Jump to content

Please help me get this adware off my computer.


Recommended Posts

I have scanned with 2 different anti virus and adware protections applications and neither of them have been successful in stopping these popups. This is my most recent log,

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-06-28.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-09-2019
# Duration: 00:00:02
# OS:       Windows 10 Home
# Cleaned:  40
# Failed:   1


***** [ Services ] *****

Deleted       backlh
Deleted       pgt_svc

***** [ Folders ] *****

Deleted       C:\ProgramData\CloudPrinter
Deleted       C:\ProgramData\Logic Cramble
Deleted       C:\ProgramData\Polygens
Deleted       C:\Users\Kevin\AppData\Roaming\AGData
Deleted       C:\Users\Kevin\AppData\Roaming\Microleaves
Deleted       C:\Users\Kevin\AppData\Roaming\Tencent
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
Not Deleted   C:\ProgramData\Tencent

***** [ Files ] *****

Deleted       C:\Users\Kevin\AppData\Local\Main.dat
Deleted       C:\Users\Kevin\appdata\local\installationconfiguration.xml
Deleted       C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted       C:\Windows\SysWOW64\findit.xml

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Environment|SNF
Deleted       HKCU\Environment|SNP
Deleted       HKCU\Software\FastDataX
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted       HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Homeville Launcher
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{2867A2C0-9F53-48BD-81D3-A0F925966965}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{47765BE3-C594-4663-AB86-7182406F804E}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D2C24246-CA9C-47D7-B4F6-4E99DEFD856A}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{EEF38981-F14D-492C-8EF3-A9C5520049AD}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F08932C9-EC46-4424-B4E4-02B97E81769D}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F6653616-08C7-4BB3-A559-A23DBEFDAFF6}
Deleted       HKLM\Software\Classes\METNSD
Deleted       HKLM\Software\Wow6432Node\Jetmedia
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKLM\Software\Wow6432Node\\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\SearchScopes\ielnksrch
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted       HKLM\Software\Wow6432Node\mtPolygen
Deleted       HKLM\Software\foldershare
Deleted       HKLM\System\CurrentControlSet\Services\EventLog\Application\Application Hosting
Deleted       HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{86521b53-2c62-4a8e-b935-03d9a519b8fc}|NameServer - "82.163.143.146,82.163.142.148"

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5191 octets] - [09/07/2019 01:45:50]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

I can get more stuff if required, just help asap.

Link to post
Share on other sites

Hi, Kevin11   :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.

Please provide much more detail about "" these popups. "".   What exactly do you see ?  where ?  how ?  which web browser  ?


We need to get information from this machine in order to have the proper detail to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.4.0.615.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Thank you.

 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.