Jump to content

AdwCleaner debug log

PeterJ

By PeterJ
in Malwarebytes AdwCleaner

 Share

Recommended Posts

PeterJ

PeterJ

Posted
Posted

AdwCleaner v6.0.44 keeps finding some registry keys but fails to delete them.
The debug.log shows following: 

2017-03-25 21:35:55 :     <INFO>    [clean] - Progress: 55%
2017-03-25 21:35:55 :     <INFO>    [clean.registry] - Starting registry clean
2017-03-25 21:35:55 :     <INFO>    [clean.registry] - Cleaning registry
2017-03-25 21:35:55 :     <WARN>    [quarantine] - Can't read key, attempting to delete key on reboot [HKLM\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:56 :     <INFO>    [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:56 :     <WARN>    [quarantine] - Can't read key, attempting to delete key on reboot [HKLM\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:56 :     <INFO>    [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:56 :     <WARN>    [quarantine] - Can't read key, attempting to delete key on reboot [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:56 :     <INFO>    [quarantine] - Added registry element to quarantine database [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:56 :     <WARN>    [quarantine] - Can't read key, attempting to delete key on reboot [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:56 :     <INFO>    [quarantine] - Added registry element to quarantine database [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:56 :     <WARN>    [quarantine] - Can't read key, attempting to delete key on reboot [HKLM64\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:56 :     <INFO>    [quarantine] - Added registry element to quarantine database [HKLM64\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:56 :     <WARN>    [quarantine] - Can't read key, attempting to delete key on reboot [HKLM64\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:57 :     <INFO>    [quarantine] - Added registry element to quarantine database [HKLM64\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:57 :     <INFO>    [clean.registry] - Registry cleaned
2017-03-25 21:35:57 :     <INFO>    [clean.registry] - Stopping registry clean

 

SystemLook.exe can't find the mentioned registry keys.
Any help on this issue please.

 

Link to post
Share on other sites
  • 1 month later...
scuzzyfuzzy

scuzzyfuzzy

Posted
Posted

Hi,

I have a similar problem - AdwCleaner (latest version) finds 6 registry keys, but fails to delete them.

After reboot, there pops up a cmd line window for a second, and the only words I could read are "...can't delete..." or "..can't find...", or something like that, and after a new scan it finds the same thing.

Btw, in the last 2 weeks I tried 8-9 different anti-virus, anti-malware etc. applications, but the problem (malware) is still here...

Thanks :)

AdwCleaner[S7].txt

Link to post
Share on other sites
scuzzyfuzzy

scuzzyfuzzy

Posted
Posted

Hi,

so I did a scan with the newest MB and also ran AdwCleaner again, unfortunately to the same result.

Pls find attached the corresponding logs.

This is what I did:

1. DL & Install MB 3.1

2. Restart

3. Scan with MB3.1 (clean log)

4. Scan with AdwCleaner (same 6 reg keys found, chose to fix)

5. Restart

6. New scan with AdwCleaner (same result, no fix, no restart)

 

Pls let me know if this is perhaps a false alarm (though the fact that MB & eset keep telling me they stop some unusual outgoing traffic makes me believe that there still might be some malware that can't be easily removed)

Tnx :)

MB_ADW_logs.zip

Link to post
Share on other sites
  • Staff
jboursier

jboursier

Posted
  • Staff
Posted

Hello,

Thanks.

 

  • Download FRST

  • Download fixlist.txt file and save it to the Desktop (with the name "fixlist.txt")

    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

  • Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Thanks,

Link to post
Share on other sites
  • Staff
jboursier

jboursier

Posted
  • Staff
Posted

Hello,

Ok, it's better but not sufficient, so we'll begin by the basics:

  • Relaunch frst
  • Right-click on the file -> "Execute as Administrator"
  • Click on the "Scan" button
  • The logfile is saved as FRST.txt , and additional informations are in Addition.txt.
  • Please host them on Up2Share and share the generated link

Thanks,

Link to post
Share on other sites
  • Staff
jboursier

jboursier

Posted
  • Staff
Posted

Hello,

- Do you use MIO GPS?

- Once again:

  • Download fixlist.txt file and save it to the Desktop (with the name "fixlist.txt")

    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

  • Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Thanks,

Link to post
Share on other sites
scuzzyfuzzy

scuzzyfuzzy

Posted
Posted

Hi,

folder removed (though I think it might be just one of those fake folders I've killed by the dozens in the past month since this problem started...)

Also ran MWB, AdwCleaner, etc., logs here -> https://up2sha.re/file?f=ruittwIZ (if it's any help to you)

And yes, those pesky little buggers are still there in the registry... (maybe flying close to the sun would do the trick...?) 

Tnx :)

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.