Sign in to follow this  
WMunro

problem with high stairs

Recommended Posts

Hi WMunro,

 

Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Scan button.
Wait until the search has finished.

Click on the Log file button.
A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[R0].txt.

Share this post


Link to post
Share on other sites

Thank you for uploading new FRST logs. It can be rather confusing for me, if you run other tools while I'm trying to help you.

 

1. Do you want to have restrictions on Google Chrome or is it some malware/adware that have set them?

GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

 

2. CHR Extension: (AIR MILES®) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\appfomlmpcknnkbfalincopigifmfkjk [2015-08-03]
That Chrome extension maybe is adware: https://www.herdprotect.com/manifest.json-715941043edbf13cba71c5380df6ada88afa767e.aspx(only read, don't click on it)

 

3. Please, start Notepad.
Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
Toolbar: HKU\S-1-5-21-4018269850-2397705212-1335466313-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-4018269850-2397705212-1335466313-1001 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-07] (GFI Software)
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:BDU
AlternateDataStreams: C:\Users\Cameron\Downloads\adwcleaner_5.007 (1).exe:BDU
AlternateDataStreams: C:\Users\Cameron\Downloads\adwcleaner_5.007.exe:BDU
AlternateDataStreams: C:\Users\Cameron\Downloads\ccsetup509.exe:BDU
AlternateDataStreams: C:\Users\Cameron\Downloads\HousecallLauncher64.exe:BDU
AlternateDataStreams: C:\Users\Wendy\Desktop\WcInstaller.exe:BDU
AlternateDataStreams: C:\Users\Wendy\Downloads\Adaware_Installer (7).exe:BDU
AlternateDataStreams: C:\Users\Wendy\Downloads\adwcleaner_5.007 (1).exe:BDU
AlternateDataStreams: C:\Users\Wendy\Downloads\adwcleaner_5.007.exe:BDU
AlternateDataStreams: C:\Users\Wendy\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Wendy\Downloads\LavasoftPrivacyToolbox.exe:BDU
AlternateDataStreams: C:\Users\Wendy\Downloads\mbam-setup-2.1.8.1057.exe:BDU
AlternateDataStreams: C:\Users\Wendy\Downloads\Windows-KB890830-x64-V5.21.exe:BDU
IE trusted site: HKU\S-1-5-21-4018269850-2397705212-1335466313-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4018269850-2397705212-1335466313-1001\...\microsoft.com -> hxxp://office.microsoft.com
IE trusted site: HKU\S-1-5-21-4018269850-2397705212-1335466313-1001\...\webcompanion.com -> hxxp://webcompanion.com
Reboot:
and paste in Notepad. Check that no files have been split on two lines.
Save the file as fixlist.txt on the desktop.

Exit all programs.
Start FRST, please.
Click the Fix button.
Wait until the tool has finished.

It creates a log file, called Fixlog.txt, on the desktop.
Please, paste the content of that file in your reply.

 

 

4. Do you still have "high stairs" problems or any other problem?

If yes, please describe them.

Share this post


Link to post
Share on other sites

Attached is the fixlog. When going to google chrome, it redirects me to Yahoo. Canada. Not as many popups as before fix--but it seems the malwarebytes anti malware is stopping the popups Fixlog.txt

attached a screen shot

post-106343-0-80162300-1442356597_thumb.png

Share this post


Link to post
Share on other sites

Do you want that I write a script to FRST that removes the Chrome restrictions and/or deletes the AIR MILES® Chrome Extension?

 

Please, either upload a screenshot with only the message from MBAM or write the content of it in your reply. Now it's too small, I can't read it.

 

Does MBAM block domains when you're using Internet Explorer and are there redirections in Internet Explorer?

Share this post


Link to post
Share on other sites

Sorry, I was away for a few days. I deleted Airmiles extention. Today it seems fine and not redirecting me to Yahoo. I will follow up tomorrow.

thank you

Share this post


Link to post
Share on other sites

No need to apologize.

 

Good and I hope it continues to be fine.

 

You're welcome :)

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

Everyone else please begin a New Topic.

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this