# AdwCleaner 7.0.2.1 - Logfile created on Sun Sep 17 15:44:42 2017 # Updated on 2017/29/08 by Malwarebytes # Running on Windows 7 Ultimate (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** Deleted: AppleNotificationsSrv Deleted: ANSARE Deleted: SNAREA Deleted: terana Deleted: VNASRE Deleted: NPASRE Deleted: CWASRE Deleted: 3DM Deleted: CSHMDR Deleted: snare Deleted: OtherSearch Deleted: Kitty Deleted: HPZebra Service Deleted: SNAREA Deleted: 434d24cdac74f54a9304eb257dcbe7f9 Deleted: 774bc071cc61735f703958bbc8d993f2 ***** [ Folders ] ***** Deleted: C:\Program Files (x86)\Default Company Name Deleted: C:\Users\sternouille\AppData\Local\ANSARE Deleted: C:\Users\sternouille\AppData\Local\SNAREA Deleted: C:\Users\sternouille\AppData\Local\terana Deleted: C:\Users\sternouille\AppData\Local\VNASRE Deleted: C:\Users\sternouille\AppData\Local\NPASRE Deleted: C:\Users\sternouille\AppData\Local\CWASRE Deleted: C:\Users\sternouille\AppData\Local\3DM Deleted: C:\Users\sternouille\AppData\Local\CSHMDR Deleted: C:\Users\sternouille\AppData\Local\snare Deleted: C:\Windows\System32\\SSL Deleted: C:\Windows\SysWOW64\\SSL Deleted: C:\Users\sternouille\AppData\Roaming\cacaoweb Deleted: C:\Program Files (x86)\Tencent Deleted: C:\Program Files (x86)\AlphaGo Deleted: C:\Program Files (x86)\WeatherInspect Deleted: C:\Program Files (x86)\HPZebra Deleted: C:\Users\sternouille\AppData\Local\AdService Deleted: C:\Users\sternouille\AppData\Roaming\WinSAPSvc Deleted: C:\Users\sternouille\AppData\Roaming\SSMgre Deleted: C:\Program Files (x86)\WeatherInspect Deleted: C:\Users\sternouille\AppData\Local\SNAREA Deleted: C:\Program Files\774bc071cc61735f703958bbc8d993f2 Deleted: C:\Program Files\37a06bc1ea3c7c11e66f956e177cda15 Deleted: C:\Program Files\543e3415f247d061daa6ff5c0727ac6d Deleted: C:\Program Files\6dfcb2b565d737bbd71ba703d437d119 Deleted: C:\Program Files (x86)\59103026_jumpeasy ***** [ Files ] ***** Deleted: C:\Users\All Users\Documents\\report.dat Deleted: C:\Users\Public\Documents\\report.dat Deleted: C:\Users\All Users\Documents\\temp.dat Deleted: C:\Users\Public\Documents\\temp.dat Deleted: C:\END Deleted: C:\Users\sternouille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ScreenShot.lnk Deleted: C:\Windows\SysNative\drivers\Lace_wpf_x64.sys Deleted: C:\Users\sternouille\AppData\Local\Temp\BigFarm.lnk Deleted: C:\Users\sternouille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\BigFarm.lnk Deleted: C:\Users\sternouille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BigFarm.lnk Deleted: C:\Users\sternouille\Desktop\BigFarm.lnk Deleted: C:\Users\sternouille\AppData\Local\Temp\big_bang_empire.lnk Deleted: C:\Users\sternouille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\big_bang_empire.lnk Deleted: C:\Users\sternouille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\big_bang_empire.lnk Deleted: C:\Users\sternouille\Desktop\big_bang_empire.lnk Deleted: C:\Users\sternouille\AppData\Local\uninstallce.exe ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted: Milimili Deleted: Windows-PG Deleted: Windows-WoShiBeiYongDe Deleted: PowerWord-SCT-JT Deleted: SMW_UpdateTask_Time_333839343232323032372d3437415a556c2a3223346c41 ***** [ Registry ] ***** Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|NPASRE Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|SNARE Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net Deleted: [Key] - HKLM\SOFTWARE\InterSect Alliance Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{118B6258-BF13-47C9-8D46-B2A349196B5D} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B7CB7055-EFAE-4CD2-928A-15DB5F4FF7C7} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{51639FCA-678F-4D71-8044-E16E3D49187F} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C652C0A-EC71-4797-8077-F67649177AB0} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{97D2FBF4-72CF-4DD6-8DA8-26710BC7BE71} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{33E06582-221E-400F-809B-30D3984DB355} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B96B5D3-4A8D-42DC-9CDE-E9B94B3CFE5D} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D976BD4-0B6A-4757-9D2B-65AA20F4B4EA} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ACCC747B-2A59-4F30-BA7C-D26333DE65F5} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6062A33-016E-4BDA-A6F1-890D989F8656} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895} Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{CBDECEF7-7A29-4CBF-A009-2673D82C7BF9} Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{63332668-8CE1-445D-A5EE-25929176714E} Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{754DF2CE-51E8-4895-B53C-6381418B84AE} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD} Deleted: [Value] - HKU\S-1-5-21-1237048931-779808844-1748554049-1000\Software\Microsoft\Windows\CurrentVersion\Run|ssn Deleted: [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run|ssn Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD|BackgroundHost64.exe Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|BackgroundHost.exe Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD|BackgroundHost.exe Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|WinSAPSvc Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|Kitty Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|SNAREA Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|ANSARE Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|BIT Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|3DM Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|VNASRE Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|CWASRE Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|CSHMDR Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|terana Deleted: [Key] - HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WeatherInspect Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 Deleted: [Key] - HKLM\SOFTWARE\HPZebra Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HPZebra Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|AdsServiceGroup Deleted: [Key] - HKU\S-1-5-21-1237048931-779808844-1748554049-1000\Software\ssn Deleted: [Key] - HKCU\Software\ssn Deleted: [Key] - HKU\S-1-5-21-1237048931-779808844-1748554049-1000\Software\MICROSOFT\wewewe Deleted: [Key] - HKCU\Software\MICROSOFT\wewewe Deleted: [Key] - HKLM\SOFTWARE\ScreenShot Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreenShot Deleted: [Key] - HKU\S-1-5-21-1237048931-779808844-1748554049-1000\Software\Microsoft\BigTime Deleted: [Key] - HKCU\Software\Microsoft\BigTime Deleted: [Key] - HKLM\SOFTWARE\OtherSearch Deleted: [Key] - HKLM\SOFTWARE\Applian Technologies Deleted: [Key] - HKU\S-1-5-21-1237048931-779808844-1748554049-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\119 Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\119 Deleted: [Key] - HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b Deleted: [Key] - HKLM\SOFTWARE\Microsoft\APreSam Deleted: [Key] - HKLM\SOFTWARE\Microsoft\NSaveA Deleted: [Key] - HKLM\SOFTWARE\Microsoft\PrAmNP Deleted: [Key] - HKLM\SOFTWARE\Microsoft\MPrForShutT Deleted: [Key] - HKLM\SOFTWARE\Microsoft\PWeatherIns Deleted: [Key] - HKLM\SOFTWARE\Microsoft\PrIncub Deleted: [Key] - HKU\S-1-5-21-1237048931-779808844-1748554049-1000\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} Deleted: [Key] - HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WeatherInspect Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [49992 B] - [2017/2/18 18:17:15] C:/AdwCleaner/AdwCleaner[C2].txt - [1684 B] - [2017/2/18 18:46:21] C:/AdwCleaner/AdwCleaner[S0].txt - [50050 B] - [2017/2/17 8:53:4] C:/AdwCleaner/AdwCleaner[S1].txt - [45728 B] - [2017/2/17 11:55:3] C:/AdwCleaner/AdwCleaner[S2].txt - [46058 B] - [2017/2/18 9:41:20] C:/AdwCleaner/AdwCleaner[S3].txt - [46105 B] - [2017/2/18 18:13:44] C:/AdwCleaner/AdwCleaner[S4].txt - [1824 B] - [2017/2/18 18:41:58] C:/AdwCleaner/AdwCleaner[S5].txt - [17316 B] - [2017/9/17 15:40:0] ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########