# AdwCleaner 7.0.0.0 - Logfile created on Tue Jul 18 03:51:07 2017 # Updated on 2017/17/07 by Malwarebytes # Running on Windows 7 Ultimate (X86) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** Deleted: BackupStack Deleted: SmdmFService Deleted: MustangService_2015_10_10 Deleted: MustangService_2015_10_10 ***** [ Folders ] ***** Deleted: C:\Program Files\PANDORA.TV Deleted: C:\Program Files\YTDownloader Deleted: C:\Users\iso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader Deleted: C:\Users\iso\AppData\Local\Webplayer Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar Deleted: C:\Program Files\Assets Manager Deleted: C:\Program Files\AVG Security Toolbar Deleted: C:\Windows\System32\C2MP Deleted: C:\Users\iso\AppData\Local\webplayer Deleted: C:\ProgramData\ShopperPro Deleted: C:\ProgramData\Application Data\ShopperPro Deleted: C:\Program Files\ShopperPro Deleted: C:\Users\All Users\ShopperPro Deleted: C:\Users\All Users\Documents\ShopperPro Deleted: C:\Users\Public\Documents\ShopperPro Deleted: C:\Users\iso\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence Deleted: C:\Users\iso\AppData\Roaming\RHEng Deleted: C:\Users\iso\AppData\Roaming\OpenCandy Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\LavasoftTcpService Deleted: C:\ProgramData\smdmf Deleted: C:\ProgramData\Application Data\smdmf Deleted: C:\Users\All Users\smdmf Deleted: C:\ProgramData\TempMoudleSet Deleted: C:\ProgramData\Application Data\TempMoudleSet Deleted: C:\Users\All Users\TempMoudleSet Deleted: C:\Users\iso\AppData\Roaming\DRPSu Deleted: C:\Users\iso\AppData\Roaming\FirefoxToolbar Deleted: C:\Program Files\Cyti Web Deleted: C:/Program Files\Cyti Web Deleted: C:/Program Files\SmartSound Software Deleted: C:/ProgramData\AppMgr3.16.8591351 Deleted: C:/ProgramData\Avg_Update_0215tb Deleted: C:/ProgramData\Avg_Update_0814tb Deleted: C:/ProgramData\Avg_Update_1114tb Deleted: C:/ProgramData\Avg_Update_1214tb Deleted: \Downloaded Installers\{760B29F2-8663-419B-A025-5A55066E130B} Deleted: \Installer\{760B29F2-8663-419B-A025-5A55066E130B} ***** [ Files ] ***** Deleted: C:\Windows\System32\roboot.exe Deleted: C:\istartsurf.xml Deleted: C:\Windows\System32\lavasofttcpservice.dll Deleted: C:\Windows\System32\LavasoftTcpServiceOff.ini Deleted: C:\Users\iso\AppData\Roaming\Mozilla\Firefox\Profiles\6azgi7cz.default\searchplugins\yahoo-lavasoft.xml ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted: Yahoo! Search Updater Deleted: 1114tbUpdateInfo ***** [ Registry ] ***** Deleted: [Key] - HKU\S-1-5-21-976014490-3346805242-2403212102-1000\Software\Mail.Ru Deleted: [Key] - HKCU\Software\Mail.Ru Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|Default_Page_URL [http://www.istartsurf.com/?type=hp&ts=1447504014&z=cc7cb996ef5fc5965df16b6g6z1zfmaw9edz3e6gbz&from=cor&uid=hitachixhts725032a9a364_100817pck304gkg4wn4kx] Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|IE11UpgradePageShownTime [궨鄯ǒ://www.istartsurf.com/?type=hp&ts=1447504014&z=cc7cb996ef5fc5965df16b6g6z1zfmaw9edz3e6gbz&from=cor&uid=hitachixhts725032a9a364_100817pck304gkg4wn4kx] Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL [http://www.istartsurf.com/web/?type=ds&ts=1447504014&z=cc7cb996ef5fc5965df16b6g6z1zfmaw9edz3e6gbz&from=cor&uid=hitachixhts725032a9a364_100817pck304gkg4wn4kx&q={searchTerms}] Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL [http://www.istartsurf.com/?type=hp&ts=1447504014&z=cc7cb996ef5fc5965df16b6g6z1zfmaw9edz3e6gbz&from=cor&uid=hitachixhts725032a9a364_100817pck304gkg4wn4kx] Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page [http://www.istartsurf.com/web/?type=ds&ts=1447504014&z=cc7cb996ef5fc5965df16b6g6z1zfmaw9edz3e6gbz&from=cor&uid=hitachixhts725032a9a364_100817pck304gkg4wn4kx&q={searchTerms}] Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{26FA36D5-229A-4539-884A-54CDFD498B76} Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3C4BFB1C-F495-4105-8581-227065493B74} Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\SearchScopes|DoNotAskAgain Deleted: [Value] - HKU\S-1-5-21-976014490-3346805242-2403212102-1000\Software\Microsoft\Internet Explorer\SearchScopes|DoNotAskAgain Deleted: [Value] - HKU\S-1-5-21-976014490-3346805242-2403212102-1000\Software\Microsoft\Internet Explorer\SearchScopes|DoNotAskAgain Deleted: [Key] - HKU\S-1-5-21-976014490-3346805242-2403212102-1000\Software\Video Player Deleted: [Key] - HKCU\Software\Video Player Deleted: [Key] - HKU\S-1-5-21-976014490-3346805242-2403212102-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Search Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Search Deleted: [Key] - HKU\S-1-5-21-976014490-3346805242-2403212102-1000\Software\APN PIP Deleted: [Key] - HKCU\Software\APN PIP Deleted: [Key] - HKLM\SOFTWARE\PIP Deleted: [Key] - HKU\S-1-5-21-976014490-3346805242-2403212102-1000\Software\OB Deleted: [Key] - HKCU\Software\OB Deleted: [Key] - HKU\S-1-5-21-976014490-3346805242-2403212102-1000\Software\TeleCharger Deleted: [Key] - HKCU\Software\TeleCharger Deleted: [Key] - HKU\S-1-5-21-976014490-3346805242-2403212102-1000\Software\Mozilla\Extends Deleted: [Key] - HKCU\Software\Mozilla\Extends Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion Deleted: [Key] - HKU\S-1-5-21-976014490-3346805242-2403212102-1000\Software\ICSW1.23 Deleted: [Key] - HKCU\Software\ICSW1.23 Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{20B9C05C-99C9-4BAB-B596-FB0C0E1C9F55} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{85198F55-85AC-498A-BFE4-BBC33840F4AB} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe Deleted: [Value] - HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls|x64 Deleted: [Value] - HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls|x64 Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls|x64 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted: [Key] - HKLM\SOFTWARE\ShopperPro Deleted: [Key] - HKLM\SOFTWARE\istartsurfSoftware Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{26FA36D5-229A-4539-884A-54CDFD498B76} Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3C4BFB1C-F495-4105-8581-227065493B74} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe Deleted: [Key] - HKLM\SOFTWARE\SystemK Deleted: [Key] - HKLM\SOFTWARE\Systemk Deleted: [Key] - HKLM\SOFTWARE\SmdmF Deleted: [Key] - HKU\S-1-5-21-976014490-3346805242-2403212102-1000\Software\SmdmF Deleted: [Key] - HKCU\Software\SmdmF Deleted: [Key] - HKLM\SOFTWARE\ihpmserver Deleted: [Key] - HKLM\SOFTWARE\RayDld Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{8DD92279-9B04-4C6F-A862-EF3C24603804} Deleted: [Key] - HKLM\SOFTWARE\YTDownloader Deleted: [Key] - HKU\S-1-5-21-976014490-3346805242-2403212102-1000\Software\YTDownloader Deleted: [Key] - HKCU\Software\YTDownloader Deleted: [Key] - HKU\S-1-5-21-976014490-3346805242-2403212102-1000\Software\Linkey Deleted: [Key] - HKCU\Software\Linkey Deleted: [Key] - HKU\S-1-5-21-976014490-3346805242-2403212102-1000\Software\InstallCore Deleted: [Key] - HKCU\Software\InstallCore Deleted: [Key] - HKU\S-1-5-21-976014490-3346805242-2403212102-1000\Software\csastats Deleted: [Key] - HKCU\Software\csastats Deleted: [Key] - HKU\S-1-5-21-976014490-3346805242-2403212102-1000\Software\PRODUCTSETUP Deleted: [Key] - HKCU\Software\PRODUCTSETUP Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{760B29F2-8663-419B-A025-5A55066E130B} ***** [ Firefox (and derivatives) ] ***** Plugin deleted: deskCut - lightningnewtab.com Plugin deleted: Shopper-Pro - Goobzo SearchProvider deleted: http://mysearch.avg.com/search?cid={00BF3BCC-FD7D-409F-AC7D-61211A9EB2B9}&mid=caa3eefb7e6f47d3854eb1a22fba6184-3f15a39653afaeed7e3194fae4c320a666d1bbe3&lang=en&ds=co011&coid=avgtbdisco&cmpid=0814tb&&pr=sa&d=2013-11-08 10:13:10&v=17.2.0.38&pid=safeguard&sg=0&sap=dsp&q={searchTerms} - AVG Secure Search ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [16766 B] - [2017/7/18 3:48:37] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########