Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AdwCleaner deleted system required registry entries.


  • Please log in to reply
10 replies to this topic

#1 FunkSpunk

FunkSpunk

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 30 November 2014 - 01:54 PM

Hi,
 
I ran a regular check with Adwcleaner and below is the following log after cleanup and restart.
 

 
# AdwCleaner v4.101 - Report created 23/11/2014 at 14:25:45
# Updated 09/11/2014 by Xplode
# Database : 2014-11-22.1 [Live]
# Operating System : Windows 8.1 Pro  (32 bits)
# Username : Spunk - VAIO
# Running from : C:\Users\Spunk\Desktop\adwcleaner_4.101.exe
# Option : Clean


***** [ Services ] *****




***** [ Files / Folders ] *****


Folder Deleted : C:\Users\Spunk\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk


***** [ Scheduled Tasks ] *****




***** [ Shortcuts ] *****




***** [ Registry ] *****


Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
[#] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}


***** [ Browsers ] *****


-\\ Internet Explorer v11.0.9600.17278




-\\ Mozilla Firefox v32.0.3 (x86 en-US)




-\\ Google Chrome v39.0.2171.65


[C:\Users\Spunk\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Spunk\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}


*************************


AdwCleaner[R0].txt - [1554 octets] - [15/05/2014 17:18:42]
AdwCleaner[R1].txt - [862 octets] - [20/05/2014 00:08:46]
AdwCleaner[R2].txt - [921 octets] - [24/05/2014 10:48:28]
AdwCleaner[R3].txt - [1416 octets] - [10/06/2014 23:12:41]
AdwCleaner[R4].txt - [1102 octets] - [06/07/2014 15:10:58]
AdwCleaner[R5].txt - [1913 octets] - [21/09/2014 17:28:48]
AdwCleaner[R6].txt - [2046 octets] - [23/11/2014 14:20:50]
AdwCleaner[S0].txt - [1635 octets] - [15/05/2014 17:24:56]
AdwCleaner[S1].txt - [1489 octets] - [10/06/2014 23:15:39]
AdwCleaner[S2].txt - [1907 octets] - [21/09/2014 17:47:43]
AdwCleaner[S3].txt - [1985 octets] - [23/11/2014 14:25:45]


########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2045 octets] ##########
 

Now if you see the registry section of the cleanup report, there are 3 CLSID entries which are legit registry keys for .NET framework, and Adwcleaner has deleted them causing every .NET integrated software to stop functioning. Every time you I open an software relying on .NET, it crashes immediately with a crash error like this:
ekpkl3s.png
 
Now I have tried everything from reinstalling .NET all versions to .NET repair tool as well reinstalling all the softwares. Now I don't have the patience to format my Windows, so please some one export these 3 mentioned registry entries, archive them and post it.
 
 
 
 Thanks a ton in advance.

Edited by Queen-Evie, 30 November 2014 - 02:42 PM.
moved from All Other Applications to the appropriate forum


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:54 AM

Posted 30 November 2014 - 04:19 PM

:welcome: to Bleeping Computer.

I can post a note for the developer but you most likely will receive a quicker reply if you ask yourself.

You can ask the developer (Xplode) a question, report an issue or suggestion at his home site: AdwCleaner Feedback <- there is a drop down menu at the top right to "Select language" (English)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 1PW

1PW

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North of the 38th parallel.
  • Local time:04:54 AM

Posted 30 November 2014 - 08:58 PM

Hello FunkSpunk:

 

Can you affect a successful recovery from AdwCleaner's quarantine?


All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:54 PM

Posted 01 December 2014 - 12:48 AM

Generally this is the reply on how to reinstall wanted items

 

To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

You will find TOOLS at the top Left side of the programs face when you open it.

 

Thank You -

Minor edit -


Edited by noknojon, 01 December 2014 - 12:58 AM.


#5 FunkSpunk

FunkSpunk
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 01 December 2014 - 12:56 AM

@quietman7:  will surely post there.

 

@1PW AdwCleaner only quarantines adware infected physical files on the drive and not the registry keys. It deletes everything else permanently. So there's no way to recover them directly.

 

 

I have succesfully restored the registry keys by exporting them from my office desktop. If anyone else is facing the problem please download the registry file from the below mentioned links and open/merge them in to the registry.

 

Mirrors:

http://www61.zippyshare.com/v/11710049/file.html

https://www.sendspace.com/file/71gljq

http://rapidgator.net/file/fdbf222018650a4af695571bbde4fbe0/Restore.reg.html 

http://uploaded.net/file/x2x952ky



#6 1PW

1PW

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North of the 38th parallel.
  • Local time:04:54 AM

Posted 01 December 2014 - 04:19 AM

@1PW AdwCleaner only quarantines adware infected physical files on the drive and not the registry keys. It deletes everything else permanently. So there's no way to recover them directly.


For as long as I've been using Xplode's AdwCleaner, I wasn't aware that the registry keys & values deleted were not quarantined as well. Thank you FunkSpunk for bringing this to light.

If I may close the barn door now that the horse has bolted, I will likely entertain the habit of running Lars Hederer's ERUNT v1.1j just prior to running AdwCleaner.
 
This is done similarly in script files by Thisisu in the execution of the Junkware Removal Tool (JRT) so as to backup all registry hives.
 
Running ERUNT, then immediately followed by AdwCleaner might best be scripted for safety. Would anyone like to write one or mention it to Xplode? Maybe too a manually generated System Restore Point (SRP).


Edited by 1PW, 01 December 2014 - 03:20 PM.

All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:54 AM

Posted 01 December 2014 - 06:35 AM

From its beginning AdwCleaner quarantined files/folders, not products which refers only to CLSID registry keys. The AdwCleaner folder contains sub-folders for Backup and Quarantine. Each of these folders contain sub-folders of the exact location (full path) an entry (file/folder) was removed from so they can be safely restored.

adwcleaner-quar-list.jpg
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 md2lgyk

md2lgyk

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Virginia USA
  • Local time:06:54 AM

Posted 02 December 2014 - 05:27 AM

While some may have apparently had success with ADW Cleaner, I have not.  Running it one time on each hosed both my laptops (one Win 7 and the other Win 8.1).  I'll not ever use it again.



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:54 AM

Posted 02 December 2014 - 06:37 AM

What exactly did it do to hose your system?

AdwCleaner like most specialized fix tools is provided as is without warranty of any kind.

Xplode, like many others in the security community volunteer their time and service as well as creating these kind of useful tools for the rest of us to use. They are not wealthy folks or employees of large corporations with a war chest for legal defense.

We are grateful for whatever free work our volunteer Security Developer's can dedicate to creating and updating specialized fix tools that help so many of our members with malware related problems. And while our volunteer Security Developer's welcome feedback and suggestions, we cannot realistically expect them to address every question, make changes or incorporate fixes for every scenario users may encounter. Usually when enough users encounter and have reported a reoccurring issue, our developers do make every attempt to find solutions but that too can take time.

IF you have experienced an issue while using AdwCleaner, you can ask the developer (Xplode) a question, report an issue or suggestion at his home site: AdwCleaner Feedback <- there is a drop down menu at the top right to "Select language" (English)

ADWCleaner Changelog (English) includes Xplode's direct contact/email info: Xplode-ccm@hotmail.fr

I can assure you that Xplode welcomes feedback and reads all suggestions, comments and concerns provided by users. What changes he chooses to make in regards to any issues is up to him as he makes the final decision.

The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 md2lgyk

md2lgyk

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Virginia USA
  • Local time:06:54 AM

Posted 03 December 2014 - 06:12 AM

Don't recall exactly what it did to my Win 8.1 machine, but it took a system restore to fix.  On the Win 7 machine, it caused an issue I have yet to be able to correct - sudden random loss of my internet connection requiring a reboot to reconnect.



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:54 AM

Posted 03 December 2014 - 06:21 AM

Then you should report that to Xplode at his home site: AdwCleaner Feedback ...as noted above.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users