I am helping a friend clean a grossly infected computer. Windows 10. Uses McAfee AV.

He ran Malwarebytes 3 without difficulty and it cleaned with no problem at all. I do have the log if needed but cannot find a way to attach the text file

He then attempted to use AdwCleaner v. 7.0.3.1 but it would not complete cleaning and received a box with notification that a problem had stopped the clean. It produced No log. So he booted to safe mode and ran it again. It ran all the way through the scan, he hit clean, the computer shut down but when it opened no cleaning was done. He tried this twice and gave me the scan logs.

I thought maybe the program had been damaged by one of the infected files so I had him uninstall it and download a brand new copy and try a scan again. Again he received the box informing him of a problem and the program closed. So again he booted to safe mode, scan completed Clean button appeared and he hit clean. Program and computer shut down but again when all rebooted the program did not clean.

I have this log also but no way to attach. I had him run Debug and have that log but again no way to attach.

Here is a copy/paste of the Scan log. All are the same, same malware files found:

 AdwCleaner 7.0.3.1 - Logfile created on Sun Oct 01 04:11:29 2017

# Updated on 2017/29/09 by Malwarebytes

# Database: 09-29-2017.1

# Running on Windows 10 Home (X64)

# Mode: scan

# Support: www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare

PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\IObit\Advanced SystemCare

PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare

PUP.Optional.AdvancedSystemCare, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare

PUP.Optional.AdvancedSystemCare, C:\Users\Dave&Toni\AppData\LocalLow\IObit\Advanced SystemCare

PUP.Optional.AdvancedSystemCare, C:\Users\Dave&Toni\AppData\Roaming\IObit\Advanced SystemCare

PUP.Optional.Legacy, C:\ProgramData\BoostSoftware

PUP.Optional.Legacy, C:\ProgramData\Application Data\BoostSoftware

PUP.Optional.Legacy, C:\Users\All Users\BoostSoftware

PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader

PUP.Optional.Legacy, C:\ProgramData\Application Data\IObit\ASCDownloader

PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader

Adware.Popups, C:\Users\Dave&Toni\AppData\Roaming\Device

Trojan.FakeAlert, C:\Users\Dave&Toni\AppData\Roaming\serv

***** [ Files ] *****

PUP.Optional.Legacy, C:\Users\All Users\Desktop\Smart Defrag 5.lnk

PUP.Optional.Legacy, C:\Users\Public\Desktop\Smart Defrag 5.lnk

PUP.Optional.DriverBooster, C:\Users\Dave&Toni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster 3.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.Legacy, Driver Booster Scheduler

***** [ Registry ] *****

PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IOBIT\ASC

PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare

PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare

PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare

PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect

PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net

PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com

PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\duvmkqu6ebwqz.cloudfront.net

PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dwq4do82y8xi7.cloudfront.net

PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com

PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\weatherblink.dl.tb.ask.com

PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com

PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.shopathome.com

PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {468B395C-4970-4D20-AEF6-07603A1C38AA}

PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {18422512-8D37-4CCB-B3C4-A2788EFD6205}

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\BoostSoftware

PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

PUP.Optional.DriverAgent, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\download.driversupport.com

PUP.Optional.DriverAgent, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driversupport.com

PUP.Optional.DriverAgent, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\download.driversupport.com

PUP.Optional.DriverAgent, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driversupport.com

***** [ Firefox (and derivatives) ] *****

PUP.Optional.Legacy, Plugin found: Advanced SystemCare Surfing Protection - IObit

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [5574 B] - [2017/9/30 21:51:40]

C:/AdwCleaner/AdwCleaner[S1].txt - [5396 B] - [2017/9/30 22:6:15]

C:/AdwCleaner/AdwCleaner[S2].txt - [5709 B] - [2017/10/1 3:14:2]

C:/AdwCleaner/AdwCleaner[S3].txt - [5529 B] - [2017/10/1 4:0:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt ##########

*******************************************************************************************************************************************

Here is copy/paste of Debug log

Debug LOG:

2017-10-01 15:39:51.912 DEBUG [6596] [MainUI::buttonScanClicked@294] Scan button clicked (-31986) 2017-10-01 15:39:51.957 DEBUG [10936] [MainUI::Entry@1277] [+] Checking for update... 2017-10-01 15:39:53.620 DEBUG [10936] [AdwCleanerSDK::checkCA@272] OID: 1.2.840.113549.1.1.1 2017-10-01 15:39:53.620 DEBUG [10936] [AdwCleanerSDK::checkCA@289] [!] Issuer OK 2017-10-01 15:39:53.621 DEBUG [10936] [AdwCleanerSDK::checkCA@272] OID: 1.2.840.113549.1.1.1 2017-10-01 15:39:53.622 DEBUG [10936] [AdwCleanerSDK::checkCA@289] [!] Issuer OK 2017-10-01 15:39:55.131 DEBUG [10936] [AdwCleanerSDK::checkCA@272] OID: 1.2.840.113549.1.1.1 2017-10-01 15:39:55.132 DEBUG [10936] [AdwCleanerSDK::checkCA@289] [!] Issuer NOK 2017-10-01 15:39:55.133 DEBUG [10936] [AdwCleanerSDK::checkCA@272] OID: 1.2.840.113549.1.1.1 2017-10-01 15:39:55.133 DEBUG [10936] [AdwCleanerSDK::checkCA@289] [!] Issuer NOK 2017-10-01 15:39:56.070 DEBUG [10936] [AdwCleanerSDK::checkCA@272] OID: 1.2.840.113549.1.1.1 2017-10-01 15:39:56.070 DEBUG [10936] [AdwCleanerSDK::checkCA@289] [!] Issuer NOK 2017-10-01 15:39:56.071 DEBUG [10936] [AdwCleanerSDK::checkCA@272] OID: 1.2.840.113549.1.1.1 2017-10-01 15:39:56.071 DEBUG [10936] [AdwCleanerSDK::checkCA@289] [!] Issuer NOK 2017-10-01 15:39:57.178 DEBUG [10936] [AdwCleanerSDK::checkCA@272] OID: 1.2.840.113549.1.1.1 2017-10-01 15:39:57.178 DEBUG [10936] [AdwCleanerSDK::checkCA@289] [!] Issuer NOK 2017-10-01 15:39:57.530 DEBUG [10936] [AdwCleanerSDK::checkCA@272] OID: 1.2.840.113549.1.1.1 2017-10-01 15:39:57.530 DEBUG [10936] [AdwCleanerSDK::checkCA@289] [!] Issuer NOK 2017-10-01 15:39:57.770 DEBUG [10936] [AdwCleanerSDK::GetVersionServer@393] [+] Last version: 7.0.3.0.1 2017-10-01 15:39:57.770 DEBUG [10936] [MainUI::Entry@1297] [+] Initialize Scan... 2017-10-01 15:39:57.785 DEBUG [10936] [MainUI::Entry@1338] [+] Updating database. 2017-10-01 15:39:59.544 DEBUG [10936] [AdwCleanerSDK::Database::Database::checkUpdate@1250] [+] 1... 2017-10-01 15:39:59.544 DEBUG [10936] [AdwCleanerSDK::Database::Database::checkUpdate@1256] SUCCESS 2017-10-01 15:39:59.545 DEBUG [10936] [AdwCleanerSDK::Database::Database::checkUpdate@1259] [+] Checking for fresh definitions 2017-10-01 15:39:59.709 DEBUG [10936] [AdwCleanerSDK::Database::Database::loadnonce@278] [+] Nonce fresh: 038fb1306bc1bae9 2017-10-01 15:39:59.709 DEBUG [10936] [AdwCleanerSDK::Database::Database::loadnonce@279] [+] Nonce unfresh: 038fb1306bc1bae9 2017-10-01 15:39:59.709 DEBUG [10936] [AdwCleanerSDK::Database::Database::checkUpdate@1266] [!] You already have the latest definitions. 2017-10-01 15:39:59.709 DEBUG [10936] [MainUI::Entry@1388] [+] Doing some magic. 2017-10-01 15:39:59.709 DEBUG [10936] [AdwCleanerSDK::Database::Database::gennonce@1044] [+] DB loading (1) 2017-10-01 15:39:59.709 DEBUG [10936] [AdwCleanerSDK::Database::Database::gennonce@1059] Success 2017-10-01 15:39:59.710 DEBUG [10936] [AdwCleanerSDK::Database::Database::genkey@26] [+] DB loading (2) 2017-10-01 15:39:59.710 DEBUG [10936] [AdwCleanerSDK::Database::Database::genkey@108] Success 2017-10-01 15:39:59.710 DEBUG [10936] [AdwCleanerSDK::Database::Database::decrypt@1422] 2 - SUCCESS 2017-10-01 15:39:59.713 DEBUG [10936] [AdwCleanerSDK::Database::Database::decrypt@1439] 4 - SUCCESS 2017-10-01 15:39:59.777 DEBUG [10936] [AdwCleanerSDK::Database::Database::decrypt@1454] 5 - SUCCESS 2017-10-01 15:39:59.779 DEBUG [10936] [AdwCleanerSDK::Database::Database::decrypt@1467] 6 - SUCCESS 2017-10-01 15:39:59.780 DEBUG [10936] [AdwCleanerSDK::Database::Database::decrypt@1472] 7... 2017-10-01 15:39:59.835 DEBUG [10936] [AdwCleanerSDK::Database::Database::decrypt@1477] 0 2017-10-01 15:39:59.842 DEBUG [10936] [AdwCleanerSDK::Database::Database::decrypt@1502] Magic done. 2017-10-01 15:39:59.842 DEBUG [10936] [AdwCleanerSDK::Database::Database::decompress@1278] [+] Loading the database (4) 2017-10-01 15:39:59.843 DEBUG [10936] [AdwCleanerSDK::Database::Database::LoadHeaderFromJson@1022] 09-29-2017.1 2017-10-01 15:39:59.844 DEBUG [10936] [AdwCleanerSDK::Database::Database::LoadHeaderFromJson@1030] 2293 2017-10-01 15:41:04.999 DEBUG [10936] [MainUI::Entry@1426] [+] Starting scan. 2017-10-01 15:41:05.004 DEBUG [10936] [MainUI::Entry@1430] [+] Scanning for Generics. 2017-10-01 15:41:05.050 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::ProgramFiles@1734] [Heuristics]-1- 2017-10-01 15:41:05.770 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::AppDataCommonDir@1995] [Heuristics]-2- 2017-10-01 15:41:06.136 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::AppDataDir@2091] [Heuristics]-3- 2017-10-01 15:41:06.263 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Installer@2286] [Heuristics]-4- 2017-10-01 15:41:06.513 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Folders@2336] [Heuristics]-5- 2017-10-01 15:41:06.910 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Files@2423] [Heuristics]-6- 2017-10-01 15:41:06.913 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Keys@2617] [Heuristics]-7- 2017-10-01 15:41:07.846 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Data@2798] [Heuristics]-8- 2017-10-01 15:41:07.860 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Data@2804] [Heuristics]-8-1 2017-10-01 15:41:07.902 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Data@2808] [Heuristics]-8-2 2017-10-01 15:41:07.902 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Data@2811] [Heuristics]-8-3 2017-10-01 15:41:07.903 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Data@2814] [Heuristics]-8-4 2017-10-01 15:41:07.903 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Data@2817] [Heuristics]-8-5 2017-10-01 15:41:07.905 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Data@2823] [Heuristics]-8-6 2017-10-01 15:41:07.907 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Value@2979] [Heuristics]-9- 2017-10-01 15:41:07.909 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::TaskName@3003] [Heuristics]-10- 2017-10-01 15:41:07.977 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::TaskContent@3061] [Heuristics]-11- 2017-10-01 15:41:10.651 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::ServicesName@3142] [Heuristics]-12- 2017-10-01 15:41:10.766 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::ServicesContent@3223] [Heuristics]-13- 2017-10-01 15:41:10.987 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Registry@3355] [Heuristics]-14- 2017-10-01 15:41:11.232 DEBUG [10936] [MainUI::Entry@1458] [+] Scanning for services. 2017-10-01 15:41:23.161 DEBUG [10936] [MainUI::Entry@1479] [+] Scanning for folders. 2017-10-01 15:41:32.404 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\ProgramData\IObit\Advanced SystemCare 2017-10-01 15:41:32.405 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\ProgramData\Application Data\IObit\Advanced SystemCare 2017-10-01 15:41:32.406 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare 2017-10-01 15:41:32.407 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\Program Files (x86)\IObit\Advanced SystemCare 2017-10-01 15:41:32.407 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare 2017-10-01 15:41:32.408 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare 2017-10-01 15:41:32.409 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\Users\All Users\IObit\Advanced SystemCare 2017-10-01 15:41:32.418 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\Users\Dave&Toni\AppData\LocalLow\IObit\Advanced SystemCare 2017-10-01 15:41:32.419 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\Users\Dave&Toni\AppData\Roaming\IObit\Advanced SystemCare 2017-10-01 15:41:32.438 DEBUG [10936] [MainUI::Entry@1489] [!] Family PUP.Optional.AdvancedSystemCare |Folders Found: 9 2017-10-01 15:41:55.071 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\ProgramData\BoostSoftware 2017-10-01 15:41:55.072 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\ProgramData\Application Data\BoostSoftware 2017-10-01 15:41:55.075 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\Users\All Users\BoostSoftware 2017-10-01 15:43:10.942 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\ProgramData\IObit\ASCDownloader 2017-10-01 15:43:10.943 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\ProgramData\Application Data\IObit\ASCDownloader 2017-10-01 15:43:10.947 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\Users\All Users\IObit\ASCDownloader 2017-10-01 15:43:13.689 DEBUG [10936] [MainUI::Entry@1489] [!] Family PUP.Optional.Legacy |Folders Found: 6 2017-10-01 15:43:27.516 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\Users\Dave&Toni\AppData\Roaming\Device 2017-10-01 15:43:27.542 DEBUG [10936] [MainUI::Entry@1489] [!] Family Adware.Popups |Folders Found: 1 2017-10-01 15:44:10.259 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\Users\Dave&Toni\AppData\Roaming\serv 2017-10-01 15:44:10.276 DEBUG [10936] [MainUI::Entry@1489] [!] Family Trojan.FakeAlert |Folders Found: 1 2017-10-01 15:44:23.836 DEBUG [10936] [MainUI::Entry@1498] [+] Scanning for files. 2017-10-01 15:44:54.571 DEBUG [10936] [AdwCleanerSDK::Files::ScanFile@49] [!] Found File (2): C:/Users\All Users\Desktop\Smart Defrag 5.lnk 2017-10-01 15:44:54.572 DEBUG [10936] [AdwCleanerSDK::Files::ScanFile@49] [!] Found File (2): C:/Users\Public\Desktop\Smart Defrag 5.lnk 2017-10-01 15:44:54.575 DEBUG [10936] [MainUI::Entry@1508] [!] Family PUP.Optional.Legacy |Files Found: 2 2017-10-01 15:45:13.239 DEBUG [10936] [AdwCleanerSDK::Files::ScanFile@39] [!] Found File (1): C:\Users\Dave&Toni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster 3.lnk 2017-10-01 15:45:13.254 DEBUG [10936] [MainUI::Entry@1508] [!] Family PUP.Optional.DriverBooster |Files Found: 1 2017-10-01 15:45:13.978 DEBUG [10936] [MainUI::Entry@1517] [+] Scanning for DLL. 2017-10-01 15:45:13.978 DEBUG [10936] [MainUI::Entry@1522] [!] WIP. 2017-10-01 15:45:13.978 DEBUG [10936] [MainUI::Entry@1527] [+] Scanning for WMI. 2017-10-01 15:45:14.054 DEBUG [10936] [MainUI::Entry@1545] [+] Scanning for Shortcuts. 2017-10-01 15:45:14.721 DEBUG [10936] [MainUI::Entry@1553] [+] Scanning for Scheduled Tasks. 2017-10-01 15:45:15.522 DEBUG [10936] [AdwCleanerSDK::Tasks::ScanTask@48] [!] Task found (10): Driver Booster Scheduler 2017-10-01 15:45:16.434 DEBUG [10936] [MainUI::Entry@1564] [!] Family PUP.Optional.Legacy |Tasks Found: 1 2017-10-01 15:45:17.164 DEBUG [10936] [MainUI::Entry@1571] [+] Scanning for Registry. 2017-10-01 15:45:17.182 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com 2017-10-01 15:45:17.200 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net 2017-10-01 15:45:17.211 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com 2017-10-01 15:45:17.213 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\duvmkqu6ebwqz.cloudfront.net 2017-10-01 15:45:17.213 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dwq4do82y8xi7.cloudfront.net 2017-10-01 15:45:17.309 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com 2017-10-01 15:45:17.336 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\weatherblink.dl.tb.ask.com 2017-10-01 15:45:17.344 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com 2017-10-01 15:45:17.381 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.shopathome.com 2017-10-01 15:45:17.405 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\download.driversupport.com 2017-10-01 15:45:17.405 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driversupport.com 2017-10-01 15:45:17.428 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\download.driversupport.com 2017-10-01 15:45:17.429 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driversupport.com 2017-10-01 15:45:17.777 DEBUG [10936] [AdwCleanerSDK::Registry::ScanFirewallPoliciesKeys@1264] [!] FOUND (Firewall Policies): SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{468B395C-4970-4D20-AEF6-07603A1C38AA}\v2.26|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe|Name=SP_FF| 2017-10-01 15:45:17.778 DEBUG [10936] [AdwCleanerSDK::Registry::ScanFirewallPoliciesKeys@1264] [!] FOUND (Firewall Policies): SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{18422512-8D37-4CCB-B3C4-A2788EFD6205}\v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe|Name=SP_FF| 2017-10-01 15:45:21.162 DEBUG [10936] [AdwCleanerSDK::Registry::ScanSoftware@55] [!] FOUND (Software): SOFTWARE\IOBIT\ASC 2017-10-01 15:45:21.184 DEBUG [10936] [AdwCleanerSDK::Registry::ScanOtherRegElts@2928] [!] FOUND: SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare 2017-10-01 15:45:21.184 DEBUG [10936] [AdwCleanerSDK::Registry::ScanOtherRegElts@2928] [!] FOUND: SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare 2017-10-01 15:45:21.185 DEBUG [10936] [AdwCleanerSDK::Registry::ScanOtherRegElts@2928] [!] FOUND: SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare 2017-10-01 15:45:21.185 DEBUG [10936] [AdwCleanerSDK::Registry::ScanOtherRegElts@2928] [!] FOUND: SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect 2017-10-01 15:45:21.185 DEBUG [10936] [MainUI::Entry@1604] [!] Family PUP.Optional.AdvancedSystemCare |Registry Found: 5 2017-10-01 15:45:40.515 DEBUG [10936] [AdwCleanerSDK::Registry::ScanSoftware@55] [!] FOUND (Software): SOFTWARE\BoostSoftware 2017-10-01 15:46:33.479 DEBUG [10936] [AdwCleanerSDK::Registry::ScanGUID@218] [!] FOUND (GUID): Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} 2017-10-01 15:48:35.958 DEBUG [10936] [MainUI::Entry@1604] [!] Family PUP.Optional.Legacy |Registry Found: 13 2017-10-01 15:48:36.943 DEBUG [10936] [AdwCleanerSDK::Registry::wstringtohive@2988] [!] Malformed hive.HKEY 2017-10-01 15:48:54.493 DEBUG [10936] [MainUI::Entry@1604] [!] Family PUP.Optional.DriverAgent |Registry Found: 4 2017-10-01 15:49:13.814 DEBUG [10936] [MainUI::Entry@1614] [+] Scanning for Web Browsers. 2017-10-01 15:49:13.825 DEBUG [10936] [MainUI::Entry@1617] Firefox based 2017-10-01 15:49:14.393 DEBUG [10936] [AdwCleanerSDK::Firefox::Scan@274] [!] Found Firefox Extension: iobitascsurfingprotection@iobit.comAdvanced SystemCare Surfing Protection 2017-10-01 15:49:14.415 DEBUG [10936] [MainUI::Entry@1624] Chromium based 2017-10-01 15:49:15.161 DEBUG [10936] [MainUI::Entry@1637] [?] - gen. 2017-10-01 15:49:15.993 DEBUG [10936] [MainUI::Entry@1641] [?] - gen 2. 2017-10-01 15:49:16.591 DEBUG [10936] [AdwCleanerSDK::Telemetry::DSE::SendStats@705] 201 2017-10-01 15:49:16.591 DEBUG [10936] [MainUI::Entry@1645] [?] - gen 3. 2017-10-01 15:49:16.591 DEBUG [10936] [MainUI::Entry@1648] [+] Writing logfile... 2017-10-01 15:49:16.591 DEBUG [10936] [MainUI::Entry@1650] [+] Done. 2017-10-01 15:49:17.117 DEBUG [6596] [MainUI::OnThreadUpdate@1846] [+] Generating results... 2017-10-01 15:49:34.223 DEBUG [6596] [MainUI::buttonCleanClicked@316] Clean button clicked (-31986) 2017-10-01 15:49:38.041 DEBUG [6596] [MainUI::buttonCleanClicked@338] [+] Retrieve results... 2017-10-01 15:49:38.089 DEBUG [6596] [MainUI::buttonCleanClicked@516] [+] Results retrieved - cleaning... 2017-10-01 15:49:38.096 DEBUG [13140] [AdwCleanerSDK::KillProcesses@168] [!] Killing processes. 2017-10-01 15:49:38.097 DEBUG [13140] [AdwCleanerSDK::KillProcesses@176] [!] Got enough permissions. 2017-10-01 15:49:38.115 DEBUG [13140] [AdwCleanerSDK::KillProcesses@237] [!] OpenProcess - [System Process] 87 2017-10-01 15:49:38.119 DEBUG [13140] [AdwCleanerSDK::KillProcesses@237] [!] OpenProcess - System 5 2017-10-01 15:49:38.123 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - smss.exe 2017-10-01 15:49:38.124 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - csrss.exe 2017-10-01 15:49:38.124 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - csrss.exe 2017-10-01 15:49:38.126 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - wininit.exe 2017-10-01 15:49:38.128 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - winlogon.exe 2017-10-01 15:49:38.131 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - services.exe 2017-10-01 15:49:38.133 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - lsass.exe 2017-10-01 15:49:38.137 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.140 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.140 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - fontdrvhost.exe 2017-10-01 15:49:38.141 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - fontdrvhost.exe 2017-10-01 15:49:38.143 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.145 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.145 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - dwm.exe 2017-10-01 15:49:38.147 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.149 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.152 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing IMFsrv.exe 2017-10-01 15:49:38.156 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.160 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.164 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.167 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.171 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.174 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.178 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.181 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.185 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.189 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.193 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.194 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - dasHost.exe 2017-10-01 15:49:38.196 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.199 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.201 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.203 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.205 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.207 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.210 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing igfxCUIService.exe 2017-10-01 15:49:38.213 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.216 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.219 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.222 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - RtkAudioService64.exe 2017-10-01 15:49:38.224 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - RAVBg64.exe 2017-10-01 15:49:38.227 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - RAVBg64.exe 2017-10-01 15:49:38.229 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.231 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.234 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.238 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.240 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.242 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - spoolsv.exe 2017-10-01 15:49:38.243 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.245 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.247 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.249 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.252 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.255 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.258 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.260 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.262 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.264 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing Jhi_service.exe 2017-10-01 15:49:38.268 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing HeciServer.exe 2017-10-01 15:49:38.271 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - mfevtps.exe 2017-10-01 15:49:38.275 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing SMService.exe 2017-10-01 15:49:38.281 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing IUService.exe 2017-10-01 15:49:38.285 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.290 DEBUG [13140] [AdwCleanerSDK::KillProcesses@237] [!] OpenProcess - SecurityHealthService.exe 5 2017-10-01 15:49:38.295 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing LiveUpdate.exe 2017-10-01 15:49:38.298 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - mfemms.exe 2017-10-01 15:49:38.303 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing PEFService.exe 2017-10-01 15:49:38.307 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.310 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.313 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.317 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.322 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing SynTPEnhService.exe 2017-10-01 15:49:38.328 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing ModuleCoreService.exe 2017-10-01 15:49:38.335 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing OfficeClickToRun.exe 2017-10-01 15:49:38.339 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.341 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - MBAMService.exe 2017-10-01 15:49:38.345 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.349 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.351 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - mfevtps.exe 2017-10-01 15:49:38.355 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.358 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.362 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.365 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.369 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.372 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.376 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.379 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.382 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - sihost.exe 2017-10-01 15:49:38.388 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing PresentationFontCache.exe 2017-10-01 15:49:38.392 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.397 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.398 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - explorer.exe 2017-10-01 15:49:38.403 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing ClassicStart.exe 2017-10-01 15:49:38.408 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing wtc.exe 2017-10-01 15:49:38.413 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - taskhostw.exe 2017-10-01 15:49:38.418 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing SynTPEnh.exe 2017-10-01 15:49:38.429 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing SmartDefrag.exe 2017-10-01 15:49:38.433 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - mbamtray.exe 2017-10-01 15:49:38.438 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing mfefire.exe 2017-10-01 15:49:38.443 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing McSvHost.exe 2017-10-01 15:49:38.454 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing igfxEM.exe 2017-10-01 15:49:38.462 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing igfxHK.exe 2017-10-01 15:49:38.462 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.478 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing SynTPHelper.exe 2017-10-01 15:49:38.478 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - RAVBg64.exe 2017-10-01 15:49:38.478 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing StartMenu_Hook.exe 2017-10-01 15:49:38.493 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - SearchIndexer.exe 2017-10-01 15:49:38.493 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - unsecapp.exe 2017-10-01 15:49:38.493 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing ShellExperienceHost.exe 2017-10-01 15:49:38.509 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - WmiPrvSE.exe 2017-10-01 15:49:38.509 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing ModuleCoreService.exe 2017-10-01 15:49:38.509 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - conhost.exe 2017-10-01 15:49:38.525 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing RuntimeBroker.exe 2017-10-01 15:49:38.525 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - InstallServices.exe 2017-10-01 15:49:38.525 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing UninstallMonitor.exe 2017-10-01 15:49:38.540 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing CLMLSvc_P2G8.exe 2017-10-01 15:49:38.540 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing McUICnt.exe 2017-10-01 15:49:38.540 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.556 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - smartscreen.exe 2017-10-01 15:49:38.556 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing SettingSyncHost.exe 2017-10-01 15:49:38.556 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing MSASCuiL.exe 2017-10-01 15:49:38.556 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - RtkNGUI64.exe 2017-10-01 15:49:38.572 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing MfeAVSvc.exe 2017-10-01 15:49:38.572 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - RAVBg64.exe 2017-10-01 15:49:38.587 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing dllhost.exe 2017-10-01 15:49:38.587 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing ONENOTEM.EXE 2017-10-01 15:49:38.603 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing hpwuschd2.exe 2017-10-01 15:49:38.603 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.603 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - CCleaner64.exe 2017-10-01 15:49:38.618 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing IMF.exe 2017-10-01 15:49:38.618 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing McCSPServiceHost.exe 2017-10-01 15:49:38.634 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.634 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.634 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.634 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing mcapexe.exe 2017-10-01 15:49:38.650 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing mfefire.exe 2017-10-01 15:49:38.665 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.665 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - IAStorDataMgrSvc.exe 2017-10-01 15:49:38.665 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - LMS.exe 2017-10-01 15:49:38.665 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.681 DEBUG [13140] [AdwCleanerSDK::KillProcesses@237] [!] OpenProcess - Memory Compression 5 2017-10-01 15:49:38.681 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.681 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing UNS.exe 2017-10-01 15:49:38.697 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - SearchUI.exe 2017-10-01 15:49:38.697 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.697 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing CompatTelRunner.exe 2017-10-01 15:49:38.697 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - conhost.exe 2017-10-01 15:49:38.712 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing CompatTelRunner.exe 2017-10-01 15:49:38.712 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing IMFTips.exe 2017-10-01 15:49:38.712 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing WmiApSrv.exe 2017-10-01 15:49:38.712 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.728 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.728 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe 2017-10-01 15:49:38.728 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - WmiPrvSE.exe 2017-10-01 15:49:38.743 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing TrustedInstaller.exe 2017-10-01 15:49:38.743 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - audiodg.exe 2017-10-01 15:49:38.743 DEBUG [13140] [MainUI::Entry@1681] [!] Got enough permissions. 2017-10-01 15:49:38.743 DEBUG [13140] [MainUI::Entry@1692] [+] Cleaning services. 2017-10-01 15:49:38.743 DEBUG [13140] [MainUI::Entry@1699] [+] Cleaning folders. 2017-10-01 15:49:38.743 DEBUG [13140] [AdwCleanerSDK::Folders::CleanFolder@74] [!] Removing C:\ProgramData\IObit\Advanced SystemCare 2017-10-01 15:49:38.743 DEBUG [13140] [AdwCleanerSDK::Folders::CleanFolder@115] [!] Correctly changed permissions 2017-10-01 15:49:38.743 DEBUG [13140] [AdwCleanerSDK::Quarantine::Add@137] [+] Adding C:/ProgramData/IObit/Advanced SystemCare to quarantine. 2017-10-01 15:49:38.868 DEBUG [13140] [AdwCleanerSDK::Quarantine::Add@173] Quarantine index recreation... 2017-10-01 15:49:38.884 DEBUG [13140] [AdwCleanerSDK::Quarantine::Add@178] 0 2017-10-01 15:49:38.884 DEBUG [13140] [AdwCleanerSDK::Quarantine::Add@203] [!] Success. 2017-10-01 15:49:38.915 DEBUG [13140] [AdwCleanerSDK::Folders::CleanFolder@126] 1 2017-10-01 15:49:38.915 DEBUG [13140] [AdwCleanerSDK::Folders::CleanFolder@70] [!] It's not a directory! C:/ProgramData/Application Data/IObit/Advanced SystemCare 2017-10-01 15:49:38.915 DEBUG [13140] [AdwCleanerSDK::Folders::CleanFolder@70] [!] It's not a directory! C:/Windows/System32/config/systemprofile/AppData/Roaming/IObit/Advanced SystemCare 2017-10-01 15:49:38.915 DEBUG [13140] [AdwCleanerSDK::Folders::CleanFolder@74] [!] Removing C:\Program Files (x86)\IObit\Advanced SystemCare 2017-10-01 15:49:38.915 DEBUG [13140] [AdwCleanerSDK::ChangeDirectoryAttribute@1037] [+] Changing folder permissions: 54D1FEFC-58E2-443F-BE95-C49E0FDFFB63 2017-10-01 15:49:38.931 DEBUG [13140] [AdwCleanerSDK::ChangeDirectoryAttribute@1037] [+] Changing folder permissions: amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.14393.953_none_a336699d9b5f0751

Re: Major difficulties with AdwCleaner v. 7.0.3.1

Update:

As per this thread; https://toolslib.net/forum/viewthread/13432-adwcleaner-7031-has-stopped-woring/

I had my friend try this suggestion;

Try to uncheck every registry element detected before pushing the Clean button. Then, it should work as expected.

It did not work. He tried in both normal mode, and received the message that "AdwCleaner stopped working" as soon as he hit clean. So I had him go to safe mode and try again. This time he hit clean and the program closed, the computer shut down but when it rebooted it had not cleaned anything.

The only time the program ran from start to finish as normal is if he removed check marks from EVERYTHING found and hit clean. If then ran as it should, "has to reboot" message as normal. It shut down and rebooted computer, log appeared, it was labeled a Clean log but of course nothing was cleaned.

Re: Major difficulties with AdwCleaner v. 7.0.3.1

Hello,

This time he hit clean and the program closed, the computer shut down but when it rebooted it had not cleaned anything.


notnats, 2017-10-02 03:31:16 (UTC)

Can you please share the cleaning logfile?

Thanks.

Re: Major difficulties with AdwCleaner v. 7.0.3.1

This is the only log available that says clean. This was done when he removed ALL check marks from all items found. Otherwise, when he removed check marks only from the registiry section the program did not go through with clean it just shut down. .

Hello,

This time he hit clean and the program closed, the computer shut down but when it rebooted it had not cleaned anything.


notnats, 2017-10-02 03:31:16 (UTC)

Can you please share the cleaning logfile?

Thanks.


cocochepeau, 2017-10-02 10:19:15 (UTC)

# AdwCleaner 7.0.3.1 - Logfile created on Mon Oct 02 00:19:26 2017 # Updated on 2017/29/09 by Malwarebytes # Running on Windows 10 Home (X64) # Mode: clean # Support: www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0

 

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [5574 B] - [2017/10/1 5:23:41] C:/AdwCleaner/AdwCleaner[S1].txt - [5395 B] - [2017/10/1 5:32:18] C:/AdwCleaner/AdwCleaner[S2].txt - [5708 B] - [2017/10/1 20:49:16] C:/AdwCleaner/AdwCleaner[S3].txt - [5530 B] - [2017/10/2 0:16:27]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

Re: Major difficulties with AdwCleaner v. 7.0.3.1

No response in TWO days!

It sure would be nice if this could finally be fixed. It appears these problems with AdwCleaner and PUP.Optional.Legacy and PUP.Optional.AdvancedSystemCare  listings have been going on since the release of v. 7 months ago. The reply always seems to be . "Thanks for the details. We'll look into it". or "it will be fixed with the next update"

I for one have been helping to clean a computer for over a week and it shouldn't be returned to the owner because AdwCleaner will not work and the listings are still there, despite continued promises that this will be fixed in the next update.

The owner of the computer is leaving town and needs the computer so now it will be returned to her still infected because AdwCleaner doesn't work and no other program is available to fix it.

I liked AdwCleaner much better before it was sold and maintained by the creator.

Re: Major difficulties with AdwCleaner v. 7.0.3.1

Hello,

Those issues will be fixed with the upcoming 7.1 release.

In the meantime, please try to use Malwarebytes by following this link: https://toolslib.net/downloads/viewdownload/309-malwarebytes/

Let me know how it goes.

Regards.

Re: Major difficulties with AdwCleaner v. 7.0.3.1

We used Malwarebytes 3 several times throughout the nearly a week and had no difficulties whatsoever running the program or having it clean. If you want the logs I have them and can send them to you.