|
|
Post by jholland1964 on Sept 30, 2017 23:49:10 GMT -5
Let me know when you are ready to quit for the night. I know you are in Indiana and they have 2 time zones. (I'm currently in S.Illinois). Right now it is 12:41 a.m. here. I think you are an hour behind me. I am about ready to head to bed but can wait a bit if you want. Since AdwCleaner removed so many more malware files another run of MBA-M would be good to do. Very often after running AdwCleaner then MBA-M can again find more files that weren't as visible before the AdwCleaner run. So do another run with MBA-M and of course have it clean. You also mentioned these earlier: TeamViewer10, IObit uninstaller, Driver Booster 4, Start Menu8, Smart Defrag 5, Win Tonic. Team Viewer is not a bad program but why is she using it? All the rest MUST go for sure. Check for them again and if they are still listed, Remove them. They may already be gone because they all are listed in one or the other of the removal logs. |
|
acker1
Member
Posts: 220 
Former World Start Member: Yes
|
Post by acker1 on Sept 30, 2017 23:58:59 GMT -5
"You said there was nothing, where was there nothing?"
Under the 'clean' tab when you open the logs.
Now, should I continue with the "Remove Advance-System Care" instruction from BleepingComputer? When I get thru that, if those other Advance things are still there should I remove them manually?
DICK
|
|
|
|
Post by jholland1964 on Oct 1, 2017 0:07:19 GMT -5
"You said there was nothing, where was there nothing?" Under the 'clean' tab when you open the logs. Now, should I continue with the "Remove Advance-System Care" instruction from BleepingComputer? When I get thru that, if those other Advance things are still there should I remove them manually? DICK If the Clean Button shows then there IS something that needs cleaning. It is NOT a Tab, it is a Button that will show After the scan is complete. If there are no infected files found then you will receive a small box that says nothing was found and the system is clean. Uh-oh, just noticed something, the AdwCleaner log is the Scan log only, not the Clean log so you did not have the program clean. You need to run it again. Please follow These instructions to the letter: 1. CLOSE ALL other programs you have running....av program, browsers, email programs. Letting those run while clean up tools to run slows the clean up immensely AND may not allow full clean up because many, if not most tools, cannot clean an open program. So close all that. Only open browser window AFTER the a tool has been run and used to clean and produces a log. Then open the one window and come back here and post the logs required. Double click AdwCleaner to open it: Hit the SCAN button to have AdwCleaner to search your computer for unwanted programs and then display a log showing the various files, folders, and registry entries used by these programs. Once this search is complete you will see the words “PENDING” immediately move on to step 2. 2. Next click on the CLEAN button which will cause AdwCleaner to reboot your computer and remove the files and registry entries associated with the various adware that you are removing. On reboot, AdwCleaner will display a log showing the files, folders, and registry entries that were removed. Copy/paste that log here. Please NOTE there are TWO steps so sure to absolutely BOTH steps before you come back here and post the log. After seeing the log I will give you the next steps. Also do NOT continue with the instructions from bleeping computer unless I tell you to do so. Attachments:
|
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 1, 2017 0:26:48 GMT -5
Ran it and it again said it could not do the clean. I am trying it again in safe mode.
Never did see the word "pending"
|
|
|
|
Post by jholland1964 on Oct 1, 2017 0:30:03 GMT -5
Ran it and it again said it could not do the clean. I am trying it again in safe mode. Never did see the word "pending" Do run it in Safe Mode and follow the directions as given. This new version no longer says "pending" it will say "Waiting an action" and if there IS something found then the Scan button changes to Clean button. Hit that button and follow the directions. It WILL give you a box that says "All processes will be closed. Please save your current work, if any" and then it will give you another box telling you that "AdwCleaner must restart the computer to complete the removal process" and then it will restart the computer and the log will pop up on its own when the computer is fully rebooted. Copy/Paste the log here. |
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 1, 2017 0:49:01 GMT -5
The registry log showed up. Never saw the word 'pending'. As soon as I clicked the clean button it shut down AdwCleaner and didn't reboot.
|
|
|
|
Post by jholland1964 on Oct 1, 2017 0:51:51 GMT -5
The registry log showed up. Never saw the word 'pending'. As soon as I clicked the clean button it shut down AdwCleaner and didn't reboot. There is no such thing as a registry log so don't know what you are talking about. If you mean the list of things found it would contain many registry listings of course. Did you reboot it yourself? If not please do so ASAP and post the log. Log files are stored in C:\AdwCleaner\ and the naming format is as follows: Scan: AdwCleaner[Sxxx].txt Clean: AdwCleaner[Cxxx].txt
You want the one that says Clean: and has C in the parenthesis with a number or numbers. |
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 1, 2017 0:58:50 GMT -5
Sorry, it was the log that showed registry entries with the other stuff. I did reboot it myself. Log: # AdwCleaner 7.0.3.1 - Logfile created on Sun Oct 01 05:32:18 2017 # Updated on 2017/29/09 by Malwarebytes # Database: 09-29-2017.1 # Running on Windows 10 Home (X64) # Mode: scan # Support: www.malwarebytes.com/support***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Users\Dave&Toni\AppData\LocalLow\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Users\Dave&Toni\AppData\Roaming\IObit\Advanced SystemCare PUP.Optional.Legacy, C:\ProgramData\BoostSoftware PUP.Optional.Legacy, C:\ProgramData\Application Data\BoostSoftware PUP.Optional.Legacy, C:\Users\All Users\BoostSoftware PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader PUP.Optional.Legacy, C:\ProgramData\Application Data\IObit\ASCDownloader PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader Adware.Popups, C:\Users\Dave&Toni\AppData\Roaming\Device Trojan.FakeAlert, C:\Users\Dave&Toni\AppData\Roaming\serv ***** [ Files ] ***** PUP.Optional.Legacy, C:\Users\All Users\Desktop\Smart Defrag 5.lnk PUP.Optional.Legacy, C:\Users\Public\Desktop\Smart Defrag 5.lnk PUP.Optional.DriverBooster, C:\Users\Dave&Toni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster 3.lnk ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** PUP.Optional.Legacy, Driver Booster Scheduler ***** [ Registry ] ***** PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IOBIT\ASC PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\duvmkqu6ebwqz.cloudfront.net PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dwq4do82y8xi7.cloudfront.net PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\weatherblink.dl.tb.ask.com PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.shopathome.com PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {468B395C-4970-4D20-AEF6-07603A1C38AA} PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {18422512-8D37-4CCB-B3C4-A2788EFD6205} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\BoostSoftware PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} PUP.Optional.DriverAgent, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\download.driversupport.com PUP.Optional.DriverAgent, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driversupport.com PUP.Optional.DriverAgent, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\download.driversupport.com PUP.Optional.DriverAgent, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driversupport.com ***** [ Firefox (and derivatives) ] ***** PUP.Optional.Legacy, Plugin found: Advanced SystemCare Surfing Protection - IObit ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [5574 B] - [2017/10/1 5:23:41] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ########## |
|
|
|
Post by jholland1964 on Oct 1, 2017 1:01:33 GMT -5
Wrong log. That is the Scan log. Please look at my post above yours. You want the one that mode Clean.
|
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 1, 2017 1:04:13 GMT -5
"AdwCleaner must restart the computer to complete the removal process" This never appeared either.
|
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 1, 2017 1:05:48 GMT -5
In the 'log manager' nothing shows under "clean".
|
|
|
|
Post by jholland1964 on Oct 1, 2017 1:08:26 GMT -5
"AdwCleaner must restart the computer to complete the removal process" This never appeared either. That does not always happen. You said it DID shut down the computer. There is obviously something very wrong if this will not clean, even in safe mode. Let's stop for tonight and begin again tomorrow. I will do some more research and see what I can come up with. Do NOT run any other programs. Do not leave this computer online, turn it all the way off. It is Grossly Infected. Note one of the items found by AdwCleaner Trojan.FakeAlert. Let me do some checking and I will get back with you tomorrow morning or afternoon, depending on what I can find. |
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 1, 2017 1:12:50 GMT -5
I restarted the puter not the program. It is a good time to take a break. I'll check tomorrow (sun) afternoon.
Many thanks
DICK
|
|
|
|
Post by jholland1964 on Oct 1, 2017 9:37:30 GMT -5
I restarted the puter not the program. It is a good time to take a break. I'll check tomorrow (sun) afternoon. Many thanks DICK I knew you meant you restarted the computer not the program, that was the correct thing to have done. I am still researching this problem and as soon as I have other suggestions I WILL post back here right away. Do NOT continue with the Bleepingcomputer instructions at this point. We have to get AdwCleaner either to work or definitely find out why it will not work as it should before even attempting anything else so until then leave the computer turned OFF. I am sure your friend will not be pleased but she has a dangerously infected computer and it definitely should not be used at this point. I will post back in this thread as soon as I have something to post. Judy |
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 1, 2017 13:37:51 GMT -5
I'm ready when you are!!
|
|
|
|
Post by jholland1964 on Oct 1, 2017 15:05:38 GMT -5
I have no other answers at this time, I am still researching on what could be causing this problem. You could do this for me; Try in normal mode first please; Open AdwCleaner once more. Activate the debug mode (go to Tools > Options > tick "debug") see attached* Do a scan and a clean to trigger the crash. Then go to My Computer, double click C drive to open and then navigate to C:\AdwCleaner\AdwCleaner_Debug.log Come back here with that log. EDIT: F.Y.I. you are not alone with this problem, quite a few are having it. Post the debug log and by then I "may" have some more information. Also I have to leave for about an hour but I will be back. This is a mystery and those who know me well know that I do love a mystery. Tell your friend to be patient, we'll find the answer. Attachments:
|
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 1, 2017 15:56:29 GMT -5
It stopped cleaning about 1 inch on the green bar. Didn't close this time. Debug LOG:
2017-10-01 15:39:51.912 DEBUG [6596] [MainUI::buttonScanClicked@294] Scan button clicked (-31986)
2017-10-01 15:39:51.957 DEBUG [10936] [MainUI::Entry@1277] [+] Checking for update...
2017-10-01 15:39:53.620 DEBUG [10936] [AdwCleanerSDK::checkCA@272] OID: 1.2.840.113549.1.1.1
2017-10-01 15:39:53.620 DEBUG [10936] [AdwCleanerSDK::checkCA@289] [!] Issuer OK
2017-10-01 15:39:53.621 DEBUG [10936] [AdwCleanerSDK::checkCA@272] OID: 1.2.840.113549.1.1.1
2017-10-01 15:39:53.622 DEBUG [10936] [AdwCleanerSDK::checkCA@289] [!] Issuer OK
2017-10-01 15:39:55.131 DEBUG [10936] [AdwCleanerSDK::checkCA@272] OID: 1.2.840.113549.1.1.1
2017-10-01 15:39:55.132 DEBUG [10936] [AdwCleanerSDK::checkCA@289] [!] Issuer NOK
2017-10-01 15:39:55.133 DEBUG [10936] [AdwCleanerSDK::checkCA@272] OID: 1.2.840.113549.1.1.1
2017-10-01 15:39:55.133 DEBUG [10936] [AdwCleanerSDK::checkCA@289] [!] Issuer NOK
2017-10-01 15:39:56.070 DEBUG [10936] [AdwCleanerSDK::checkCA@272] OID: 1.2.840.113549.1.1.1
2017-10-01 15:39:56.070 DEBUG [10936] [AdwCleanerSDK::checkCA@289] [!] Issuer NOK
2017-10-01 15:39:56.071 DEBUG [10936] [AdwCleanerSDK::checkCA@272] OID: 1.2.840.113549.1.1.1
2017-10-01 15:39:56.071 DEBUG [10936] [AdwCleanerSDK::checkCA@289] [!] Issuer NOK
2017-10-01 15:39:57.178 DEBUG [10936] [AdwCleanerSDK::checkCA@272] OID: 1.2.840.113549.1.1.1
2017-10-01 15:39:57.178 DEBUG [10936] [AdwCleanerSDK::checkCA@289] [!] Issuer NOK
2017-10-01 15:39:57.530 DEBUG [10936] [AdwCleanerSDK::checkCA@272] OID: 1.2.840.113549.1.1.1
2017-10-01 15:39:57.530 DEBUG [10936] [AdwCleanerSDK::checkCA@289] [!] Issuer NOK
2017-10-01 15:39:57.770 DEBUG [10936] [AdwCleanerSDK::GetVersionServer@393] [+] Last version: 7.0.3.0.1
2017-10-01 15:39:57.770 DEBUG [10936] [MainUI::Entry@1297] [+] Initialize Scan...
2017-10-01 15:39:57.785 DEBUG [10936] [MainUI::Entry@1338] [+] Updating database.
2017-10-01 15:39:59.544 DEBUG [10936] [AdwCleanerSDK::Database::Database::checkUpdate@1250] [+] 1...
2017-10-01 15:39:59.544 DEBUG [10936] [AdwCleanerSDK::Database::Database::checkUpdate@1256] SUCCESS
2017-10-01 15:39:59.545 DEBUG [10936] [AdwCleanerSDK::Database::Database::checkUpdate@1259] [+] Checking for fresh definitions
2017-10-01 15:39:59.709 DEBUG [10936] [AdwCleanerSDK::Database::Database::loadnonce@278] [+] Nonce fresh: 038fb1306bc1bae9
2017-10-01 15:39:59.709 DEBUG [10936] [AdwCleanerSDK::Database::Database::loadnonce@279] [+] Nonce unfresh: 038fb1306bc1bae9
2017-10-01 15:39:59.709 DEBUG [10936] [AdwCleanerSDK::Database::Database::checkUpdate@1266] [!] You already have the latest definitions.
2017-10-01 15:39:59.709 DEBUG [10936] [MainUI::Entry@1388] [+] Doing some magic.
2017-10-01 15:39:59.709 DEBUG [10936] [AdwCleanerSDK::Database::Database::gennonce@1044] [+] DB loading (1)
2017-10-01 15:39:59.709 DEBUG [10936] [AdwCleanerSDK::Database::Database::gennonce@1059] Success
2017-10-01 15:39:59.710 DEBUG [10936] [AdwCleanerSDK::Database::Database::genkey@26] [+] DB loading (2)
2017-10-01 15:39:59.710 DEBUG [10936] [AdwCleanerSDK::Database::Database::genkey@108] Success
2017-10-01 15:39:59.710 DEBUG [10936] [AdwCleanerSDK::Database::Database::decrypt@1422] 2 - SUCCESS
2017-10-01 15:39:59.713 DEBUG [10936] [AdwCleanerSDK::Database::Database::decrypt@1439] 4 - SUCCESS
2017-10-01 15:39:59.777 DEBUG [10936] [AdwCleanerSDK::Database::Database::decrypt@1454] 5 - SUCCESS
2017-10-01 15:39:59.779 DEBUG [10936] [AdwCleanerSDK::Database::Database::decrypt@1467] 6 - SUCCESS
2017-10-01 15:39:59.780 DEBUG [10936] [AdwCleanerSDK::Database::Database::decrypt@1472] 7...
2017-10-01 15:39:59.835 DEBUG [10936] [AdwCleanerSDK::Database::Database::decrypt@1477] 0
2017-10-01 15:39:59.842 DEBUG [10936] [AdwCleanerSDK::Database::Database::decrypt@1502] Magic done.
2017-10-01 15:39:59.842 DEBUG [10936] [AdwCleanerSDK::Database::Database::decompress@1278] [+] Loading the database (4)
2017-10-01 15:39:59.843 DEBUG [10936] [AdwCleanerSDK::Database::Database::LoadHeaderFromJson@1022] 09-29-2017.1
2017-10-01 15:39:59.844 DEBUG [10936] [AdwCleanerSDK::Database::Database::LoadHeaderFromJson@1030] 2293
2017-10-01 15:41:04.999 DEBUG [10936] [MainUI::Entry@1426] [+] Starting scan.
2017-10-01 15:41:05.004 DEBUG [10936] [MainUI::Entry@1430] [+] Scanning for Generics.
2017-10-01 15:41:05.050 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::ProgramFiles@1734] [Heuristics]-1-
2017-10-01 15:41:05.770 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::AppDataCommonDir@1995] [Heuristics]-2-
2017-10-01 15:41:06.136 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::AppDataDir@2091] [Heuristics]-3-
2017-10-01 15:41:06.263 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Installer@2286] [Heuristics]-4-
2017-10-01 15:41:06.513 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Folders@2336] [Heuristics]-5-
2017-10-01 15:41:06.910 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Files@2423] [Heuristics]-6-
2017-10-01 15:41:06.913 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Keys@2617] [Heuristics]-7-
2017-10-01 15:41:07.846 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Data@2798] [Heuristics]-8-
2017-10-01 15:41:07.860 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Data@2804] [Heuristics]-8-1
2017-10-01 15:41:07.902 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Data@2808] [Heuristics]-8-2
2017-10-01 15:41:07.902 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Data@2811] [Heuristics]-8-3
2017-10-01 15:41:07.903 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Data@2814] [Heuristics]-8-4
2017-10-01 15:41:07.903 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Data@2817] [Heuristics]-8-5
2017-10-01 15:41:07.905 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Data@2823] [Heuristics]-8-6
2017-10-01 15:41:07.907 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Value@2979] [Heuristics]-9-
2017-10-01 15:41:07.909 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::TaskName@3003] [Heuristics]-10-
2017-10-01 15:41:07.977 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::TaskContent@3061] [Heuristics]-11-
2017-10-01 15:41:10.651 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::ServicesName@3142] [Heuristics]-12-
2017-10-01 15:41:10.766 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::ServicesContent@3223] [Heuristics]-13-
2017-10-01 15:41:10.987 DEBUG [10936] [AdwCleanerSDK::Generic::Generics::Registry@3355] [Heuristics]-14-
2017-10-01 15:41:11.232 DEBUG [10936] [MainUI::Entry@1458] [+] Scanning for services.
2017-10-01 15:41:23.161 DEBUG [10936] [MainUI::Entry@1479] [+] Scanning for folders.
2017-10-01 15:41:32.404 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\ProgramData\IObit\Advanced SystemCare
2017-10-01 15:41:32.405 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\ProgramData\Application Data\IObit\Advanced SystemCare
2017-10-01 15:41:32.406 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
2017-10-01 15:41:32.407 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\Program Files (x86)\IObit\Advanced SystemCare
2017-10-01 15:41:32.407 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
2017-10-01 15:41:32.408 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
2017-10-01 15:41:32.409 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\Users\All Users\IObit\Advanced SystemCare
2017-10-01 15:41:32.418 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\Users\Dave&Toni\AppData\LocalLow\IObit\Advanced SystemCare
2017-10-01 15:41:32.419 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\Users\Dave&Toni\AppData\Roaming\IObit\Advanced SystemCare
2017-10-01 15:41:32.438 DEBUG [10936] [MainUI::Entry@1489] [!] Family PUP.Optional.AdvancedSystemCare |Folders Found: 9
2017-10-01 15:41:55.071 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\ProgramData\BoostSoftware
2017-10-01 15:41:55.072 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\ProgramData\Application Data\BoostSoftware
2017-10-01 15:41:55.075 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\Users\All Users\BoostSoftware
2017-10-01 15:43:10.942 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\ProgramData\IObit\ASCDownloader
2017-10-01 15:43:10.943 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\ProgramData\Application Data\IObit\ASCDownloader
2017-10-01 15:43:10.947 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\Users\All Users\IObit\ASCDownloader
2017-10-01 15:43:13.689 DEBUG [10936] [MainUI::Entry@1489] [!] Family PUP.Optional.Legacy |Folders Found: 6
2017-10-01 15:43:27.516 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\Users\Dave&Toni\AppData\Roaming\Device
2017-10-01 15:43:27.542 DEBUG [10936] [MainUI::Entry@1489] [!] Family Adware.Popups |Folders Found: 1
2017-10-01 15:44:10.259 DEBUG [10936] [AdwCleanerSDK::Folders::ScanFolder@34] [!] Found folder: C:\Users\Dave&Toni\AppData\Roaming\serv
2017-10-01 15:44:10.276 DEBUG [10936] [MainUI::Entry@1489] [!] Family Trojan.FakeAlert |Folders Found: 1
2017-10-01 15:44:23.836 DEBUG [10936] [MainUI::Entry@1498] [+] Scanning for files.
2017-10-01 15:44:54.571 DEBUG [10936] [AdwCleanerSDK::Files::ScanFile@49] [!] Found File (2): C:/Users\All Users\Desktop\Smart Defrag 5.lnk
2017-10-01 15:44:54.572 DEBUG [10936] [AdwCleanerSDK::Files::ScanFile@49] [!] Found File (2): C:/Users\Public\Desktop\Smart Defrag 5.lnk
2017-10-01 15:44:54.575 DEBUG [10936] [MainUI::Entry@1508] [!] Family PUP.Optional.Legacy |Files Found: 2
2017-10-01 15:45:13.239 DEBUG [10936] [AdwCleanerSDK::Files::ScanFile@39] [!] Found File (1): C:\Users\Dave&Toni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster 3.lnk
2017-10-01 15:45:13.254 DEBUG [10936] [MainUI::Entry@1508] [!] Family PUP.Optional.DriverBooster |Files Found: 1
2017-10-01 15:45:13.978 DEBUG [10936] [MainUI::Entry@1517] [+] Scanning for DLL.
2017-10-01 15:45:13.978 DEBUG [10936] [MainUI::Entry@1522] [!] WIP.
2017-10-01 15:45:13.978 DEBUG [10936] [MainUI::Entry@1527] [+] Scanning for WMI.
2017-10-01 15:45:14.054 DEBUG [10936] [MainUI::Entry@1545] [+] Scanning for Shortcuts.
2017-10-01 15:45:14.721 DEBUG [10936] [MainUI::Entry@1553] [+] Scanning for Scheduled Tasks.
2017-10-01 15:45:15.522 DEBUG [10936] [AdwCleanerSDK::Tasks::ScanTask@48] [!] Task found (10): Driver Booster Scheduler
2017-10-01 15:45:16.434 DEBUG [10936] [MainUI::Entry@1564] [!] Family PUP.Optional.Legacy |Tasks Found: 1
2017-10-01 15:45:17.164 DEBUG [10936] [MainUI::Entry@1571] [+] Scanning for Registry.
2017-10-01 15:45:17.182 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
2017-10-01 15:45:17.200 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
2017-10-01 15:45:17.211 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
2017-10-01 15:45:17.213 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\duvmkqu6ebwqz.cloudfront.net
2017-10-01 15:45:17.213 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dwq4do82y8xi7.cloudfront.net
2017-10-01 15:45:17.309 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com
2017-10-01 15:45:17.336 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\weatherblink.dl.tb.ask.com
2017-10-01 15:45:17.344 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
2017-10-01 15:45:17.381 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.shopathome.com
2017-10-01 15:45:17.405 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\download.driversupport.com
2017-10-01 15:45:17.405 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driversupport.com
2017-10-01 15:45:17.428 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\download.driversupport.com
2017-10-01 15:45:17.429 DEBUG [10936] [AdwCleanerSDK::Registry::ScanDomStorageKeys@400] [!] FOUND (DSK): Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driversupport.com
2017-10-01 15:45:17.777 DEBUG [10936] [AdwCleanerSDK::Registry::ScanFirewallPoliciesKeys@1264] [!] FOUND (Firewall Policies): SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{468B395C-4970-4D20-AEF6-07603A1C38AA}\v2.26|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe|Name=SP_FF|
2017-10-01 15:45:17.778 DEBUG [10936] [AdwCleanerSDK::Registry::ScanFirewallPoliciesKeys@1264] [!] FOUND (Firewall Policies): SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{18422512-8D37-4CCB-B3C4-A2788EFD6205}\v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe|Name=SP_FF|
2017-10-01 15:45:21.162 DEBUG [10936] [AdwCleanerSDK::Registry::ScanSoftware@55] [!] FOUND (Software): SOFTWARE\IOBIT\ASC
2017-10-01 15:45:21.184 DEBUG [10936] [AdwCleanerSDK::Registry::ScanOtherRegElts@2928] [!] FOUND: SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
2017-10-01 15:45:21.184 DEBUG [10936] [AdwCleanerSDK::Registry::ScanOtherRegElts@2928] [!] FOUND: SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
2017-10-01 15:45:21.185 DEBUG [10936] [AdwCleanerSDK::Registry::ScanOtherRegElts@2928] [!] FOUND: SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
2017-10-01 15:45:21.185 DEBUG [10936] [AdwCleanerSDK::Registry::ScanOtherRegElts@2928] [!] FOUND: SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
2017-10-01 15:45:21.185 DEBUG [10936] [MainUI::Entry@1604] [!] Family PUP.Optional.AdvancedSystemCare |Registry Found: 5
2017-10-01 15:45:40.515 DEBUG [10936] [AdwCleanerSDK::Registry::ScanSoftware@55] [!] FOUND (Software): SOFTWARE\BoostSoftware
2017-10-01 15:46:33.479 DEBUG [10936] [AdwCleanerSDK::Registry::ScanGUID@218] [!] FOUND (GUID): Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
2017-10-01 15:48:35.958 DEBUG [10936] [MainUI::Entry@1604] [!] Family PUP.Optional.Legacy |Registry Found: 13
2017-10-01 15:48:36.943 DEBUG [10936] [AdwCleanerSDK::Registry::wstringtohive@2988] [!] Malformed hive.HKEY
2017-10-01 15:48:54.493 DEBUG [10936] [MainUI::Entry@1604] [!] Family PUP.Optional.DriverAgent |Registry Found: 4
2017-10-01 15:49:13.814 DEBUG [10936] [MainUI::Entry@1614] [+] Scanning for Web Browsers.
2017-10-01 15:49:13.825 DEBUG [10936] [MainUI::Entry@1617] Firefox based
2017-10-01 15:49:14.393 DEBUG [10936] [AdwCleanerSDK::Firefox::Scan@274] [!] Found Firefox Extension: iobitascsurfingprotection@iobit.comAdvanced SystemCare Surfing Protection
2017-10-01 15:49:14.415 DEBUG [10936] [MainUI::Entry@1624] Chromium based
2017-10-01 15:49:15.161 DEBUG [10936] [MainUI::Entry@1637] [?] - gen.
2017-10-01 15:49:15.993 DEBUG [10936] [MainUI::Entry@1641] [?] - gen 2.
2017-10-01 15:49:16.591 DEBUG [10936] [AdwCleanerSDK::Telemetry::DSE::SendStats@705] 201
2017-10-01 15:49:16.591 DEBUG [10936] [MainUI::Entry@1645] [?] - gen 3.
2017-10-01 15:49:16.591 DEBUG [10936] [MainUI::Entry@1648] [+] Writing logfile...
2017-10-01 15:49:16.591 DEBUG [10936] [MainUI::Entry@1650] [+] Done.
2017-10-01 15:49:17.117 DEBUG [6596] [MainUI::OnThreadUpdate@1846] [+] Generating results...
2017-10-01 15:49:34.223 DEBUG [6596] [MainUI::buttonCleanClicked@316] Clean button clicked (-31986)
2017-10-01 15:49:38.041 DEBUG [6596] [MainUI::buttonCleanClicked@338] [+] Retrieve results...
2017-10-01 15:49:38.089 DEBUG [6596] [MainUI::buttonCleanClicked@516] [+] Results retrieved - cleaning...
2017-10-01 15:49:38.096 DEBUG [13140] [AdwCleanerSDK::KillProcesses@168] [!] Killing processes.
2017-10-01 15:49:38.097 DEBUG [13140] [AdwCleanerSDK::KillProcesses@176] [!] Got enough permissions.
2017-10-01 15:49:38.115 DEBUG [13140] [AdwCleanerSDK::KillProcesses@237] [!] OpenProcess - [System Process] 87
2017-10-01 15:49:38.119 DEBUG [13140] [AdwCleanerSDK::KillProcesses@237] [!] OpenProcess - System 5
2017-10-01 15:49:38.123 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - smss.exe
2017-10-01 15:49:38.124 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - csrss.exe
2017-10-01 15:49:38.124 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - csrss.exe
2017-10-01 15:49:38.126 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - wininit.exe
2017-10-01 15:49:38.128 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - winlogon.exe
2017-10-01 15:49:38.131 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - services.exe
2017-10-01 15:49:38.133 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - lsass.exe
2017-10-01 15:49:38.137 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.140 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.140 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - fontdrvhost.exe
2017-10-01 15:49:38.141 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - fontdrvhost.exe
2017-10-01 15:49:38.143 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.145 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.145 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - dwm.exe
2017-10-01 15:49:38.147 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.149 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.152 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing IMFsrv.exe
2017-10-01 15:49:38.156 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.160 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.164 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.167 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.171 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.174 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.178 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.181 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.185 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.189 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.193 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.194 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - dasHost.exe
2017-10-01 15:49:38.196 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.199 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.201 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.203 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.205 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.207 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.210 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing igfxCUIService.exe
2017-10-01 15:49:38.213 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.216 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.219 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.222 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - RtkAudioService64.exe
2017-10-01 15:49:38.224 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - RAVBg64.exe
2017-10-01 15:49:38.227 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - RAVBg64.exe
2017-10-01 15:49:38.229 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.231 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.234 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.238 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.240 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.242 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - spoolsv.exe
2017-10-01 15:49:38.243 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.245 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.247 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.249 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.252 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.255 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.258 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.260 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.262 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.264 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing Jhi_service.exe
2017-10-01 15:49:38.268 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing HeciServer.exe
2017-10-01 15:49:38.271 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - mfevtps.exe
2017-10-01 15:49:38.275 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing SMService.exe
2017-10-01 15:49:38.281 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing IUService.exe
2017-10-01 15:49:38.285 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.290 DEBUG [13140] [AdwCleanerSDK::KillProcesses@237] [!] OpenProcess - SecurityHealthService.exe 5
2017-10-01 15:49:38.295 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing LiveUpdate.exe
2017-10-01 15:49:38.298 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - mfemms.exe
2017-10-01 15:49:38.303 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing PEFService.exe
2017-10-01 15:49:38.307 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.310 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.313 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.317 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.322 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing SynTPEnhService.exe
2017-10-01 15:49:38.328 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing ModuleCoreService.exe
2017-10-01 15:49:38.335 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing OfficeClickToRun.exe
2017-10-01 15:49:38.339 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.341 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - MBAMService.exe
2017-10-01 15:49:38.345 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.349 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.351 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - mfevtps.exe
2017-10-01 15:49:38.355 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.358 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.362 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.365 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.369 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.372 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.376 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.379 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.382 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - sihost.exe
2017-10-01 15:49:38.388 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing PresentationFontCache.exe
2017-10-01 15:49:38.392 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.397 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.398 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - explorer.exe
2017-10-01 15:49:38.403 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing ClassicStart.exe
2017-10-01 15:49:38.408 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing wtc.exe
2017-10-01 15:49:38.413 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - taskhostw.exe
2017-10-01 15:49:38.418 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing SynTPEnh.exe
2017-10-01 15:49:38.429 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing SmartDefrag.exe
2017-10-01 15:49:38.433 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - mbamtray.exe
2017-10-01 15:49:38.438 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing mfefire.exe
2017-10-01 15:49:38.443 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing McSvHost.exe
2017-10-01 15:49:38.454 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing igfxEM.exe
2017-10-01 15:49:38.462 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing igfxHK.exe
2017-10-01 15:49:38.462 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.478 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing SynTPHelper.exe
2017-10-01 15:49:38.478 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - RAVBg64.exe
2017-10-01 15:49:38.478 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing StartMenu_Hook.exe
2017-10-01 15:49:38.493 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - SearchIndexer.exe
2017-10-01 15:49:38.493 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - unsecapp.exe
2017-10-01 15:49:38.493 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing ShellExperienceHost.exe
2017-10-01 15:49:38.509 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - WmiPrvSE.exe
2017-10-01 15:49:38.509 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing ModuleCoreService.exe
2017-10-01 15:49:38.509 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - conhost.exe
2017-10-01 15:49:38.525 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing RuntimeBroker.exe
2017-10-01 15:49:38.525 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - InstallServices.exe
2017-10-01 15:49:38.525 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing UninstallMonitor.exe
2017-10-01 15:49:38.540 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing CLMLSvc_P2G8.exe
2017-10-01 15:49:38.540 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing McUICnt.exe
2017-10-01 15:49:38.540 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.556 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - smartscreen.exe
2017-10-01 15:49:38.556 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing SettingSyncHost.exe
2017-10-01 15:49:38.556 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing MSASCuiL.exe
2017-10-01 15:49:38.556 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - RtkNGUI64.exe
2017-10-01 15:49:38.572 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing MfeAVSvc.exe
2017-10-01 15:49:38.572 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - RAVBg64.exe
2017-10-01 15:49:38.587 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing dllhost.exe
2017-10-01 15:49:38.587 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing ONENOTEM.EXE
2017-10-01 15:49:38.603 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing hpwuschd2.exe
2017-10-01 15:49:38.603 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.603 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - CCleaner64.exe
2017-10-01 15:49:38.618 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing IMF.exe
2017-10-01 15:49:38.618 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing McCSPServiceHost.exe
2017-10-01 15:49:38.634 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.634 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.634 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.634 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing mcapexe.exe
2017-10-01 15:49:38.650 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing mfefire.exe
2017-10-01 15:49:38.665 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.665 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - IAStorDataMgrSvc.exe
2017-10-01 15:49:38.665 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - LMS.exe
2017-10-01 15:49:38.665 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.681 DEBUG [13140] [AdwCleanerSDK::KillProcesses@237] [!] OpenProcess - Memory Compression 5
2017-10-01 15:49:38.681 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.681 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing UNS.exe
2017-10-01 15:49:38.697 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - SearchUI.exe
2017-10-01 15:49:38.697 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.697 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing CompatTelRunner.exe
2017-10-01 15:49:38.697 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - conhost.exe
2017-10-01 15:49:38.712 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing CompatTelRunner.exe
2017-10-01 15:49:38.712 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing IMFTips.exe
2017-10-01 15:49:38.712 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing WmiApSrv.exe
2017-10-01 15:49:38.712 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.728 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.728 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - svchost.exe
2017-10-01 15:49:38.728 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - WmiPrvSE.exe
2017-10-01 15:49:38.743 DEBUG [13140] [AdwCleanerSDK::KillProcesses@241] [!] Killing TrustedInstaller.exe
2017-10-01 15:49:38.743 DEBUG [13140] [AdwCleanerSDK::KillProcesses@248] [!] Process whitelisted - audiodg.exe
2017-10-01 15:49:38.743 DEBUG [13140] [MainUI::Entry@1681] [!] Got enough permissions.
2017-10-01 15:49:38.743 DEBUG [13140] [MainUI::Entry@1692] [+] Cleaning services.
2017-10-01 15:49:38.743 DEBUG [13140] [MainUI::Entry@1699] [+] Cleaning folders.
2017-10-01 15:49:38.743 DEBUG [13140] [AdwCleanerSDK::Folders::CleanFolder@74] [!] Removing C:\ProgramData\IObit\Advanced SystemCare
2017-10-01 15:49:38.743 DEBUG [13140] [AdwCleanerSDK::Folders::CleanFolder@115] [!] Correctly changed permissions
2017-10-01 15:49:38.743 DEBUG [13140] [AdwCleanerSDK::Quarantine::Add@137] [+] Adding C:/ProgramData/IObit/Advanced SystemCare to quarantine.
2017-10-01 15:49:38.868 DEBUG [13140] [AdwCleanerSDK::Quarantine::Add@173] Quarantine index recreation...
2017-10-01 15:49:38.884 DEBUG [13140] [AdwCleanerSDK::Quarantine::Add@178] 0
2017-10-01 15:49:38.884 DEBUG [13140] [AdwCleanerSDK::Quarantine::Add@203] [!] Success.
2017-10-01 15:49:38.915 DEBUG [13140] [AdwCleanerSDK::Folders::CleanFolder@126] 1
2017-10-01 15:49:38.915 DEBUG [13140] [AdwCleanerSDK::Folders::CleanFolder@70] [!] It's not a directory! C:/ProgramData/Application Data/IObit/Advanced SystemCare
2017-10-01 15:49:38.915 DEBUG [13140] [AdwCleanerSDK::Folders::CleanFolder@70] [!] It's not a directory! C:/Windows/System32/config/systemprofile/AppData/Roaming/IObit/Advanced SystemCare
2017-10-01 15:49:38.915 DEBUG [13140] [AdwCleanerSDK::Folders::CleanFolder@74] [!] Removing C:\Program Files (x86)\IObit\Advanced SystemCare
2017-10-01 15:49:38.915 DEBUG [13140] [AdwCleanerSDK::ChangeDirectoryAttribute@1037] [+] Changing folder permissions: 54D1FEFC-58E2-443F-BE95-C49E0FDFFB63
2017-10-01 15:49:38.931 DEBUG [13140] [AdwCleanerSDK::ChangeDirectoryAttribute@1037] [+] Changing folder permissions: amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.14393.953_none_a336699d9b5f0751
|
|
|
|
Post by jholland1964 on Oct 1, 2017 17:05:14 GMT -5
Thanks. Hopefully I will be back soon with some more information.
Can you please do a brand new Malwarebytes scan and of course have it clean everything. Post back with the new log.
|
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 1, 2017 17:48:44 GMT -5
Malwarebytes www.malwarebytes.com-Log Details- Scan Date: 10/1/17 Scan Time: 5:38 PM Log File: 3944385c-a6f9-11e7-8fed-74867a12633e.json Administrator: Yes -Software Information- Version: 3.2.2.2029 Components Version: 1.0.188 Update Package Version: 1.0.2929 License: Trial -System Information- OS: Windows 10 (Build 15063.632) CPU: x64 File System: NTFS User: MOTORHOME\Dave&Toni -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 373749 Threats Detected: 25 Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 4 min, 37 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 11 PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0\_locales\en, No Action By User, [1968], [362981],1.0.2929 PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0\html\popup, No Action By User, [1968], [362981],1.0.2929 PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0\_metadata, No Action By User, [1968], [362981],1.0.2929 PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0\js\popup, No Action By User, [1968], [362981],1.0.2929 PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0\_locales, No Action By User, [1968], [362981],1.0.2929 PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0\newtab, No Action By User, [1968], [362981],1.0.2929 PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0\html, No Action By User, [1968], [362981],1.0.2929 PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0\css, No Action By User, [1968], [362981],1.0.2929 PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0\js, No Action By User, [1968], [362981],1.0.2929 PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0, No Action By User, [1968], [362981],1.0.2929 PUP.Optional.Spigot.Generic, C:\USERS\DAVE&TONI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LMIBDMEEHGGMJLPIAFCBANAAECAGCFMG, No Action By User, [1968], [362981],1.0.2929 File: 14 PUP.Optional.Spigot.Generic, C:\USERS\DAVE&TONI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LMIBDMEEHGGMJLPIAFCBANAAECAGCFMG\6.0_0\BACKGROUND.JS, No Action By User, [1968], [362981],1.0.2929 PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0\css\description.css, No Action By User, [1968], [362981],1.0.2929 PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0\css\popup.css, No Action By User, [1968], [362981],1.0.2929 PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0\html\popup\description.html, No Action By User, [1968], [362981],1.0.2929 PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0\html\popup\popup.html, No Action By User, [1968], [362981],1.0.2929 PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0\js\popup\popup.js, No Action By User, [1968], [362981],1.0.2929 PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0\js\userNewTab.js, No Action By User, [1968], [362981],1.0.2929 PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0\newtab\newtab.html, No Action By User, [1968], [362981],1.0.2929 PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0\_locales\en\messages.json, No Action By User, [1968], [362981],1.0.2929 PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0\_metadata\computed_hashes.json, No Action By User, [1968], [362981],1.0.2929 PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0\_metadata\verified_contents.json, No Action By User, [1968], [362981],1.0.2929 PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0\contentscript.js, No Action By User, [1968], [362981],1.0.2929 PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0\icon.png, No Action By User, [1968], [362981],1.0.2929 PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0\manifest.json, No Action By User, [1968], [362981],1.0.2929 Physical Sector: 0 (No malicious items detected) (end) |
|
|
|
Post by jholland1964 on Oct 1, 2017 18:24:09 GMT -5
You Did NOT tell the program to clean as noted by all of the listings in the log, examples:
Folder: 11- all of them are like this
PUP.Optional.Spigot.Generic, C:\Users\Dave&Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg\6.0_0\_locales\en, No Action By User, [1968], [362981],1.0.2929
File: 14 - all of them are like this
PUP.Optional.Spigot.Generic, C:\USERS\DAVE&TONI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LMIBDMEEHGGMJLPIAFCBANAAECAGCFMG\6.0_0\BACKGROUND.JS, No Action By User, [1968], [362981],1.0.2929
You DO have to make sure that all items found are marked for quarantine/removal and you did not do this.
Also, BAD news, all of these listings are BRAND NEW. None of them were found in the first scan and none of these are listed in any of the AdwCleaner findings either. So something is very much still at work bringing in malware.
All of the listings also are in CHROME in all of the logs. In the AdwCleaner log there was one listing for Firefox and that was a plug in for Advanced SystemCare Surfing Protection
I presume Chrome is her default browser. It is grossly infected. Personally, I would not use it. Everytime you use it it is bringing in more malware
You need to run Malwarebytes 3 again and this time please have it clean everything found.
Come back and post that log. Make sure that cleaning WAS done.
|
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 1, 2017 18:35:44 GMT -5
Sorry, I should of scrolled the results instead of assuming all were like the ones I could see that were checked. Scanning now.
|
|
|
|
Post by jholland1964 on Oct 1, 2017 18:40:39 GMT -5
Sorry, I should of scrolled the results instead of assuming all were like the ones I could see that were checked. Scanning now. None of the findings were checked, if they had been checked then there would ones listed in the logs as Quarantined no entries have that listing, every single finding shows No Action By User |
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 1, 2017 18:45:45 GMT -5
Malwarebytes www.malwarebytes.com-Log Details- Scan Date: 10/1/17 Scan Time: 6:33 PM Log File: e4675fdc-a700-11e7-8dac-74867a12633e.json Administrator: Yes -Software Information- Version: 3.2.2.2029 Components Version: 1.0.188 Update Package Version: 1.0.2929 License: Trial -System Information- OS: Windows 10 (Build 15063.632) CPU: x64 File System: NTFS User: MOTORHOME\Dave&Toni -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 373868 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 4 min, 16 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) |
|
|
|
Post by jholland1964 on Oct 1, 2017 18:54:05 GMT -5
Did you run two more scans since the one you ran at 5:38 PM? This latest log shows nothing found but the previous one posted had 11 folders and 14 files that all held not cleaned malware. There should be a log showing that all of those items were quarantined.
Look in the logs again and be sure that you didn't run the program two more times because this is extremely odd if you did not do that
|
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 1, 2017 19:02:58 GMT -5
Only reports from today were 10/1/17 5:38PM & 10/1/17 6:33PM.
That looked weird to me also!
|
|
|
|
Post by jholland1964 on Oct 1, 2017 19:07:55 GMT -5
Only reports from today were 10/1/17 5:38PM & 10/1/17 6:33PM. That looked weird to me also! Ok, well it may be you hit the show log button before the program did its cleaning. I now want you to do something else; I would like you to try to run AdwCleaner again, with McAfee turned off but the computer in Normal Mode, Not Safe mode. When you run it and it shows you the items found that need cleaning uncheck every registry element detected before pushing the Clean button and hopefully the program will finish as it should finish. There were 22 registry elements detected in the previous logs so count and be sure that you have at least that many. If there are now more than that of course take those check marks out too. You don't want ANY check marks in those registry entries before hitting Clean. Of course the program will reboot the computer in order to complete the cleaning, please allow it to do so. When the computer comes back on a log should pop up. Copy/paste that log here. Keep your fingers crossed. |
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 1, 2017 19:27:10 GMT -5
# AdwCleaner 7.0.3.1 - Logfile created on Mon Oct 02 00:19:26 2017 # Updated on 2017/29/09 by Malwarebytes # Running on Windows 10 Home (X64) # Mode: clean # Support: www.malwarebytes.com/support***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** No malicious registry entries deleted. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [5574 B] - [2017/10/1 5:23:41] C:/AdwCleaner/AdwCleaner[S1].txt - [5395 B] - [2017/10/1 5:32:18] C:/AdwCleaner/AdwCleaner[S2].txt - [5708 B] - [2017/10/1 20:49:16] C:/AdwCleaner/AdwCleaner[S3].txt - [5530 B] - [2017/10/2 0:16:27] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## |
|
|
|
Post by jholland1964 on Oct 1, 2017 19:41:52 GMT -5
Well it made it through clean...However;
The previous scan logs showed, besides those registry findings, these listings:
Did NONE of these show in this scan??? I ask this because the listings say;
It doesn't say if there were any of these there, like there were in the other scans.
Were the listings I noted in the scan results? If so those SHOULD HAVE had check marks next to them so that they could be cleaned. Only ones that shouldn't have check marks were the registry findings.
Please go to C:\AdwCleaner\ and look for the scan log for this run. Post it here.
|
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 1, 2017 19:50:55 GMT -5
I think I misunderstood which ones were registry. # AdwCleaner 7.0.3.1 - Logfile created on Mon Oct 02 00:16:27 2017 # Updated on 2017/29/09 by Malwarebytes # Database: 09-29-2017.1 # Running on Windows 10 Home (X64) # Mode: scan # Support: www.malwarebytes.com/support***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Users\Dave&Toni\AppData\LocalLow\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Users\Dave&Toni\AppData\Roaming\IObit\Advanced SystemCare PUP.Optional.Legacy, C:\ProgramData\BoostSoftware PUP.Optional.Legacy, C:\ProgramData\Application Data\BoostSoftware PUP.Optional.Legacy, C:\Users\All Users\BoostSoftware PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader PUP.Optional.Legacy, C:\ProgramData\Application Data\IObit\ASCDownloader PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader Adware.Popups, C:\Users\Dave&Toni\AppData\Roaming\Device Trojan.FakeAlert, C:\Users\Dave&Toni\AppData\Roaming\serv ***** [ Files ] ***** PUP.Optional.Legacy, C:\Users\All Users\Desktop\Smart Defrag 5.lnk PUP.Optional.Legacy, C:\Users\Public\Desktop\Smart Defrag 5.lnk PUP.Optional.DriverBooster, C:\Users\Dave&Toni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster 3.lnk ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** PUP.Optional.Legacy, Driver Booster Scheduler ***** [ Registry ] ***** PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IOBIT\ASC PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\duvmkqu6ebwqz.cloudfront.net PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dwq4do82y8xi7.cloudfront.net PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\weatherblink.dl.tb.ask.com PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.shopathome.com PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {468B395C-4970-4D20-AEF6-07603A1C38AA} PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {18422512-8D37-4CCB-B3C4-A2788EFD6205} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\BoostSoftware PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} PUP.Optional.DriverAgent, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\download.driversupport.com PUP.Optional.DriverAgent, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driversupport.com PUP.Optional.DriverAgent, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\download.driversupport.com PUP.Optional.DriverAgent, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driversupport.com ***** [ Firefox (and derivatives) ] ***** PUP.Optional.Legacy, Plugin found: Advanced SystemCare Surfing Protection - IObit ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [5574 B] - [2017/10/1 5:23:41] C:/AdwCleaner/AdwCleaner[S1].txt - [5395 B] - [2017/10/1 5:32:18] C:/AdwCleaner/AdwCleaner[S2].txt - [5708 B] - [2017/10/1 20:49:16] ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ########## |
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 1, 2017 19:54:21 GMT -5
Should I do it again?
|
|
