Jump to content

Not sure what I'm dealing with (adwCleaner log)


Recommended Posts

I'm not actually certain if I'm infected. I do know that I haven't been able to successfully run either a full system or quick scan with my usual antivirus (Avira) in awhile. Malwarebytes works just fine, but it hasn't detected anything recently. The most troublesome thing with my laptop is the way it freezes up, and I'm forced to hard reboot. I thought it might be a hardware issue, but two days ago I was booted into a temporary user profile. I ended up having to repair a couple corrupted files, then tried to follow up with Microsoft Safety Scanner. The first time I ran this scan, it detected at least 1 problem, but five hours into the scan it suddenly stopped progressing, so I cancelled. After I regained access to my original user profile, I tried to run it a second time. It froze up the same way Avira does whenever I attempt to run a scan.

 

I decided to try adwCleaner to see if maybe it would find anything. I didn't have any problems running it, but it detected more than I expected it to. I'm hesitant to just start tossing things into quarantine without making sure that I'm not accidentally including something that is important. I'd also like to know if there's something else I should do afterwards. Help would be very much appreciated!

 

AdwCleaner[S1].txt

Link to post
Share on other sites

Hello Beryl and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..
Link to post
Share on other sites

Hiya Beryl,

There is no obvious malware or infection on your system, there is however evidence of possible damage to your HDD. Event viewer list in Addition.txt log shows the following:
 

Quote

 

Error: (02/27/2017 05:22:32 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/27/2017 05:21:28 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/27/2017 05:20:26 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/27/2017 05:19:25 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

That may maybe the reason for the freezes....  Run the following see if chkdsk makes any difference..

Select the Windows key and X Key together. From the produced list select::

Command Promt (Admin)

Accept UAC alert...

At the Command prompt, type

CHKDSK C: /R

hit the Enter key.

You will get a message that the drive cannot be locked, but that the command can be scheduled to run at the next boot - hit the Y key, press Enter, and then reboot.

The CHKDSK may take a few hours depending on the size of the drive, so be patient!

After the CHKDSK has run use the following instructions to find the log:

Check Disk report:

  • Press the WindowsKey + R on your keyboard at the same time. Type eventvwr into the run box and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, (expand the drop  down arrow) check only Wininit and click OK.
  • You mayl be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.


Post that log....

Thank you,

Kevin

Link to post
Share on other sites

Yeah, I had wondered if it was something damaged. :( The chkdsk finished running, so these were the results:

 

Thanks!

 

 

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          3/1/2017 5:10:37 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Soundwave
Description:


Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  436736 file records processed.                                                        

File verification completed.
  8766 large file records processed.                                   

  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
  555694 index entries processed.                                                       

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      


Stage 3: Examining security descriptors ...
Cleaning up 678 unused index entries from index $SII of file 0x9.
Cleaning up 678 unused index entries from index $SDH of file 0x9.
Cleaning up 678 unused security descriptors.
Security descriptor verification completed.
  59480 data files processed.                                           

CHKDSK is verifying Usn Journal...
  39325024 USN bytes processed.                                                           

Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
Read failure with status 0xc000009c at offset 0x187677c000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x1876780000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x1876781000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x1876781000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x1876782000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x1876782000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x1876783000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x1876783000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x1876784000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x1876784000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x1876785000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x1876785000 for 0x1000 bytes.
Windows replaced bad clusters in file 22706
of name \PROGRA~2\CYBERL~1\LABELP~1\Language\Kor\LPRes.dll.
Read failure with status 0xc000009c at offset 0x18766d1000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x18766dc000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18766dd000 for 0xc000 bytes.
Read failure with status 0xc000009c at offset 0x18766dd000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18766de000 for 0xb000 bytes.
Read failure with status 0xc000009c at offset 0x18766de000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18766df000 for 0xa000 bytes.
Read failure with status 0xc000009c at offset 0x18766df000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18766e0000 for 0x9000 bytes.
Read failure with status 0xc000009c at offset 0x18766e0000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18766e1000 for 0x8000 bytes.
Read failure with status 0xc000009c at offset 0x18766e1000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18766e2000 for 0x7000 bytes.
Read failure with status 0xc000009c at offset 0x18766e4000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18766e5000 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x18766e5000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18766e6000 for 0x3000 bytes.
Read failure with status 0xc000009c at offset 0x18766e6000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18766e7000 for 0x2000 bytes.
Read failure with status 0xc000009c at offset 0x18766e7000 for 0x1000 bytes.
Windows replaced bad clusters in file 281577
of name \PROGRA~2\WEBZEN\C9\CHARAC~1\chr_npc\GAJDET~1\N10000~1\N10000~1.CFS.
  436720 files processed.                                                               

File data verification completed.

Stage 5: Looking for bad, free clusters ...
  55642219 free clusters processed.                                                       

Free space verification is complete.
Adding 16 bad clusters to the Bad Clusters File.
CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows has made corrections to the file system.
No further action is required.

 459987967 KB total disk space.
 236696772 KB in 292692 files.
    202920 KB in 59481 indexes.
        64 KB in bad sectors.
    519335 KB in use by the system.
     65536 KB occupied by the log file.
 222568876 KB available on disk.

      4096 bytes in each allocation unit.
 114996991 total allocation units on disk.
  55642219 allocation units available on disk.

Internal Info:
00 aa 06 00 b8 5f 05 00 d1 aa 09 00 00 00 00 00  ....._..........
9b 03 00 00 36 00 00 00 00 00 00 00 00 00 00 00  ....6...........

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2017-03-01T22:10:37.000000000Z" />
    <EventRecordID>316551</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Soundwave</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  436736 file records processed.                                                        

File verification completed.
  8766 large file records processed.                                   

  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
  555694 index entries processed.                                                       

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      


Stage 3: Examining security descriptors ...
Cleaning up 678 unused index entries from index $SII of file 0x9.
Cleaning up 678 unused index entries from index $SDH of file 0x9.
Cleaning up 678 unused security descriptors.
Security descriptor verification completed.
  59480 data files processed.                                           

CHKDSK is verifying Usn Journal...
  39325024 USN bytes processed.                                                           

Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
Read failure with status 0xc000009c at offset 0x187677c000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x1876780000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x1876781000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x1876781000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x1876782000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x1876782000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x1876783000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x1876783000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x1876784000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x1876784000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x1876785000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x1876785000 for 0x1000 bytes.
Windows replaced bad clusters in file 22706
of name \PROGRA~2\CYBERL~1\LABELP~1\Language\Kor\LPRes.dll.
Read failure with status 0xc000009c at offset 0x18766d1000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x18766dc000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18766dd000 for 0xc000 bytes.
Read failure with status 0xc000009c at offset 0x18766dd000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18766de000 for 0xb000 bytes.
Read failure with status 0xc000009c at offset 0x18766de000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18766df000 for 0xa000 bytes.
Read failure with status 0xc000009c at offset 0x18766df000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18766e0000 for 0x9000 bytes.
Read failure with status 0xc000009c at offset 0x18766e0000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18766e1000 for 0x8000 bytes.
Read failure with status 0xc000009c at offset 0x18766e1000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18766e2000 for 0x7000 bytes.
Read failure with status 0xc000009c at offset 0x18766e4000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18766e5000 for 0x4000 bytes.
Read failure with status 0xc000009c at offset 0x18766e5000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18766e6000 for 0x3000 bytes.
Read failure with status 0xc000009c at offset 0x18766e6000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x18766e7000 for 0x2000 bytes.
Read failure with status 0xc000009c at offset 0x18766e7000 for 0x1000 bytes.
Windows replaced bad clusters in file 281577
of name \PROGRA~2\WEBZEN\C9\CHARAC~1\chr_npc\GAJDET~1\N10000~1\N10000~1.CFS.
  436720 files processed.                                                               

File data verification completed.

Stage 5: Looking for bad, free clusters ...
  55642219 free clusters processed.                                                       

Free space verification is complete.
Adding 16 bad clusters to the Bad Clusters File.
CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows has made corrections to the file system.
No further action is required.

 459987967 KB total disk space.
 236696772 KB in 292692 files.
    202920 KB in 59481 indexes.
        64 KB in bad sectors.
    519335 KB in use by the system.
     65536 KB occupied by the log file.
 222568876 KB available on disk.

      4096 bytes in each allocation unit.
 114996991 total allocation units on disk.
  55642219 allocation units available on disk.

Internal Info:
00 aa 06 00 b8 5f 05 00 d1 aa 09 00 00 00 00 00  ....._..........
9b 03 00 00 36 00 00 00 00 00 00 00 00 00 00 00  ....6...........

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

 

 

Link to post
Share on other sites

I recommend you also run SeaTools HDD diagnostic check to make sure the HDD is fit for purpose....

Go here: https://www.sysnative.com/forums/hardware-tutorials/4072-hard-drive-hdd-diagnostics.html and download the ISO, that will need to be burnt to a CD to test your HDD.

The full instructions are also at that link, IMGBurn is suggested to be used to burn the CD, be aware it may come bundled with unwanted extras. I recommend you get the free version of BurnAware from the following link:

http://www.burnaware.com/download.html

Follow the instructions to run that tool here: http://knowledge.seagate.com/articles/en_US/FAQ/201271en#GUI

Post back the findings,

Thank you,

Kevin
Link to post
Share on other sites

I won't be able to run that anytime soon, because I'd need an external cd drive. This laptop as a whole is fairly well-used, though, so I would not be surprised if it's getting worn out. I just wanted to be make sure that there isn't anything malware related. Is there anything on the malware scans that I should clean out? I only ran the scans but I didn't take action with them.

 

Thank you so much for you help! I really appreciate it.

Link to post
Share on other sites

There was no obvious Malware or Infection in the logs posted, I would normally still run an AV scan but it may cause stress to your HD and wreck it altogether. I`d recommend that you back up anything really important just incase the HDD fails in service.... The freezes you mention are an indicator of pending failure....

 

 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.