Skip to main content

found "Ads by DNS Blocker" endless popups

Comments

8 comments

  • Support

    Hi lantzeb,

     

    Why is Ad-Aware disabled, shouldn't it protect the computer?

     

     

    1. Please, start Notepad.
    Copy all text that is in the box:

    CreateRestorePoint:
    CloseProcesses:
    Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
    Tcpip\..\Interfaces\{693a6d4e-7fd7-425b-93d5-4569c70a8ccf}: [NameServer] 82.163.143.171 82.163.142.173
    Tcpip\..\Interfaces\{9d69840a-5d77-4cef-87db-2c23184eb3d0}: [NameServer] 82.163.143.171 82.163.142.173
    Tcpip\..\Interfaces\{9d69840a-5d77-4cef-87db-2c23184eb3d0}: [DhcpNameServer] 82.163.143.171
    Tcpip\..\Interfaces\{c44991a7-0ff3-4c30-9553-1bfd5cecc201}: [NameServer] 82.163.143.171 82.163.142.173
    Tcpip\..\Interfaces\{c44991a7-0ff3-4c30-9553-1bfd5cecc201}: [DhcpNameServer] 82.163.143.171
    CMD: ipconfig /flushdns
    and paste in Notepad. Check that no files have been split on two lines.
    Save the file as fixlist.txt on the desktop.

    Exit all programs.
    Start FRST, please.
    Click the Fix button.
    Wait until the tool has finished.

    It creates a log file, called Fixlog.txt, on the desktop.
    Please, paste the content of that file in your reply.

     

    Repeat the above when you restart the computer until the computer is clean.

     

     

    2. Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

    Turn off all programs, including browsers.
    Double-click on AdwCleaner to start the program.

    Click on the Scan button.
    Wait until the search has finished.

    Click on the Log file button.
    A report will be displayed, copy its content and paste into your reply.
    If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[s1].txt.

    0
  • Customer

    Here it is...

     

    So far so good. I ran FRST twice. Ads still there. I then ran AdwCleaner and things seem to be back to normal.

     

    Thanks

     

    Fix result of Farbar Recovery Scan Tool (x64) Version: 13-07-2016 02
    Ran by Lantze (2016-07-14 19:42:21) Run:3
    Running from C:\Users\Lantze\Desktop
    Loaded Profiles: Lantze (Available Profiles: Lantze & DefaultAppPool)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
    Tcpip\..\Interfaces\{693a6d4e-7fd7-425b-93d5-4569c70a8ccf}: [NameServer] 82.163.143.171 82.163.142.173
    Tcpip\..\Interfaces\{9d69840a-5d77-4cef-87db-2c23184eb3d0}: [NameServer] 82.163.143.171 82.163.142.173
    Tcpip\..\Interfaces\{9d69840a-5d77-4cef-87db-2c23184eb3d0}: [DhcpNameServer] 82.163.143.171
    Tcpip\..\Interfaces\{c44991a7-0ff3-4c30-9553-1bfd5cecc201}: [NameServer] 82.163.143.171 82.163.142.173
    Tcpip\..\Interfaces\{c44991a7-0ff3-4c30-9553-1bfd5cecc201}: [DhcpNameServer] 82.163.143.171
    CMD: ipconfig /flushdns
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer => value not found.
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{693a6d4e-7fd7-425b-93d5-4569c70a8ccf}\\NameServer => value not found.
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9d69840a-5d77-4cef-87db-2c23184eb3d0}\\NameServer => value not found.
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9d69840a-5d77-4cef-87db-2c23184eb3d0}\\DhcpNameServer => value not found.
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c44991a7-0ff3-4c30-9553-1bfd5cecc201}\\NameServer => value not found.
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c44991a7-0ff3-4c30-9553-1bfd5cecc201}\\DhcpNameServer => value not found.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End ofCMD: =========



    The system needed a reboot.

    ==== End of Fixlog 19:42:26 ====

     

     

    # AdwCleaner v5.201 - Logfile created 14/07/2016 at 20:15:08
    # Updated 30/06/2016 by ToolsLib
    # Database : 2016-07-14.1 [server]
    # Operating system : Windows 10 Pro (X64)
    # Username : Lantze - BLEVINS_VAIO
    # Running from : C:\Users\Lantze\Downloads\adwcleaner_5.201.exe
    # Option : Scan
    # Support : https://toolslib.net/forum

    ***** [ Services ] *****

    Service Found : LavasoftTcpService
    Service Found : WCAssistantService

    ***** [ Folders ] *****

    Folder Found : C:\ProgramData\lavasoft\web companion
    Folder Found : C:\ProgramData\6fca9aa0
    Folder Found : C:\ProgramData\9afe966a-04f3-0
    Folder Found : C:\ProgramData\9afe966a-38d1-0
    Folder Found : C:\ProgramData\9afe966a-3b27-1
    Folder Found : C:\ProgramData\9afe966a-4c05-0
    Folder Found : C:\ProgramData\dfaf2ec3-2221-1
    Folder Found : C:\ProgramData\dfaf2ec3-3e85-0
    Folder Found : C:\ProgramData\{00297165-412c-0}
    Folder Found : C:\ProgramData\{00538f90-612c-0}
    Folder Found : C:\ProgramData\{0219cf4e-012c-1}
    Folder Found : C:\ProgramData\{08b1a59d-212c-1}
    Folder Found : C:\ProgramData\{25d69304-612c-0}
    Folder Found : C:\ProgramData\{339a241d-212c-1}
    Folder Found : C:\ProgramData\Application Data\lavasoft\web companion
    Folder Found : C:\ProgramData\Application Data\6fca9aa0
    Folder Found : C:\ProgramData\Application Data\9afe966a-04f3-0
    Folder Found : C:\ProgramData\Application Data\9afe966a-38d1-0
    Folder Found : C:\ProgramData\Application Data\9afe966a-3b27-1
    Folder Found : C:\ProgramData\Application Data\9afe966a-4c05-0
    Folder Found : C:\ProgramData\Application Data\dfaf2ec3-2221-1
    Folder Found : C:\ProgramData\Application Data\dfaf2ec3-3e85-0
    Folder Found : C:\ProgramData\Application Data\{00297165-412c-0}
    Folder Found : C:\ProgramData\Application Data\{00538f90-612c-0}
    Folder Found : C:\ProgramData\Application Data\{0219cf4e-012c-1}
    Folder Found : C:\ProgramData\Application Data\{08b1a59d-212c-1}
    Folder Found : C:\ProgramData\Application Data\{25d69304-612c-0}
    Folder Found : C:\ProgramData\Application Data\{339a241d-212c-1}
    Folder Found : C:\Program Files (x86)\SystemHealer
    Folder Found : C:\Program Files (x86)\lavasoft\web companion
    Folder Found : C:\Users\Lantze\AppData\Roaming\lavasoft\web companion
    Folder Found : C:\Users\Lantze\AppData\Local\Google\Chrome\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi

    ***** [ Files ] *****

    File Found : C:\searchplugins\bing-lavasoft.xml
    File Found : C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
    File Found : C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
    File Found : C:\Users\Lantze\AppData\Roaming\Mozilla\Firefox\Profiles\cuxfccjc.default\searchplugins\bing-lavasoft.xml
    File Found : C:\Users\Lantze\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bahkljhhdeciiaodlkppoonappfnheoi_0.localstorage
    File Found : C:\Users\Lantze\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
    File Found : C:\Users\Lantze\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
    File Found : C:\Users\Lantze\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.eshopcomp.com_0.localstorage
    File Found : C:\Users\Lantze\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.eshopcomp.com_0.localstorage-journal
    File Found : C:\Users\Lantze\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage
    File Found : C:\Users\Lantze\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage-journal
    File Found : C:\WINDOWS\SysNative\LavasoftTcpService64.dll
    File Found : C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini

    ***** [ DLL ] *****


    ***** [ WMI ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    Key Found : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6fca9aa0}
    Key Found : HKCU\Software\Google\Chrome\Extensions\bahkljhhdeciiaodlkppoonappfnheoi
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bahkljhhdeciiaodlkppoonappfnheoi
    Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bahkljhhdeciiaodlkppoonappfnheoi
    Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
    Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
    Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
    Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
    Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
    Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
    Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
    Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
    Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
    Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
    Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
    Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
    Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
    Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
    Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
    Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    Key Found : HKCU\Software\APN PIP
    Key Found : HKCU\Software\PRODUCTSETUP
    Key Found : HKCU\Software\System Healer
    Key Found : HKCU\Software\ICSW1.19
    Key Found : HKCU\Software\csastats
    Key Found : HKCU\Software\AppDataLow\Software\adawarebp
    Key Found : HKLM\SOFTWARE\Lavasoft\Web Companion
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
    Key Found : HKU\S-1-5-21-1215650996-1891130368-1519456790-1005\Software\APN PIP
    Key Found : HKU\S-1-5-21-1215650996-1891130368-1519456790-1005\Software\PRODUCTSETUP
    Key Found : HKU\S-1-5-21-1215650996-1891130368-1519456790-1005\Software\System Healer
    Key Found : HKU\S-1-5-21-1215650996-1891130368-1519456790-1005\Software\ICSW1.19
    Key Found : HKU\S-1-5-21-1215650996-1891130368-1519456790-1005\Software\csastats
    Key Found : HKU\S-1-5-21-1215650996-1891130368-1519456790-1005\Software\AppDataLow\Software\adawarebp
    Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] - hxxp://www.bing.com/?pc=COSP&ptag=D070116-A60FA26CFB78147A880F&form=CONMHP&conlogo=CT3332038
    Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] - hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_13&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzzzzyEtA0C0F0ByDtDyD0DyCyC0FyBtN0D0Tzu0StCyDyDtBtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0A0CyEyEtDtC0EtGtAtDyD0CtG0D0F0BtCtGtD0F0BtBtGzzyByBtAtAtA0FtDtAtAyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByEtCyEtDyD0A0FtGtDzzzy0DtGyEyE0CtBtG0ByD0AtAtG0FtAtCtCtCyC0D0DtA0F0AtA2QtN0A0LzutB%26cr%3D1671957322%26a%3Dwncy_instlmtrx_16_13%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
    Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] - hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_13&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzzzzyEtA0C0F0ByDtDyD0DyCyC0FyBtN0D0Tzu0StCyDyDtBtN1L2XzutAtFtBtDtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0A0CyEyEtDtC0EtGtAtDyD0CtG0D0F0BtCtGtD0F0BtBtGzzyByBtAtAtA0FtDtAtAyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByEtCyEtDyD0A0FtGtDzzzy0DtGyEyE0CtBtG0ByD0AtAtG0FtAtCtCtCyC0D0DtA0F0AtA2QtN0A0LzutB%26cr%3D1671957322%26a%3Dwncy_instlmtrx_16_13%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
    Data Found : HKU\S-1-5-21-1215650996-1891130368-1519456790-1005\Software\Microsoft\Internet Explorer\Main [start Page] - hxxp://www.bing.com/?pc=COSP&ptag=D070116-A60FA26CFB78147A880F&form=CONMHP&conlogo=CT3332038
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Found : HKU\S-1-5-21-1215650996-1891130368-1519456790-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utop.it
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bestpriceninja.com
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\coupontime.co
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\eshopcomp.com
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pricepeep.net
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pstatic.bestpriceninja.com
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pstatic.eshopcomp.com
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\re-markit.co
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.coupontime00.coupontime.co
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.pricepeep00.pricepeep.net
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.re-markit00.re-markit.co
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bestpriceninja.com
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\coupontime.co
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\eshopcomp.com
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pricepeep.net
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pstatic.eshopcomp.com
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\re-markit.co
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.coupontime00.coupontime.co
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.pricepeep00.pricepeep.net
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.re-markit00.re-markit.co
    Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it
    Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
    Value Found : HKU\S-1-5-21-1215650996-1891130368-1519456790-1005\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]

    ***** [ Web browsers ] *****

    [C:\Users\Lantze\AppData\Roaming\Mozilla\Firefox\Profiles\cuxfccjc.default\prefs.js] Found : user_pref("browser.newtab.url", "hxxp://www.bing.com/?pc=COSP&ptag=D070116-A60FA26CFB78147A880F&form=CONMHP&conlogo=CT3332038");
    [C:\Users\Lantze\AppData\Roaming\Mozilla\Firefox\Profiles\cuxfccjc.default\prefs.js] Found : user_pref("browser.newtabpage.url", "hxxp://www.bing.com/?pc=COSP&ptag=D070116-A60FA26CFB78147A880F&form=CONMHP&conlogo=CT3332038");
    [C:\Users\Lantze\AppData\Roaming\Mozilla\Firefox\Profiles\cuxfccjc.default\prefs.js] Found : user_pref("browser.search.defaultenginename.US", "Search Provided by Yahoo");
    [C:\Users\Lantze\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : aol.com
    [C:\Users\Lantze\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : ask.com
    [C:\Users\Lantze\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : bahkljhhdeciiaodlkppoonappfnheoi

    *************************

    C:\AdwCleaner\AdwCleaner[s1].txt - [16107 bytes] - [14/07/2016 20:15:08]

    ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [16181 bytes] ##########

    0
  • Support

    Good!

     

    Does it mean that you already have removed everything that AdwCleaner found?

    If yes, please reinstall Ad-Aware since AdwCleaner found items of Ad-Aware too.

    0
  • Customer

    How do I get the version (Ad-aware Pro) that i paid for? It is no longer in my downloads folder? I still have Ad-Aware Pro, but the web companion disappeared.

    0
  • Support

    You can download Ad-Aware Free from Lavasoft's web site and when you enter your product key for Pro the installed Free will be converted to Pro. But if you're sure that Ad-Aware isn't affected at all, you can download Web Companion separately: http://www.webcompanion.com/

     

    If all adware is gone, it's time to uninstall FRST and AdwCleaner.

     

    Please, turn off all programs, including browsers.
    Double-click on AdwCleaner to start the program.
    Click on the Uninstall button.

    Download OTC http://www.geekstogo.com/forum/files/file/403-otc-oldtimers-clean-it/
    Close all programs.
    Start OTC program.
    Click the CleanUp! button.
    Select Yes when asked "Begin cleanup process".
    If you are asked to reboot, select Yes.
    If any logs remain on the computer you can remove them.


    It is very important to keep Windows and all programs updated. An old version of, for example, Flash contains vulnerabilities that makes it easy to infect the computer from a web page. To help you with keeping everything updated you can use the program Secunia Personal Software Inspector (PSI). http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/ describes how to install and use the program.

    0
  • Customer

    I haven't had any other issues thus far. Thanks.

     

    I am having trouble uninstalling FRST and Adwcleaner. I see there folders, but they do not show up on uninstall list in settings on windows 10. I can no longer find adwcleaner start icon in order to uninstall it. Also, the OTC link is not working.

    0
  • Support

    Great, you're welcome

     

    The two programs aren't listed by Windows and therefore you need those special actions.

     

    If you don't have AdwCleaner on the desktop, please download it again.

     

    Sorry, for the OTC link but it's a power outage in the data center of Geeks to Go: https://www.facebook.com/geekstogo

    I assume it will be fixed soon.

    0
  • Support

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.Everyone else please begin a New Topic.Thank you !

    0

Please sign in to leave a comment.