Results 1 to 6 of 6
  1. #1
    Member
    Join Date
    Jul 2003
    Posts
    164
    Points
    14

    Default Correcting after using Adwcleaner

    Hi all

    I have been following the article about Wisersearch.com and decided
    to run Adwcleaner myself to check out the process.
    I did find a couple of possible irregularities but whilst this is just a test
    for me i haven't made any changes as my PC is running fine.
    My question is: If i make any changes, (uncheck etc) and it proves
    to be the wrong choice what options are open to rectify the situation.
    Can i just do a System Restore or is System Restore also cleaned.

    Looking forward to your advice

    Kind Regards

    Cremora
    Windows XP Professional Version 2002, Service Pack 3 Pentium(R) Dual-Core CPU, E5200 @ 2.50GHz, 2.52GHz, 2.00GB of Ram.Used Space 10.3GB, Free Space 222GB, Capacity 232GB.

  2. #2
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,524
    Points
    563

    Default

    Hi Cremora,

    Sorry for the delay.

    Personally I think it is best to be guided by a someone who is qualified to read the log and determine what should be removed. I don't think System Restore will replace entries that are deleted by accident since the deleted files are moved to a special folder on your C:\ drive, though a qualified helper would be able to point out what is needed or should not be deleted. If you could post the log, I would be more than happy to take a look at it and help you decide what should and should not be removed.

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. The Following User Says Thank You to DonnaB For This Useful Post:


  4. #3
    Member
    Join Date
    Jul 2003
    Posts
    164
    Points
    14

    Default

    Hi Donna

    Thanks for your response, I have submitted my report :-

    Kind regards

    Cremora


    # AdwCleaner v3.015 - Report created 14/12/2013 at 08:03:07
    # Updated 10/12/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Roy - USER
    # Running from : C:\Documents and Settings\Roy\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\Documents and Settings\Roy\Application Data\Mozilla\Firefox\Profiles\yiqejudd.default\searchplugins\SearchResults.xml
    Folder Found C:\Documents and Settings\All Users\Application Data\boost_interprocess
    Folder Found C:\Documents and Settings\Roy\Local Settings\Application Data\PackageAware

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\IM
    Key Found : HKCU\Software\ImInstaller
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFC4F59B-A2DA-4E12-B337-52A4F871E10C}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D48C9EAD-F59F-4DEA-AC97-7065FEA79F42}
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\Software\ImInstaller
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D48C9EAD-F59F-4DEA-AC97-7065FEA79F42}]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v17.0.4 (en-US)

    [ File : C:\Documents and Settings\Roy\Application Data\Mozilla\Firefox\Profiles\yiqejudd.default\prefs.js ]

    Line Found : user_pref("browser.search.defaultenginename", "Web Search");
    Line Found : user_pref("browser.search.order.1", "Web Search");
    Line Found : user_pref("browser.search.selectedEngine", "Web Search");
    Line Found : user_pref("keyword.URL", "hxxp://search.shareazaweb.com//web?src=ffb&appid=20&systemid=3&sr=0&q=");

    *************************

    AdwCleaner[R0].txt - [2825 octets] - [11/12/2013 16:30:04]
    AdwCleaner[R1].txt - [2745 octets] - [14/12/2013 08:03:07]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2805 octets] ##########
    Windows XP Professional Version 2002, Service Pack 3 Pentium(R) Dual-Core CPU, E5200 @ 2.50GHz, 2.52GHz, 2.00GB of Ram.Used Space 10.3GB, Free Space 222GB, Capacity 232GB.

  5. #4
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,524
    Points
    563

    Default

    Hi Cremora,

    You're welcome! And thank you for allowing me to view the log.

    The following, in particular, can cause browser redirects and due to it's aggressiveness is classified as a virus that attaches itself to your browser:
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D48C9EAD-F59F-4DEA-AC97-7065FEA79F42}
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D48C9EAD-F59F-4DEA-AC97-7065FEA79F42}]
    Line Found : user_pref("keyword.URL", "hxxp://search.shareazaweb.com//web?src=ffb&appid=20&systemid=3&sr=0&q=");


    You can read more about the safety of that site here

    The rest of the entries are no better, which includes toolbars, spyware, adware, PUP's (Potentially Undesirable Programs),etc. I, personally, would remove everything found.


    Double-click AdwCleaner.exe to run the tool again.
    • Click the Scan button.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  6. #5
    Member
    Join Date
    Jul 2003
    Posts
    164
    Points
    14

    Default

    Hi Donna

    Thanks again for your time and effort, it is very much appreciated.
    Please see log now after cleaning.

    # AdwCleaner v3.015 - Report created 14/12/2013 at 16:03:32
    # Updated 10/12/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Roy - USER
    # Running from : C:\Documents and Settings\Roy\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
    Folder Deleted : C:\Documents and Settings\Roy\Local Settings\Application Data\PackageAware
    File Deleted : C:\Documents and Settings\Roy\Application Data\Mozilla\Firefox\Profiles\yiqejudd.default\searchplugins\SearchResults.xml

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFC4F59B-A2DA-4E12-B337-52A4F871E10C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D48C9EAD-F59F-4DEA-AC97-7065FEA79F42}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D48C9EAD-F59F-4DEA-AC97-7065FEA79F42}]
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKLM\Software\ImInstaller
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v17.0.4 (en-US)

    [ File : C:\Documents and Settings\Roy\Application Data\Mozilla\Firefox\Profiles\yiqejudd.default\prefs.js ]

    Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
    Line Deleted : user_pref("browser.search.order.1", "Web Search");
    Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");
    Line Deleted : user_pref("keyword.URL", "hxxp://search.shareazaweb.com//web?src=ffb&appid=20&systemid=3&sr=0&q=");

    *************************

    AdwCleaner[R0].txt - [2825 octets] - [11/12/2013 16:30:04]
    AdwCleaner[R1].txt - [2885 octets] - [14/12/2013 08:03:07]
    AdwCleaner[R2].txt - [2945 octets] - [14/12/2013 16:00:33]
    AdwCleaner[S0].txt - [2916 octets] - [14/12/2013 16:03:32]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2976 octets] #

    I do not have Shareaza installed just the exe file ready for installation, so i will remove them also.
    I will be going away tomorrow for a few weeks but can still read my mail but will not be able to
    make any adjustment etc to the pc concerned.

    I would like to take this opportunity to wish each and every one of you a Merry Xmas
    and a Happy, Healthy & hopefully Prosperous New Year.

    All the very best and thanks again Donna

    Regards

    Cremora
    Windows XP Professional Version 2002, Service Pack 3 Pentium(R) Dual-Core CPU, E5200 @ 2.50GHz, 2.52GHz, 2.00GB of Ram.Used Space 10.3GB, Free Space 222GB, Capacity 232GB.

  7. #6
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,524
    Points
    563

    Default

    Again Cremora, you are very welcome! Truly my pleasure to assist you.

    Shareaza is a P2P program. P2P Programs can invite spyware, viruses, Trojan horses, or worms into your computer. When the files are downloaded, your computer becomes infected. If you share these files with others, their computer becomes infected as well. You also invite the possibilities of others stealing your personal information such as passwords, online banking accounts, personal files, etc.

    Never a good idea to share files with strangers.....

    If you feel the need for further investigation of your system, I'd be more than happy to continue upon your return with a few more scans.

    Have a safe trip and may your Holiday be filled with joy.

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"