# ------------------------------- # Malwarebytes AdwCleaner 7.2.0.0 # ------------------------------- # Build: 06-05-2018 # Database: 2018-04-24.1 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 08-10-2018 # Duration: 00:00:26 # OS: Windows 7 Professional # Cleaned: 133 # Failed: 0 ***** [ Services ] ***** Deleted snare Deleted GameExplorerUpdate Deleted Kitty Deleted WinSAPSvc Deleted AdvancedSystemCareService10 ***** [ Folders ] ***** Deleted C:\Users\Pavel\AppData\Local\snare Deleted C:\Users\Pavel\AppData\Local\3DM Deleted C:\Program Files\f09er35s Deleted C:\Program Files\MK Deleted C:\Windows\Update\psgo Deleted C:\Program Files (x86)\Dohat Deleted C:\Users\Pavel\AppData\Local\Dohat Deleted C:\ProgramData\IObit\Advanced SystemCare Deleted C:\Program Files (x86)\IObit\Advanced SystemCare Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare Deleted C:\Users\Pavel\AppData\LocalLow\IObit\Advanced SystemCare Deleted C:\Users\Pavel\AppData\Roaming\IObit\Advanced SystemCare Deleted C:\Program Files (x86)\Amazon Browser Settings Deleted C:\Users\Pavel\AppData\Local\Amazon Browser Settings Deleted C:\ProgramData\DriverAgentPlus Deleted C:\Users\Pavel\AppData\Roaming\DriverAgentPlus Deleted C:\Windows\Installer\{4D0A0750-B034-4DF8-97DE-26F1212AC2FF} Deleted C:\Users\Pavel\AppData\Roaming\WinSAPSvc Deleted C:\Program Files (x86)\AlphaGo Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare Deleted C:\ProgramData\IObit\ASCDownloader Deleted C:\Users\Public\Documents\Downloaded Installers Deleted C:\ProgramData\Uniblue Deleted C:\Users\Pavel\AppData\Roaming\Firefox Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Solvusoft ***** [ Files ] ***** Deleted C:\Windows\System32\REGISTRYDEFRAGBOOTTIME.EXE Deleted C:\Users\Pavel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DriverAgent Plus.lnk Deleted C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\heluvsn7.default\searchplugins\ourluckysites.xml Deleted C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\heluvsn7.default\searchplugins\ask-web-search.xml Deleted C:\Users\Public\Desktop\Advanced SystemCare 10.lnk Deleted C:\Windows\System32\log\iSafeKrnlCall.log Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Facebook.lnk Deleted C:\Windows\System32\drivers\swdumon.sys Deleted C:\Users\Public\Documents\temp.dat Deleted C:\Users\Public\Documents\report.dat ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted C:\Windows\System32\Tasks\Windows-PG Deleted C:\Windows\System32\Tasks\ASC10_SKIPUAC_PAVEL Deleted C:\Windows\System32\Tasks\ASC10_PerformanceMonitor Deleted C:\Windows\System32\Tasks\DistromaticUpdater-logon Deleted C:\Windows\System32\Tasks\DistromaticSearchProtect-hourly Deleted C:\Windows\System32\Tasks\DistromaticUpdater-periodic Deleted C:\Windows\System32\Tasks\DistromaticSearchProtect-logon Deleted C:\Windows\System32\Tasks\Driver Booster Scheduler ***** [ Registry ] ***** Deleted HKLM\Software\Wow6432Node\{84416237-6490-494D-9AD6-4994DD978971} Deleted HKLM\Software\Wow6432Node\Elex-tech Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|SNARE Deleted HKLM\Software\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS Deleted HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87C26C58-5965-47B2-AA2D-C891C6AA22E9} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87C26C58-5965-47B2-AA2D-C891C6AA22E9} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows-PG Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\snare Deleted HKLM\Software\Wow6432Node\initialpage123Software Deleted HKCU\SOFTWARE\5205320FD9D639ADE8F2814F49693C4E Deleted HKLM\Software\Wow6432Node\5205320FD9D639ADE8F2814F49693C4E Deleted HKLM\SOFTWARE\5205320FD9D639ADE8F2814F49693C4E Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{974FABE3-3F5A-4F7C-9024-E02D7C08FB86} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{974FABE3-3F5A-4F7C-9024-E02D7C08FB86} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC10_SkipUac_Pavel Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector Deleted HKCU\Software\IObit\Advanced SystemCare Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare Deleted HKLM\Software\Wow6432Node\IOBIT\ASC Deleted HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare Deleted HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare Deleted HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare Deleted HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare Deleted HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B} Deleted HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B} Deleted HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99} Deleted HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5AED9E1-0ADB-4CF4-BD47-5A9E4048E672} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC10_PerformanceMonitor Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|DriverAgentPlusHelper Deleted HKCU\Software\ESUPPORT.COM\DriverAgent Plus Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DriverAgent-Plus_is1 Deleted HKCU\Software\csastats Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Advanced SystemCare 10 Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E1AF73C7-0C82-4D66-829E-16B29FBBF384} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1 Deleted HKLM\Software\InterSect Alliance Deleted HKU\S-1-5-18\Software\ecb`nl Deleted HKU\.DEFAULT\Software\ecb`nl Deleted HKLM\Software\Wow6432Node\ecb`nl Deleted HKLM\Software\ecb`nl Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Assistant Deleted HKLM\Software\Wow6432Node\Uniblue Deleted HKCU\Software\distromatic Deleted HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot Deleted HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost|3DM Deleted HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost|Kitty Deleted HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost|WinSAPSvc Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA84D7BB-8AD1-444E-82E1-5A23E7801A70} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-logon Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E24BBDBC-8F21-4FB6-ADB4-30152D0301BB} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E24BBDBC-8F21-4FB6-ADB4-30152D0301BB} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticSearchProtect-hourly Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{784A6A5F-E98F-4044-9446-2C660C3AC230} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{784A6A5F-E98F-4044-9446-2C660C3AC230} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-periodic Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A871D479-EFA1-4AC5-8092-F3A961B45C52} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticSearchProtect-logon Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27A5C773-18D8-4E83-A786-A841185ECE83} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Default_Page_URL Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main|Search Page Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main|Default_Search_URL Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Search Page Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Default_Search_URL Deleted HKCU\Software\PRODUCTSETUP Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc Deleted HKLM\SOFTWARE\Classes\Applications\DriverDocSetup.exe Deleted HKLM\Software\Wow6432Node\ourluckysitesSoftware ***** [ Chromium (and derivatives) ] ***** Deleted Search App ***** [ Chromium URLs ] ***** Deleted ourluckysites Deleted http://www.initialpage123.com/?z=864ee0f9930d03d5c327830g4z1t3o0g4m2occfcbo&from=dam&uid=WDCXWD2500YD-01NVB1_WD-WCANK415674956749&type=hp Deleted http://www.initialpage123.com/?z=864ee0f9930d03d5c327830g4z1t3o0g4m2occfcbo&from=dam&uid=WDCXWD2500YD-01NVB1_WD-WCANK415674956749&type=hp Deleted initialpage123 Deleted initialpage123 Deleted initialpage123 Deleted initialpage123 Deleted initialpage123 Deleted initialpage123 Deleted initialpage123 Deleted initialpage123 ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [13429 octets] - [10/08/2018 20:14:16] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########