Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Trouble Removing These Malware Registry Errors

18 Sep 2014   #1
CactusBomb

Windows 7 Home Premium 64bit
 
 
Trouble Removing These Malware Registry Errors

Hey there,

I've been getting the same message from Malware Bytes for quite some time now. I've gone into the registry and tried removing the entries but they keep showing up. I've searched a bunch of different places with advice on how to remove the errors but have had no luck. MB says "non-malware detected" every time it scans so I go into the log to quarantine and it gets rid of them, but then they show up on the next scan.

Any advice??? Here is the latest log from MB:

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 9/18/2014
Scan Time: 9:11:36 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.18.03
Rootkit Database: v2014.09.15.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346849
Time Elapsed: 6 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 4
PUP.Optional.uTorrenToolBar.A, HKU\S-1-5-21-4088796611-3258344891-1885352423-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, , [3ae1bb34c6b5f73f9b9dabdfcf33ea16],
PUP.Optional.uTorrenToolBar.A, HKU\S-1-5-21-4088796611-3258344891-1885352423-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, , [3ae1bb34c6b5f73f9b9dabdfcf33ea16],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, , [fb205d92bac168cefc57a6e43ec40df3],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{8660E5B3-6C41-44DE-8503-98D99BBECD41}, , [fb205d92bac168cefc57a6e43ec40df3],

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


My System SpecsSystem Spec
.
18 Sep 2014   #2
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Uninstall uTorrent from Programs and features.


Next, download AdwCleaner by Xplode and save to your Desktop.


Step 1.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running
    the tool.


Step 2.
Using AdwCleaner v3: Scan & Clean:
This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder


******Post both .txt logs
My System SpecsSystem Spec
18 Sep 2014   #3
CactusBomb

Windows 7 Home Premium 64bit
 
 

Here's the log. Thanks for the quick response!

# AdwCleaner v3.310 - Report created 18/09/2014 at 18:24:12
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.1 (x86 en-US)

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wuu5c3vk.default-1407083182543\prefs.js ]


-\\ Google Chrome v37.0.2062.120

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Extension] : eofcbnmajmjmplflapaojjnihcjkigck

*************************

AdwCleaner[R0].txt - [6934 octets] - [03/08/2014 12:30:04]
AdwCleaner[R1].txt - [1270 octets] - [18/09/2014 18:24:12]
AdwCleaner[S0].txt - [7063 octets] - [03/08/2014 12:32:12]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1390 octets] ##########
My System SpecsSystem Spec
.

19 Sep 2014   #4
CactusBomb

Windows 7 Home Premium 64bit
 
 

And here is what I have after the cleaner.

Just got a scan message from MB stating the registry entries are still there...

# AdwCleaner v3.310 - Report created 18/09/2014 at 18:28:24
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.1 (x86 en-US)

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wuu5c3vk.default-1407083182543\prefs.js ]


-\\ Google Chrome v37.0.2062.120

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : eofcbnmajmjmplflapaojjnihcjkigck

*************************

AdwCleaner[R0].txt - [6934 octets] - [03/08/2014 12:30:04]
AdwCleaner[R1].txt - [1470 octets] - [18/09/2014 18:24:12]
AdwCleaner[S0].txt - [7063 octets] - [03/08/2014 12:32:12]
AdwCleaner[S1].txt - [1401 octets] - [18/09/2014 18:28:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1461 octets] ##########
My System SpecsSystem Spec
19 Sep 2014   #5
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Please download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forum and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! Manually reboot the machine to ensure a complete clean.


After rebooting, download DDS from one of these links:
DDS.com
DDS.pif
  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt <--- will be minimized in the task tray
  • Save both reports to your desktop.

Include the contents of both logs in your next post.
The scan will instruct you to post Attach.txt as an attachment.
My System SpecsSystem Spec
19 Sep 2014   #6
CactusBomb

Windows 7 Home Premium 64bit
 
 

Ok here's what I have:


Attached Files
File Type: zip Attach.zip (13.1 KB, 0 views)
File Type: txt attach.txt (13.1 KB, 2 views)
File Type: txt dds.txt (20.8 KB, 2 views)
My System SpecsSystem Spec
20 Sep 2014   #7
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Spybot s&d will protect some bad processes that you want to get rid of. Disable it, then download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
My System SpecsSystem Spec
21 Sep 2014   #8
CactusBomb

Windows 7 Home Premium 64bit
 
 

Here's what the log shows:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.9 (09.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on Sun 09/21/2014 at 8:39:36.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4088796611-3258344891-1885352423-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wuu5c3vk.default-1407083182543\minidumps [6 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 09/21/2014 at 8:47:43.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
My System SpecsSystem Spec
21 Sep 2014   #9
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Tell me how you computer is running now.
My System SpecsSystem Spec
Reply

 Trouble Removing These Malware Registry Errors




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
removing batch file from registry
recently I ran Mamu's add icons to system batch file for mame icons. I wasn't satified with the results so I was going to do a system restore. Then I learned system restore was turned off "which I turn off when I defrag then turn back on when completed". Now I can't figuere out how to remove it....
Software
removing malware from mobile phones
Hi all, I have a Windows 7 32-bit machine with an always updated Kaspersky Internet security 2013 AV installed on it. Can I scan my mobile phone (while it's attached to the PC), whether its OS be symbian, android, or ios, and be hopeful that my AV can find and remove the malware on it just like...
System Security
Having trouble removing a pesky driver
I installed the RPG game, The Witcher, onto the hard drive of my Windows 7 Pro notebook. The game runs in XP and Vista but I hoped it would run in Windows 7. Well, it doesn't. So, I uninstalled it. Now, whenever I boot into Win 7, I get this annoying pop-up: ...
Drivers
Trouble Removing XP from Dual Boot Setup
Hello, I would like to remove windows XP from my current dual boot setup and have had a few failed attempts already. My system: - Originally 1 HDD in 3 partitions, primary having XP - Added 2nd HDD in 3 partitions, primary having Win7 I've included an image from Win7 Disk Manager.
Installation & Setup
BSOD Every Boot After Removing Malware
My wife had some malware on her pc today and after removing it with Malwarebytes all the system wants to do now is BSOD typically with a 0x00000007e but has also done a 0x00000007a and a 0x00000096. She can load up into safe mode w/ networking just fine. It wont allow her to do a system restore. ...
BSOD Help and Support
Which antivirus is best at removing malware?
More at: Which antivirus is best at removing malware? | Zero Day | ZDNet.com
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:04.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App