Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hkcu/software/appdatalow/software


  • This topic is locked This topic is locked
3 replies to this topic

#1 Rick605

Rick605

  • Members
  • 355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:06:47 PM

Posted 26 May 2014 - 10:41 AM

After downloading Avant, my computer got infected. Running the software below I got rid of most of it, but adwcleaner still show hkcu/software/appdatalow/software. And even though it says it deletes it, it's still there after restarting.

 

I'm attaching the adwcleaner and Rkill, I also ran ESET from IE, it found it and said it deleted it, but adwcleaner still shows it's there.

 

There was also an icon that said "homegroup" that showed up, but was taken off after restarting from using ESET.

 

# AdwCleaner v3.211 - Report created 25/05/2014 at 23:28:12
# Updated 26/05/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Richard - RICK
# Running from : C:\Users\Richard\Desktop\adwcleaner_3.211.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17037


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\sz8gk6ir.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1997 octets] - [23/04/2014 08:51:51]
AdwCleaner[R10].txt - [1720 octets] - [22/05/2014 22:16:52]
AdwCleaner[R11].txt - [1781 octets] - [23/05/2014 21:01:44]
AdwCleaner[R12].txt - [1842 octets] - [24/05/2014 20:29:52]
AdwCleaner[R13].txt - [2026 octets] - [25/05/2014 23:01:10]
AdwCleaner[R14].txt - [2078 octets] - [25/05/2014 23:03:39]
AdwCleaner[R15].txt - [2199 octets] - [25/05/2014 23:11:03]
AdwCleaner[R16].txt - [2320 octets] - [25/05/2014 23:27:35]
AdwCleaner[R1].txt - [1083 octets] - [23/04/2014 14:59:43]
AdwCleaner[R2].txt - [1118 octets] - [04/05/2014 18:59:54]
AdwCleaner[R3].txt - [1238 octets] - [07/05/2014 14:02:09]
AdwCleaner[R4].txt - [1300 octets] - [14/05/2014 18:16:22]
AdwCleaner[R5].txt - [1361 octets] - [17/05/2014 19:52:55]
AdwCleaner[R6].txt - [1921 octets] - [18/05/2014 21:21:15]
AdwCleaner[R7].txt - [1545 octets] - [18/05/2014 21:24:56]
AdwCleaner[R8].txt - [1605 octets] - [18/05/2014 21:50:32]
AdwCleaner[R9].txt - [1659 octets] - [19/05/2014 19:26:08]
AdwCleaner[S0].txt - [2066 octets] - [23/04/2014 08:55:01]
AdwCleaner[S1].txt - [1155 octets] - [23/04/2014 15:00:56]
AdwCleaner[S2].txt - [1180 octets] - [04/05/2014 19:00:36]
AdwCleaner[S3].txt - [1994 octets] - [18/05/2014 21:21:55]
AdwCleaner[S4].txt - [2090 octets] - [25/05/2014 23:01:48]
AdwCleaner[S5].txt - [2140 octets] - [25/05/2014 23:04:24]
AdwCleaner[S6].txt - [2261 octets] - [25/05/2014 23:11:40]
AdwCleaner[S7].txt - [2242 octets] - [25/05/2014 23:28:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [2302 octets] ##########

 

 

C:\Users\Richard\Documents\protection\ccsetup404.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined

 

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/26/2014 12:15:38 AM in x64 mode.
Windows Version: Windows 8.1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * MsKeyboardFilter [Missing Service]
 * CSC [Missing Service]
 * E1G60 [Missing Service]
 * kbldfltr [Missing Service]
 * storvsp [Missing Service]
 * Vid [Missing Service]
 * vmbusr [Missing Service]
 * vpcivsp [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 05/26/2014 12:15:46 AM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)

 

I restarted and the homegroup icon is gone but adwcleaner still says it's here.

 

# AdwCleaner v3.211 - Report created 26/05/2014 at 00:20:36
# Updated 26/05/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Richard - RICK
# Running from : C:\Users\Richard\Desktop\adwcleaner_3.211.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17037


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\sz8gk6ir.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1997 octets] - [23/04/2014 08:51:51]
AdwCleaner[R10].txt - [1720 octets] - [22/05/2014 22:16:52]
AdwCleaner[R11].txt - [1781 octets] - [23/05/2014 21:01:44]
AdwCleaner[R12].txt - [1842 octets] - [24/05/2014 20:29:52]
AdwCleaner[R13].txt - [2026 octets] - [25/05/2014 23:01:10]
AdwCleaner[R14].txt - [2078 octets] - [25/05/2014 23:03:39]
AdwCleaner[R15].txt - [2199 octets] - [25/05/2014 23:11:03]
AdwCleaner[R16].txt - [2320 octets] - [25/05/2014 23:27:35]
AdwCleaner[R17].txt - [1279 octets] - [26/05/2014 00:20:36]
AdwCleaner[R1].txt - [1083 octets] - [23/04/2014 14:59:43]
AdwCleaner[R2].txt - [1118 octets] - [04/05/2014 18:59:54]
AdwCleaner[R3].txt - [1238 octets] - [07/05/2014 14:02:09]
AdwCleaner[R4].txt - [1300 octets] - [14/05/2014 18:16:22]
AdwCleaner[R5].txt - [1361 octets] - [17/05/2014 19:52:55]
AdwCleaner[R6].txt - [1921 octets] - [18/05/2014 21:21:15]
AdwCleaner[R7].txt - [1545 octets] - [18/05/2014 21:24:56]
AdwCleaner[R8].txt - [1605 octets] - [18/05/2014 21:50:32]
AdwCleaner[R9].txt - [1659 octets] - [19/05/2014 19:26:08]
AdwCleaner[S0].txt - [2066 octets] - [23/04/2014 08:55:01]
AdwCleaner[S1].txt - [1155 octets] - [23/04/2014 15:00:56]
AdwCleaner[S2].txt - [1180 octets] - [04/05/2014 19:00:36]
AdwCleaner[S3].txt - [1994 octets] - [18/05/2014 21:21:55]
AdwCleaner[S4].txt - [2090 octets] - [25/05/2014 23:01:48]
AdwCleaner[S5].txt - [2140 octets] - [25/05/2014 23:04:24]
AdwCleaner[S6].txt - [2261 octets] - [25/05/2014 23:11:40]
AdwCleaner[S7].txt - [2382 octets] - [25/05/2014 23:28:12]

########## EOF - C:\AdwCleaner\AdwCleaner[R17].txt - [2360 octets] ##########



I ran ESET from IE a sceond time and it found no infections. I've also run superantispyware, malwarebytes and kapersky. None of them found any infections.

 


Edited by Rick605, 26 May 2014 - 11:44 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 PM

Posted 30 May 2014 - 07:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Key Found : HKCU\Software\AppDataLow\Software


The developer is aware of this. The matter should be fixed with the next version.

#3 Rick605

Rick605
  • Topic Starter

  • Members
  • 355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:06:47 PM

Posted 30 May 2014 - 08:04 AM

Great, thanks nasdaq. :)



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 PM

Posted 30 May 2014 - 12:28 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users