Trouble Removing These Malware Registry Errors


  1. Posts : 14
    Windows 7 Home Premium 64bit
       #1

    Trouble Removing These Malware Registry Errors


    Hey there,

    I've been getting the same message from Malware Bytes for quite some time now. I've gone into the registry and tried removing the entries but they keep showing up. I've searched a bunch of different places with advice on how to remove the errors but have had no luck. MB says "non-malware detected" every time it scans so I go into the log to quarantine and it gets rid of them, but then they show up on the next scan.

    Any advice??? Here is the latest log from MB:

    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Scan Date: 9/18/2014
    Scan Time: 9:11:36 AM
    Logfile:
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.09.18.03
    Rootkit Database: v2014.09.15.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: User

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 346849
    Time Elapsed: 6 min, 44 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 4
    PUP.Optional.uTorrenToolBar.A, HKU\S-1-5-21-4088796611-3258344891-1885352423-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, , [3ae1bb34c6b5f73f9b9dabdfcf33ea16],
    PUP.Optional.uTorrenToolBar.A, HKU\S-1-5-21-4088796611-3258344891-1885352423-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, , [3ae1bb34c6b5f73f9b9dabdfcf33ea16],
    PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, , [fb205d92bac168cefc57a6e43ec40df3],
    PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{8660E5B3-6C41-44DE-8503-98D99BBECD41}, , [fb205d92bac168cefc57a6e43ec40df3],

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
      My Computer


  2. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #2

    Uninstall uTorrent from Programs and features.


    Next, download AdwCleaner by Xplode and save to your Desktop.


    Step 1.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running
      the tool.



    Step 2.
    Using AdwCleaner v3: Scan & Clean:
    This time click on the Clean button.
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.
    A copy of that logfile will also be saved in the C:\AdwCleaner folder


    ******Post both .txt logs
      My Computer


  3. Posts : 14
    Windows 7 Home Premium 64bit
    Thread Starter
       #3

    Here's the log. Thanks for the quick response!

    # AdwCleaner v3.310 - Report created 18/09/2014 at 18:24:12
    # Updated 12/09/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : User - USER-PC
    # Running from : C:\Users\User\Downloads\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17280


    -\\ Mozilla Firefox v32.0.1 (x86 en-US)

    [ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wuu5c3vk.default-1407083182543\prefs.js ]


    -\\ Google Chrome v37.0.2062.120

    [ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    Found [Extension] : eofcbnmajmjmplflapaojjnihcjkigck

    *************************

    AdwCleaner[R0].txt - [6934 octets] - [03/08/2014 12:30:04]
    AdwCleaner[R1].txt - [1270 octets] - [18/09/2014 18:24:12]
    AdwCleaner[S0].txt - [7063 octets] - [03/08/2014 12:32:12]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1390 octets] ##########
      My Computer


  4. Posts : 14
    Windows 7 Home Premium 64bit
    Thread Starter
       #4

    And here is what I have after the cleaner.

    Just got a scan message from MB stating the registry entries are still there...

    # AdwCleaner v3.310 - Report created 18/09/2014 at 18:28:24
    # Updated 12/09/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : User - USER-PC
    # Running from : C:\Users\User\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17280


    -\\ Mozilla Firefox v32.0.1 (x86 en-US)

    [ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wuu5c3vk.default-1407083182543\prefs.js ]


    -\\ Google Chrome v37.0.2062.120

    [ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    Deleted [Extension] : eofcbnmajmjmplflapaojjnihcjkigck

    *************************

    AdwCleaner[R0].txt - [6934 octets] - [03/08/2014 12:30:04]
    AdwCleaner[R1].txt - [1470 octets] - [18/09/2014 18:24:12]
    AdwCleaner[S0].txt - [7063 octets] - [03/08/2014 12:32:12]
    AdwCleaner[S1].txt - [1401 octets] - [18/09/2014 18:28:24]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1461 octets] ##########
      My Computer


  5. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #5

    Please download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forum and save it to your desktop.
    Save any unsaved work. TFC will close ALL open programs including your browser!
    Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
    Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

    Important! Manually reboot the machine to ensure a complete clean.


    After rebooting, download DDS from one of these links:
    DDS.com
    DDS.pif
    • Disable any script blocking protection
    • Double click the dds icon to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt <--- will be minimized in the task tray
    • Save both reports to your desktop.


    Include the contents of both logs in your next post.
    The scan will instruct you to post Attach.txt as an attachment.
      My Computer


  6. Posts : 14
    Windows 7 Home Premium 64bit
    Thread Starter
       #6

    Ok here's what I have:
    Trouble Removing These Malware Registry Errors Attached Files
      My Computer


  7. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #7

    Spybot s&d will protect some bad processes that you want to get rid of. Disable it, then download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
      My Computer


  8. Posts : 14
    Windows 7 Home Premium 64bit
    Thread Starter
       #8

    Here's what the log shows:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.9 (09.20.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by User on Sun 09/21/2014 at 8:39:36.81
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4088796611-3258344891-1885352423-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wuu5c3vk.default-1407083182543\minidumps [6 files]



    ~~~ Chrome

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 09/21/2014 at 8:47:43.68
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      My Computer


  9. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #9

    Tell me how you computer is running now.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 14:43.
Find Us