Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adwcleaner reporting problems in registry - Windows 7


  • This topic is locked This topic is locked
4 replies to this topic

#1 Jandice

Jandice

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 05 July 2014 - 12:42 AM

I'm not the most computer savy person out there, so I've been struggling a bit with my laptop lately. (It's slowed down, particularly where internet is concerned.) Earlier today I encountered a problem where my laptop seemed to recognize mouse clicks where there were none, no matter how cuatious I was to make sure I wasn't accidentally hitting anything. I ran a scan with Norton, which only cleared a few tracking cookies, then tested AdwCleaner, which came up with this:

afMAH1R.png

According to the only person I know who's taken the time to learn anything about computers beyond how to use them for entertainment and google, I shouldn't mess with anything in my registry. But when I ran a search of those first two items (which looked weird compared to the others) I came up with results about malware that takes bank info.

 

Should I let AdwCleaner take care of it? I don't want to screw up my laptop any further. I've also seen a few posts about malware that comes back easily, so would AdwCleaner be enough?


Edited by Jandice, 05 July 2014 - 03:07 AM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:13 AM

Posted 05 July 2014 - 04:47 AM

Hello, and I hope we can help.

Those items are "generally" accepted as bad minor infections, and can be removed.

Please download these to desktop, and Copy and Paste any logs.

 

First - This is a "basic clean-up" and we will go further depending on your answers.

 

Please download and run RKill by Grinler.
 A black DOS box will appear for a short time and then disappear.
 This is normal and indicates the tool ran successfully.
 At most the tool will usually run for about 2 minutes
 Please Copy / Paste the small log back here.

 

Important: Do not reboot your computer until you complete the next step.

 

* NOW :
* Please download AdwCleaner by Xplode and save to your Desktop.
 * Double-click on AdwCleaner.exe to run the tool.
 * Vista/Windows 7/8 users right-click and select Run As Administrator.
 * Click on the Scan button, only once for a good report
 * AdwCleaner will begin...be patient as the scan may take some time to complete.
 * After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Check the removals and see if you are OK with the list.

You can always Copy and Paste the SCAN log here if you wish -

* Now
 * Click on the Clean button, only once for a good log.
 * Press OK when asked to close all programs and follow the onscreen prompts.
 * Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
 * After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
 * Copy and Paste the contents of that logfile in your next reply.

 

* A copy of all logfiles are also saved in the C:\AdwCleaner folder which was created when running the tool.

* If any error was made, you can re-install any item from here.

 

 

A similar tool developed by Thisisu.

Please download Junkware Removal Tool by Thisisu

Open your browser and go to Downloads, then click on the Junkware Removal Tool to install it. 

Click on Run to initiate the installation.

To avoid potential conflicts, Temporarily Disable your Antivirus

You may want to be offline when you do this scan.

Run the tool by double-clicking it.

If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select Run as Administrator.

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open. 
Copy and paste this in your next post..



#3 Jandice

Jandice
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 08 July 2014 - 11:07 PM

Alright. Finally worked up the nerve to mess with my computer.

 

From RKill

 

Rkill 2.6.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/08/2014 08:27:50 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * ALERT: ZEROACCESS rootkit symptoms found!

     * C:\Users\Anna\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\ [ZA Dir]
     * C:\Users\Anna\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@ [ZA File]
     * C:\Users\Anna\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\ [ZA Dir]
     * C:\Users\Anna\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\ [ZA Dir]

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 07/08/2014 08:28:10 PM
Execution time: 0 hours(s), 0 minute(s), and 19 seconds(s)
 

From AdwCleaner

# AdwCleaner v3.215 - Report created 08/07/2014 at 20:46:38
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Anna - ATLANDRA
# Running from : C:\Users\Anna\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\l3hvb19y.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1798 octets] - [08/01/2014 20:40:35]
AdwCleaner[R10].txt - [1612 octets] - [28/02/2014 03:01:38]
AdwCleaner[R11].txt - [1673 octets] - [28/02/2014 20:28:23]
AdwCleaner[R12].txt - [1794 octets] - [01/03/2014 16:45:39]
AdwCleaner[R13].txt - [1855 octets] - [06/03/2014 17:24:13]
AdwCleaner[R14].txt - [1916 octets] - [13/03/2014 23:20:10]
AdwCleaner[R15].txt - [1977 octets] - [14/03/2014 00:36:49]
AdwCleaner[R16].txt - [2039 octets] - [20/03/2014 21:41:55]
AdwCleaner[R17].txt - [2100 octets] - [22/03/2014 19:02:42]
AdwCleaner[R18].txt - [2219 octets] - [12/04/2014 17:22:44]
AdwCleaner[R19].txt - [2282 octets] - [17/05/2014 18:38:00]
AdwCleaner[R1].txt - [889 octets] - [17/01/2014 23:00:41]
AdwCleaner[R20].txt - [3558 octets] - [04/06/2014 21:55:25]
AdwCleaner[R21].txt - [2464 octets] - [09/06/2014 19:46:32]
AdwCleaner[R22].txt - [3627 octets] - [19/06/2014 23:01:38]
AdwCleaner[R23].txt - [3688 octets] - [02/07/2014 10:50:52]
AdwCleaner[R24].txt - [3749 octets] - [04/07/2014 22:19:39]
AdwCleaner[R25].txt - [3816 octets] - [08/07/2014 20:16:51]
AdwCleaner[R26].txt - [3871 octets] - [08/07/2014 20:45:50]
AdwCleaner[R2].txt - [948 octets] - [17/01/2014 23:14:52]
AdwCleaner[R3].txt - [1007 octets] - [21/01/2014 13:55:14]
AdwCleaner[R4].txt - [1128 octets] - [23/01/2014 16:51:38]
AdwCleaner[R5].txt - [1248 octets] - [24/01/2014 17:27:47]
AdwCleaner[R6].txt - [1368 octets] - [24/01/2014 17:30:54]
AdwCleaner[R7].txt - [1429 octets] - [29/01/2014 09:16:01]
AdwCleaner[R8].txt - [1491 octets] - [22/02/2014 20:57:40]
AdwCleaner[R9].txt - [1551 octets] - [22/02/2014 20:59:46]
AdwCleaner[S0].txt - [1803 octets] - [08/01/2014 20:41:50]
AdwCleaner[S1].txt - [1068 octets] - [21/01/2014 13:57:25]
AdwCleaner[S2].txt - [1190 octets] - [23/01/2014 16:53:34]
AdwCleaner[S3].txt - [1310 octets] - [24/01/2014 17:28:49]
AdwCleaner[S4].txt - [1734 octets] - [28/02/2014 20:29:15]
AdwCleaner[S5].txt - [2160 octets] - [22/03/2014 19:03:24]
AdwCleaner[S6].txt - [3710 octets] - [04/06/2014 21:59:42]
AdwCleaner[S7].txt - [3819 octets] - [08/07/2014 20:46:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [3879 octets] ##########
 

 

If looks like it's gone. Do I need to try Junkware too or was that an either or thing?



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:13 AM

Posted 08 July 2014 - 11:28 PM

  * ALERT: ZEROACCESS rootkit symptoms found!

You have done the correct thing -

Please repost this to our Experts area, as this can be serious, and is not handled here.

 

Please follow the instructions in ==>This Guide<== starting at Step 6.

 

Once the proper logs are created, make a NEW TOPIC and post it ==>HERE Malware Removal Area <==

 

Do not run ComboFix or other tools unless under strict direction. Just include the requested logs from above.

Please be sure to include a description of your computer issues and what you have done to try to resolve them.

 

If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why along with a description of your computer issues.

 

If you can tell us or leave a link to your new topic, we will lock this one and only the Malware Response Team should reply to your problem.

 

EDIT - Open AdwCleaner and hit Uninstall to remove all items in quarantine, and remove the program....


Edited by noknojon, 08 July 2014 - 11:44 PM.


#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:13 PM

Posted 09 July 2014 - 06:49 AM

Reference:  http://www.bleepingcomputer.com/forums/t/540349/was-advised-to-post-here-when-rkill-noticed-zeroaccess-rootkit-symptoms/ /

 

Now that you have properly posted a malware log topic, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users