-991A-2F004F7E3952} Folder: C:\Program Files (x86)\XWX VirusTotal: C:\Program Files (x86)\whe\Repeal.dll 2018-12-31 10:20 - 2018-12-31 17:53 - 000000000 ____D C:\Program Files (x86)\relined 2018-12-31 10:20 - 2018-12-31 17:53 - 000000000 ____D C:\Program Files (x86)\Mousetrap 2018-12-31 10:20 - 2018-12-31 17:53 - 000000000 ____D C:\Program Files (x86)\Gundel 2018-12-31 10:20 - 2018-12-31 17:52 - 000000000 ____D C:\Users\jean-\AppData\Local\Michael 2018-12-31 10:20 - 2018-12-31 10:26 - 000000000 ____D C:\Program Files (x86)\Katherine VirusTotal: C:\Users\jean-\AppData\Local\sham.db 2018-12-31 10:20 - 2018-12-31 10:20 - 000004008 _____ C:\Windows\System32\Tasks\smoke andros mcmorrowsmoke andros mcmorrow 2018-12-31 10:20 - 2018-12-31 10:20 - 000003984 _____ C:\Windows\System32\Tasks\macey_obtainsmacey_obtains 2018-12-31 10:20 - 2018-12-31 10:20 - 000000000 ____D C:\Program Files (x86)\filigreed 2018-12-31 10:17 - 2018-12-31 10:17 - 000000000 ____D C:\Users\jean-\AppData\Roaming\SystemLocation 2018-12-31 10:15 - 2018-12-31 10:16 - 000000000 ____D C:\ProgramData\MZa 2018-12-31 10:14 - 2018-12-31 10:15 - 000000000 ____D C:\Program Files\MThhOD 2018-12-31 10:14 - 2018-12-31 10:14 - 001437184 _____ C:\Windows\oymoi.oymki 2018-12-31 10:14 - 2018-12-31 10:14 - 000000000 ____D C:\Users\jean-\AppData\Local\AdvinstAnalytics 2018-12-31 10:10 - 2018-12-31 10:10 - 000012800 _____ C:\Windows\clintonites.exe 2018-12-31 10:10 - 2018-12-31 10:10 - 000012800 _____ C:\Users\jean-\AppData\Local\Noisiest.exe 2018-12-30 13:15 - 2018-12-30 13:15 - 000098328 _____ C:\Windows\system32\Drivers\NGQ1MTBmY Folder: C:\Users\jean-\AppData\Local\CEF Folder: C:\ProgramData\ToastGenerator VirusTotal: C:\Users\jean-\AppData\Local\AirCom.tst VirusTotal: C:\Users\jean-\AppData\Local\Freshphase.exe VirusTotal: C:\Users\jean-\AppData\Local\SubOzekix.bin ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => -> Pas de fichier ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => -> Pas de fichier ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => -> Pas de fichier ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => -> Pas de fichier ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Pas de fichier ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => -> Pas de fichier Task: {C7A0F030-3818-4FC9-8059-98DEF5C9A1EE} - System32\Tasks\macey_obtainsmacey_obtains => C:\Program Files (x86)\Katherine\Noisiest.exe [2018-12-31] () Task: {CB1E17CE-354B-4638-B127-884EE38FA287} - System32\Tasks\smoke andros mcmorrowsmoke andros mcmorrow => C:\Users\jean-\AppData\Local\Noisiest.exe [2018-12-31] () Reboot: and paste in Notepad. Check that no files have been split on two lines. Save the file as fixlist.txt on the desktop. Exit all programs. Start FRST, please. Click the Fix button. Wait until the tool has finished. It creates a log file, called Fixlog.txt, on the desktop. Please, attach that file to your reply.

I agree that those two programs aren't malicious, but I've many times in different forums seen people having problems with their computers after using DriverFighter and other driver/program updating programs. Many computer problems occur also after running Windows repair/optimizing programs as Restoro: https://blog.malwarebytes.com/detections/pup-optional-restoro/#type-and-source-of-infection A good disk cleanup program is included in Windows. You've to start it manually but it doesn't take up any disk space and consumes less CPU time. https://www.shouldiremoveit.com/FULL-DISKfighter-19491-program.aspx Many freeware programs install adware that slow down your computer and browser, use your internet connection and displays ads in the browser. What? I haven't said that you should use SlimAV. I don't trust the program: https://www.bleepingcomputer.com/forums/t/614165/is-slimav-an-actual-anti-virus-or-did-one-of-my-friends-fall-for-a-scam/ You've to discuss that in another forum specializing in mobile phones. You've to ask the manufacturer of the program, or use another program. Why do you think I'm interested in that? If I see cracks or keygens in the logs, I refuse to give help until those are deleted. Have you cracks and/or keygens in your computers? Then you've to uninstall them or even better reinstall Windows and don't install them again If such stuff are the cause of the terrible state of your computer, you should now know why not to use illegal software. Please upload to virustotal.com: C:\Program Files (x86)\filigreed\filigreed.exe C:\Users\jean-\AppData\Roaming\SystemLocation\utcwatcher.exe