Jump to content

Recommended Posts

AdwCleaner v6.0.44 keeps finding some registry keys but fails to delete them.
The debug.log shows following:

2017-03-25 21:35:55 :     <INFO>    [clean] - Progress: 55%
2017-03-25 21:35:55 :     <INFO>    [clean.registry] - Starting registry clean
2017-03-25 21:35:55 :     <INFO>    [clean.registry] - Cleaning registry
2017-03-25 21:35:55 :     <WARN>    [quarantine] - Can't read key, attempting to delete key on reboot [HKLM\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:56 :     <INFO>    [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:56 :     <WARN>    [quarantine] - Can't read key, attempting to delete key on reboot [HKLM\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:56 :     <INFO>    [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:56 :     <WARN>    [quarantine] - Can't read key, attempting to delete key on reboot [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:56 :     <INFO>    [quarantine] - Added registry element to quarantine database [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:56 :     <WARN>    [quarantine] - Can't read key, attempting to delete key on reboot [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:56 :     <INFO>    [quarantine] - Added registry element to quarantine database [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:56 :     <WARN>    [quarantine] - Can't read key, attempting to delete key on reboot [HKLM64\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:56 :     <INFO>    [quarantine] - Added registry element to quarantine database [HKLM64\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:56 :     <WARN>    [quarantine] - Can't read key, attempting to delete key on reboot [HKLM64\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:57 :     <INFO>    [quarantine] - Added registry element to quarantine database [HKLM64\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC]
2017-03-25 21:35:57 :     <INFO>    [clean.registry] - Registry cleaned
2017-03-25 21:35:57 :     <INFO>    [clean.registry] - Stopping registry clean

 

SystemLook.exe can't find the mentioned registry keys.
Any help on this issue please.

 

Link to post
Share on other sites

  • 1 month later...

Hi,

I have a similar problem - AdwCleaner (latest version) finds 6 registry keys, but fails to delete them.

After reboot, there pops up a cmd line window for a second, and the only words I could read are "...can't delete..." or "..can't find...", or something like that, and after a new scan it finds the same thing.

Btw, in the last 2 weeks I tried 8-9 different anti-virus, anti-malware etc. applications, but the problem (malware) is still here...

Thanks :)

AdwCleaner[S7].txt

Link to post
Share on other sites

Hi,

so I did a scan with the newest MB and also ran AdwCleaner again, unfortunately to the same result.

Pls find attached the corresponding logs.

This is what I did:

1. DL & Install MB 3.1

2. Restart

3. Scan with MB3.1 (clean log)

4. Scan with AdwCleaner (same 6 reg keys found, chose to fix)

5. Restart

6. New scan with AdwCleaner (same result, no fix, no restart)

 

Pls let me know if this is perhaps a false alarm (though the fact that MB & eset keep telling me they stop some unusual outgoing traffic makes me believe that there still might be some malware that can't be easily removed)

Tnx :)

MB_ADW_logs.zip

Link to post
Share on other sites

  • Staff

Hello,

Thanks.

 

  • Download FRST
  • Download fixlist.txt file and save it to the Desktop (with the name "fixlist.txt")

    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

  • Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Thanks,

Link to post
Share on other sites

  • Staff

Hello,

Ok, it's better but not sufficient, so we'll begin by the basics:

  • Relaunch frst
  • Right-click on the file -> "Execute as Administrator"
  • Click on the "Scan" button
  • The logfile is saved as FRST.txt , and additional informations are in Addition.txt.
  • Please host them on Up2Share and share the generated link

Thanks,

Link to post
Share on other sites

  • Staff

Hello,

- Do you use MIO GPS?

- Once again:

  • Download fixlist.txt file and save it to the Desktop (with the name "fixlist.txt")

    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

  • Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Thanks,

Link to post
Share on other sites

Hi,

folder removed (though I think it might be just one of those fake folders I've killed by the dozens in the past month since this problem started...)

Also ran MWB, AdwCleaner, etc., logs here -> https://up2sha.re/file?f=ruittwIZ (if it's any help to you)

And yes, those pesky little buggers are still there in the registry... (maybe flying close to the sun would do the trick...?) 

Tnx :)

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.