Having trouble removing Positive Finds adware from Chrome

Welcome to Major Geeks!

Yes because you are not clicking ( actually double clicking on the notice from TrendMicro HijackThis to Accept the agreement. You may not be seeing it but it is there waiting for you. Shutdown all programs ( including your browser windows ) so that you can see this notice and run MGtools again and this time you should see the popup notice from TrendMicro. Click the Accept button twice. Then things will continue.

 

You have to click the Accept button twice for it to continue!

You did not post a new log there. You cannot edit it after 5 minutes. You need to attach the new log ( if you ran MGtools again ) to a new post but let's hold off on this now and do the the below where I will request a new log anyway.

Not really. It most likely just due to the websites you access and what you clickon and download/install. Your initial logs do not really show any real malware so it is probably just a browser add-on/extension.


Uninstall the below very old versions of software:
Java 8 Update 20
Java 8 Update 25



Please download OTM by Old Timer and save it to your Desktop.

• Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
• Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
  (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
  the code box

Code:

:Processes
explorer.exe
 
:Files
C:\Windows\system32\tasks\{28CBC87C-0C82-41BA-B72F-4EA4498A9604}
C:\Windows\system32\tasks\{5B31351A-6144-4AC1-BA8A-177072430917}
C:\Windows\system32\tasks\{AB916EC5-2608-4E1B-86FA-055A24C5B22D}
C:\Windows\system32\tasks\{E8C0643A-A9B1-4496-B314-AF06946869CD}
C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
C:\Program Files (x86)\Avira
C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
C:\Windows\TEMP\*.*
C:\Users\krolski\AppData\Local\Temp\*.*
 
:Reg
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"=-
:Commands
[purity]
[EmptyTemp]
[start explorer]
 

[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
  ) and choose Paste.
• Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
• If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.



Now please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).



Then attach the below logs:

• the C:\_OTM\MovedFiles log
• the JRT.TXTlog
• C:\MGlogs.zip

Make sure you tell me how things are working now!
If still having a problem with Chrome then try running the below to see if it helps.

Reset Chrome to Defaults

If you still have a problem then it may not be a malware issue. It may not even be a problem on your PC. Positive Finds is one of many methods websites use as a source of revenue. Keywords are double underlined and when your mouse moves over them, a popup appears. These are embedded ads on the website being accessed. Does it only happen of certain websites or does it happen on all websites.