Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Adwcleaner and accidentally "cleaned" everything


  • Please log in to reply
13 replies to this topic

#1 jmunjr

jmunjr

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 23 April 2014 - 08:16 PM

Hi I am new here and this is my first post. Thank you for helping.
 
I'm embarassed to say I clicked the "clean" button after doing a scan using ADWcleaner without checking the results. I more or less had forgotten I had done a scan and thought clean was the scan. It seems after I clicked "clean" it did not prompt me to ask if I was sure. I tried to cancel out but nope too late. It even rebooted when I closed the thing.

So this is what was removed:
 
***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\username\AppData\Local\PackageAware

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=7F259D65-72DF-4DBF-BD69-F102907765E8&apn_ptnrs=TV&apn_sauid=84CD313E-2CC3-43E7-AF7D-269FA9D22BA1&apn_dtid=OSJ000YYUS&q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://www.stubhub.com/search/doSearch?searchStr={searchTerms}&pageNumber=1&resultsPerPage=50&searchMode=event&start=0&rows=50&geo_exp=1
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.search.ask.com/web?p2=%5EAKD%5EOSJ000%5EYY%5EUS&gct=&o=APN10450&tpid=ORJ-V7&itbv=12.0.1.100&doi=2013-07-18&apn_uid=4CD5E9CD-B01B-4469-AF43-80ED4FA6DFA4&apn_ptnrs=AKD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=cr_28.0.1500.72&psv=&trgb=CR&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [5473 octets] - [23/04/2014 18:33:04]
AdwCleaner[S0].txt - [5315 octets] - [23/04/2014 18:50:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5375 octets] ##########

 

Do you see anything of concern? Obviously if I want those AVG features I'll have to reinstall(I don't want them actually). Curious about all those registry keys. I'm worried something was affected in a bad way.

Any insight is appreciated.

 

Thank you



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:06 PM

Posted 23 April 2014 - 08:36 PM

It removed adware....Ask... that AVG renames to mislead you into thinking it is protecting you.

 

Are you experiencing any problem...getting errors, etc.? You should be seeing a change in search results. For the better.

 

EDIT:   Did you purchase this...PackageAware ?


Edited by buddy215, 23 April 2014 - 08:58 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 jmunjr

jmunjr
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 23 April 2014 - 09:15 PM

Thanks for your response.

Not my laptop. I set it up for my girlfriend. Been doing this a while but out of the malware removal business for a decade so thoguth I'd ask first. Yeah I know about AVG but I did not install that. She was getting some popup going on and could not figure out from where. I cannot remember the name right now. Malware Bytes said nothing bad so went this route.

It appear to be working ok but my concern is something broken won't show until down the road. I guess I can llok up what each of those registry keys are.

 

I don't know what PackageAware is...

 

Thanks again



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:06 PM

Posted 24 April 2014 - 04:39 AM


About PackageAware for InstallAware
About PackageAware for InstallAware Virtualization

AdwCleaner will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons, browser helper objects (BHOs) and other junkware to include related registry entries (values, keys).

AVG Security Toolbar and AVG Secure Search (created by the makers of AVG Anti-virus) are optional add-ons when installing their anti-virus product if you choose "Customized" install instead of "Express". Since most folks choose an Express install they usually are not aware these options are also being installed as they are pre-checked by default during installation. Some users have also reported that after AVG auto-updates, it will install the toolbar as a browser add-on without input from the user.

AVG Security Toolbar and AVG Secure Search are also commonly bundled as an option with other free software users may download and install. Many folks overlook that option since it is pre-checked by default and they unknowingly install it. For example, the toolbar is bundled with PDFCreator.

So even if you decline the option to use these add-ons when installing AVG anti-virus, you may still end up finding them on your system some point after an AVG update or by unknowingly downloading and installing another program where they have been bundled. This also explains how those who never used AVG anti-virus also sometimes find AVG Secure Search and the Security Toolbar installed and why AdwCleaner detects and removes it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:06 PM

Posted 24 April 2014 - 05:33 AM

I don't know why PackageAware was on the computer. It may have come from the factory or it could of been purchased.

It has a trial version or free version too, it seems.

 

Is the popup gone?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:06 PM

Posted 24 April 2014 - 06:15 AM

PackageAware is bundled with many legitimate software applications. In fact, the vendor has a Developer Referral Program that offers a referral fee for each developer that introduces InstallAware
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 jmunjr

jmunjr
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 24 April 2014 - 01:44 PM

I don't know why PackageAware was on the computer. It may have come from the factory or it could of been purchased.

It has a trial version or free version too, it seems.

 

Is the popup gone?

 

Not sure. I won't get back on the laptop for a day or so.

Thanks everyone for the help.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:06 PM

Posted 24 April 2014 - 04:59 PM

Not a problem.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 anacondon

anacondon

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 30 April 2014 - 02:30 PM

I apologize if I seem to be beating this ol' horse to death but....  I've got a terrifyingly similar scenario to jmunjr.  I repair computers locally and an individual brought his trainwreck (suffocating with malware, etc) laptop to me for general clean-up.  I routinely run certain scans with miraculous results, to include adwcleaner.  With not more than a cursory glance at the adwcleaner results prior to removal, I chose 'clean' and then rebooted and only then realized, after scouring the notepad results, his NCH Software (Express Invoice accounting) was flagged and completely removed.  A system restore brought back the software itself but any & all archival/back-up data has vanished - all five years' worth.  He understandably is near-homicidal and I've got it here again desperately trying to retrieve the data (via various undelete programs & such).  Having uninstalled the application on reboot, obviously the quarantined files went along with it.  Would any clever soul know of a way to retrieve this?  Phoned the appalling NCH tech support - repeatedly - and all I get is voicemails with never a call back.  I'm about ready to change my identity and leave the state over this!!



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:06 PM

Posted 30 April 2014 - 02:43 PM

@ anacondon

If you need assistance, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members at the same time in the same thread. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

Thanks for your cooperation.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:06 PM

Posted 30 April 2014 - 02:45 PM

In my opinion, the computer owner deserves more of a kick in the butt than you. I can't imagine having

one set of valuable files stored on one hdd. That is so irresponsible and foolhardy. Having said that, you are being 

way to hard on yourself. His negligence infected the computer, too.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 jmunjr

jmunjr
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 30 April 2014 - 02:48 PM

First I agree with the advice to create your own thread. Please post the URL when you do such.

That being said, I'm surprised no data recovery software was able to find anything. What products have you used? Please post this info in your new thread..



#13 anacondon

anacondon

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 30 April 2014 - 03:46 PM

Sorry everyone - sincerely.  I now realize a new thread should have been started.  Please see: 

http://www.bleepingcomputer.com/forums/t/532858/adwcleaner-erased-nch-accounting-software/

 

Thanks for all your comments nonetheless.



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:06 PM

Posted 30 April 2014 - 04:43 PM

Sorry everyone - sincerely.  I now realize a new thread should have been started.  Please see: 
http://www.bleepingcomputer.com/forums/t/532858/adwcleaner-erased-nch-accounting-software/

Your topic has been replied to.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users