Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AdwCleaner Advice


  • Please log in to reply
30 replies to this topic

#1 KrazyMonkey

KrazyMonkey

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 28 November 2016 - 02:33 PM

Hi, i've just used AdwCleaner for the first time and it has found 21 threats.

 

I'm unsure if it's safe to "clean" all of these threats. looking for advice. Thanks

 

 

===============================================================

# AdwCleaner v6.030 - Logfile created 28/11/2016 at 19:25:36
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-28.2 [Server]
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (X86)
# Username : - HOME-PC
# Running from : C:\Users\\Downloads\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{528B5866-2BA6-42CE-8F74-39FB23B49767}
Key Found:  HKU\S-1-5-21-3208327182-2709425978-4292038597-1000\Software\PRODUCTSETUP
Key Found:  HKU\S-1-5-21-3208327182-2709425978-4292038597-1000\Software\Ascentive
Key Found:  HKU\S-1-5-21-3208327182-2709425978-4292038597-1000\Software\csastats
Key Found:  HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3208327182-2709425978-4292038597-1000\Software\AVG Security Toolbar
Key Found:  HKU\S-1-5-21-3208327182-2709425978-4292038597-1005\Software\AppDataLow\Toolbar
Key Found:  HKCU\Software\PRODUCTSETUP
Key Found:  HKCU\Software\Ascentive
Key Found:  HKCU\Software\csastats
Key Found:  HKU\S-1-5-21-3208327182-2709425978-4292038597-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found:  HKU\S-1-5-21-3208327182-2709425978-4292038597-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -


***** [ Web browsers ] *****

Firefox pref Found:  [C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\1npnkaso.default\prefs.js] - "browser.search.defaultenginename" -  "Yahoo! Powered"
Firefox pref Found:  [C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\1npnkaso.default\prefs.js] - "browser.search.selectedEngine" -  "Yahoo! Powered"
Chrome pref Found:  [C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Web data] - www.yahoo.com
Chrome pref Found:  [C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Web data] - uk.ask.com
Chrome pref Found:  [C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Web data] - uk.ask.com

*************************

\AdwCleaner\AdwCleaner[C1].txt - [2108 Bytes] - [04/09/2015 22:18:52]
\AdwCleaner\AdwCleaner[S1].txt - [2065 Bytes] - [04/09/2015 22:05:19]
\AdwCleaner\AdwCleaner[S2].txt - [2065 Bytes] - [04/09/2015 22:14:06]
\AdwCleaner\AdwCleaner[S3].txt - [3163 Bytes] - [28/11/2016 19:25:36]

########## EOF - \AdwCleaner\AdwCleaner[S3].txt - [3234 Bytes] ##########


Edited by hamluis, 28 November 2016 - 03:13 PM.
Moved from AV/AM Software to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:01:20 AM

Posted 28 November 2016 - 02:36 PM

Looks like it's all good to go :)



#3 KrazyMonkey

KrazyMonkey
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 28 November 2016 - 02:37 PM

clean all?



#4 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:01:20 AM

Posted 28 November 2016 - 03:16 PM

Yes.



#5 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:20 PM

Posted 28 November 2016 - 03:22 PM

Use these programs, too.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 KrazyMonkey

KrazyMonkey
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 28 November 2016 - 03:32 PM

thanks for the advice, will do.

 

I already have Malwarebytes and use it regularly. do you still want a log?



#7 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:20 PM

Posted 28 November 2016 - 03:47 PM

Depends...if it didn't find anything malicious...just adware/ pups...you can skip MBAM.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 KrazyMonkey

KrazyMonkey
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 30 November 2016 - 12:45 PM

Hi, i downloaded the CCleaner, clicking install instead of customize and i seem to have a Arabic version. i wasn't asked to install any toolbars. i think i've managed to uninstall. is it supposed to look like this

 

e8ae4w.jpg



#9 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:20 PM

Posted 30 November 2016 - 01:25 PM

Uninstall that Arabic version. Click on the link again and see if you are offered an English version. You are the first of a few hundred to

have this happen. Did it...during install offer to change language?

 

EDIT: Piriform - Changing the language CCleaner uses  

 

To change the language CCleaner is running in, start CCleaner and click on the Options button at left.

In the Settings window, select the language from the Language drop-down box.

changinglanguage.jpg
The Language setting drop-down box in CCleaner


Edited by buddy215, 30 November 2016 - 01:29 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 KrazyMonkey

KrazyMonkey
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 30 November 2016 - 02:30 PM

Reinstalling CCleaner and noticed i probably changed the language settings like a moron :oopsign:

 

Done CCleaner. deleted 700mb plus of files. should i keep it on the computer, a little pop up from near the tray said it would continue to monitor computer.

 

Could this conflict with things like Avast AntiVirus, Windows Defender or COMODO Firewall that i already have? i also have ATFCleaner

 

on Junkware Removal Tool: there seems to be quite a few horror stories about. do i need to run it?

 

Thanks for your help

 

edit: just checked and it says Windows Defender is switched off, should it be on?


Edited by KrazyMonkey, 30 November 2016 - 03:57 PM.


#11 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:20 PM

Posted 30 November 2016 - 03:05 PM

You can use CCleaner's settings to end the monitoring. But it won't interfere with other programs. It will alert you when you need to run it if you leave it on.

I suggest you run it often...like 2 or 3 times a week.

 

I know of no "horror stories" concern JRT...yes, please run it.

 

Avast would turn off Windows Defender during install to prevent a problem.

 

You mentioned Comodo....it installs adware and an ad intensive browser. So, after completing the JRT scan and posting its log...do this:

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 KrazyMonkey

KrazyMonkey
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 30 November 2016 - 03:58 PM

I don't know if there was a problem with my last post but some of the message wasn't showing for me. stops after the first sentence

 

30vdjee.png

 

Done CCleaner. deleted 700mb plus of files. should i keep it on the computer, a little pop up from near the tray said it would continue to monitor computer.

 

Could this conflict with things like Avast AntiVirus, Windows Defender or COMODO Firewall that i already have? i also have ATFCleaner

 

on Junkware Removal Tool: there seems to be quite a few horror stories about. do i need to run it?

 

Thanks for your help

 

edit: just checked and it says Windows Defender is switched off, should it be on?


Edited by KrazyMonkey, 30 November 2016 - 04:04 PM.


#13 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:20 PM

Posted 30 November 2016 - 04:53 PM

Did you read my last post...#11 ?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 KrazyMonkey

KrazyMonkey
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 30 November 2016 - 06:09 PM

No that had cut off too. i can see both posts now. odd

 

I'll get to what you want me to do.



#15 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:20 PM

Posted 01 December 2016 - 11:07 AM

Concerning the display of your posts.....This was an issue with the SSL upgrade yesterday. It was fixed around 5pm-6pm last night.

All the data existed, was just a display issue. Not an issue with your computer. :)


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users