# AdwCleaner 7.0.6.0 - Logfile created on Fri Dec 29 09:05:21 2017 # Updated on 2017/21/12 by Malwarebytes # Running on Windows 7 Professional (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** Deleted: AppleNotificationsSrv Deleted: glory Deleted: CSHMDR Deleted: iSafeService Deleted: TMService Deleted: TMCheckVersion Deleted: pgt_svc Deleted: NetUtils2016srv Deleted: BIT Deleted: Kitty Deleted: 727e14596581e16b053daf7e98d13948 Deleted: 98ac82ef4517b63d3a7b9d6c55ea5fda Deleted: b22c74fadda839ed00548ea83840e1b7 ***** [ Folders ] ***** Deleted: C:\Program Files (x86)\Default Company Name Deleted: C:\Program Files (x86)\Elex-tech Deleted: C:\Users\BOB\AppData\Roaming\Elex-tech Deleted: C:\Reimward Deleted: C:\Users\BOB\AppData\Roaming\SNARER Deleted: C:\Users\BOB\AppData\Local\SNAREA Deleted: C:\Users\BOB\AppData\Local\terana Deleted: C:\Users\BOB\AppData\Local\VNASRE Deleted: C:\Pipisy Deleted: C:\Users\BOB\AppData\Local\NPASRE Deleted: C:\Reerdition Deleted: C:\Users\BOB\AppData\Local\CWASRE Deleted: C:\Users\BOB\AppData\Local\CSHMDR Deleted: C:\Users\BOB\AppData\Local\snare Deleted: C:\Program Files (x86)\Fanlook Deleted: C:\Users\BOB\AppData\Local\Fanlook Deleted: C:\ProgramData\BSD\DriverHive Deleted: C:\ProgramData\Application Data\BSD\DriverHive Deleted: C:\Windows\System32\\SSL Deleted: C:\Windows\SysWOW64\\SSL Deleted: C:\Users\BOB\AppData\Roaming\\Firefox Deleted: C:\Windows\System32\\sstmp Deleted: C:\Windows\SysWOW64\\sstmp Deleted: C:\Users\BOB\AppData\Roaming\cacaoweb Deleted: C:\Users\BOB\AppData\Roaming\GoldenGate Deleted: C:\Users\BOB\AppData\Roaming\imminent Deleted: C:\ProgramData\lavasoft\web companion Deleted: C:\ProgramData\Application Data\lavasoft\web companion Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\Tencent Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent Deleted: C:\ProgramData\BSD\DriverHiveEngine Deleted: C:\ProgramData\Application Data\BSD\DriverHiveEngine Deleted: C:\Users\BOB\AppData\Roaming\aMule Deleted: C:\ProgramData\vCore Deleted: C:\ProgramData\Application Data\vCore Deleted: C:\Users\BOB\AppData\Local\AdvinstAnalytics Deleted: C:\Users\BOB\AppData\Local\MicrosoftHelper Deleted: C:\Users\BOB\AppData\Local\MicrosoftUpdater Deleted: C:\Users\BOB\AppData\Local\WANARE Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\WindowsTM Deleted: C:\Program Files (x86)\WindowsTM Deleted: C:\Users\Public\Documents\XMUpdate Deleted: C:\Program Files (x86)\AlphaGo Deleted: C:\Terward Deleted: C:\ProgramData\Plusdax Deleted: C:\ProgramData\Application Data\Plusdax Deleted: C:\ProgramData\Logic Cramble Deleted: C:\ProgramData\Application Data\Logic Cramble Deleted: C:\ProgramData\PrefsSecure Deleted: C:\ProgramData\Application Data\PrefsSecure Deleted: C:\ProgramData\Plusdax Deleted: C:\ProgramData\Application Data\Plusdax Deleted: C:\Users\BOB\AppData\Local\AppTrailers Deleted: C:\Program Files\jetstrmedia Deleted: C:\Program Files (x86)\OneSystemCare Deleted: C:\Users\BOB\AppData\Roaming\BROWSERMODULE Deleted: C:\Program Files (x86)\ProxyGate Deleted: C:\Program Files (x86)\Eastness Deleted: C:\Users\BOB\AppData\Local\Eastness Deleted: C:\Users\BOB\AppData\Roaming\WinSAPSvc Deleted: C:\ProgramData\Microleaves Deleted: C:\ProgramData\Application Data\Microleaves Deleted: C:\Program Files (x86)\Microleaves Deleted: C:\Insist Deleted: C:\Users\BOB\Documents\PROPCCleaner Deleted: C:\Users\BOB\AppData\Roaming\PRO PC Cleaner Deleted: C:\Users\BOB\AppData\Local\PRO_PC_Cleaner Deleted: C:\Windows\SysNative\Tasks\Y2Go Deleted: C:\Users\BOB\AppData\Roaming\Interstatnogui Deleted: C:\Program Files (x86)\BikaQRss Deleted: C:\Users\BOB\AppData\Local\SNAREA Deleted: C:\ProgramData\Plusdax Deleted: C:\ProgramData\Application Data\Plusdax Deleted: C:\Program Files (x86)\Universal Driver Updater Deleted: C:\ProgramData\PCVARK Deleted: C:\ProgramData\Application Data\PCVARK Deleted: C:\\Users\Public\Documents\XMUpdate Deleted: C:\Program Files\acbfa4650af99dfd75de9e6b9233a85d Deleted: C:\Program Files\2d42beed8f38fb637224dbdd237fab25 Deleted: C:\Program Files (x86)\789363110d14746060626a5494772ff1 Deleted: C:\ProgramData\62d13578-0037-1 Deleted: C:\ProgramData\62d13578-0127-1 Deleted: C:\ProgramData\62d13578-0233-1 Deleted: C:\ProgramData\62d13578-0385-1 Deleted: C:\ProgramData\62d13578-0393-1 Deleted: C:\ProgramData\62d13578-05e5-1 Deleted: C:\ProgramData\62d13578-05e7-1 Deleted: C:\ProgramData\62d13578-0681-1 Deleted: C:\ProgramData\62d13578-0775-1 Deleted: C:\ProgramData\62d13578-0a37-1 Deleted: C:\ProgramData\62d13578-0ac7-1 Deleted: C:\ProgramData\62d13578-0af1-1 Deleted: C:\ProgramData\62d13578-0c03-0 Deleted: C:\ProgramData\62d13578-0dc7-1 Deleted: C:\ProgramData\62d13578-0f51-1 Deleted: C:\ProgramData\62d13578-0fc3-1 Deleted: C:\ProgramData\62d13578-1171-1 Deleted: C:\ProgramData\62d13578-1177-1 Deleted: C:\ProgramData\62d13578-11b7-1 Deleted: C:\ProgramData\62d13578-11e7-0 Deleted: C:\ProgramData\62d13578-11f3-1 Deleted: C:\ProgramData\62d13578-1317-0 Deleted: C:\ProgramData\62d13578-1361-1 Deleted: C:\ProgramData\62d13578-13d5-1 Deleted: C:\ProgramData\62d13578-1473-1 Deleted: C:\ProgramData\62d13578-14a7-1 Deleted: C:\ProgramData\62d13578-14c3-1 Deleted: C:\ProgramData\62d13578-1603-1 Deleted: C:\ProgramData\62d13578-1637-1 Deleted: C:\ProgramData\62d13578-1911-1 Deleted: C:\ProgramData\62d13578-1921-1 Deleted: C:\ProgramData\62d13578-1c91-1 Deleted: C:\ProgramData\62d13578-2017-1 Deleted: C:\ProgramData\62d13578-2047-1 Deleted: C:\ProgramData\62d13578-2065-1 Deleted: C:\ProgramData\62d13578-21b5-1 Deleted: C:\ProgramData\62d13578-2241-1 Deleted: C:\ProgramData\62d13578-2243-0 Deleted: C:\ProgramData\62d13578-2243-1 Deleted: C:\ProgramData\62d13578-2307-1 Deleted: C:\ProgramData\62d13578-2413-1 Deleted: C:\ProgramData\62d13578-2461-1 Deleted: C:\ProgramData\62d13578-2525-1 Deleted: C:\ProgramData\62d13578-2617-0 Deleted: C:\ProgramData\62d13578-27d7-0 Deleted: C:\ProgramData\62d13578-27e7-1 Deleted: C:\ProgramData\62d13578-27f5-1 Deleted: C:\ProgramData\62d13578-2825-0 Deleted: C:\ProgramData\62d13578-2843-1 Deleted: C:\ProgramData\62d13578-28b5-1 Deleted: C:\ProgramData\62d13578-2901-1 Deleted: C:\ProgramData\62d13578-2911-1 Deleted: C:\ProgramData\62d13578-2941-0 Deleted: C:\ProgramData\62d13578-2977-1 Deleted: C:\ProgramData\62d13578-2a35-1 Deleted: C:\ProgramData\62d13578-2ba3-1 Deleted: C:\ProgramData\62d13578-2be5-1 Deleted: C:\ProgramData\62d13578-2c95-1 Deleted: C:\ProgramData\62d13578-2e55-1 Deleted: C:\ProgramData\62d13578-2fa1-0 Deleted: C:\ProgramData\62d13578-30e1-1 Deleted: C:\ProgramData\62d13578-3297-1 Deleted: C:\ProgramData\62d13578-3367-1 Deleted: C:\ProgramData\62d13578-3411-1 Deleted: C:\ProgramData\62d13578-34b3-0 Deleted: C:\ProgramData\62d13578-34d1-1 Deleted: C:\ProgramData\62d13578-35d7-1 Deleted: C:\ProgramData\62d13578-3693-1 Deleted: C:\ProgramData\62d13578-36f1-1 Deleted: C:\ProgramData\62d13578-3705-1 Deleted: C:\ProgramData\62d13578-38e1-1 Deleted: C:\ProgramData\62d13578-3977-0 Deleted: C:\ProgramData\62d13578-3c75-1 Deleted: C:\ProgramData\62d13578-3c95-1 Deleted: C:\ProgramData\62d13578-3eb1-1 Deleted: C:\ProgramData\62d13578-3f75-1 Deleted: C:\ProgramData\62d13578-3fa5-1 Deleted: C:\ProgramData\62d13578-3fc5-1 Deleted: C:\ProgramData\62d13578-41c1-0 Deleted: C:\ProgramData\62d13578-4273-1 Deleted: C:\ProgramData\62d13578-42c3-1 Deleted: C:\ProgramData\62d13578-42d3-1 Deleted: C:\ProgramData\62d13578-4311-1 Deleted: C:\ProgramData\62d13578-4501-1 Deleted: C:\ProgramData\62d13578-4577-1 Deleted: C:\ProgramData\62d13578-45b5-0 Deleted: C:\ProgramData\62d13578-4717-0 Deleted: C:\ProgramData\62d13578-4891-1 Deleted: C:\ProgramData\62d13578-4943-1 Deleted: C:\ProgramData\62d13578-49e7-0 Deleted: C:\ProgramData\62d13578-4a53-1 Deleted: C:\ProgramData\62d13578-4a83-1 Deleted: C:\ProgramData\62d13578-4c03-0 Deleted: C:\ProgramData\62d13578-4da3-1 Deleted: C:\ProgramData\62d13578-4dd5-1 Deleted: C:\ProgramData\62d13578-4e51-1 Deleted: C:\ProgramData\62d13578-4f31-1 Deleted: C:\ProgramData\62d13578-5001-1 Deleted: C:\ProgramData\62d13578-5051-0 Deleted: C:\ProgramData\62d13578-5095-1 Deleted: C:\ProgramData\62d13578-50d3-1 Deleted: C:\ProgramData\62d13578-51f1-1 Deleted: C:\ProgramData\62d13578-5205-1 Deleted: C:\ProgramData\62d13578-5351-0 Deleted: C:\ProgramData\62d13578-53b1-1 Deleted: C:\ProgramData\62d13578-5471-1 Deleted: C:\ProgramData\62d13578-5485-1 Deleted: C:\ProgramData\62d13578-5673-1 Deleted: C:\ProgramData\62d13578-5693-1 Deleted: C:\ProgramData\62d13578-58d5-1 Deleted: C:\ProgramData\62d13578-5c91-1 Deleted: C:\ProgramData\62d13578-5cb7-1 Deleted: C:\ProgramData\62d13578-5d23-1 Deleted: C:\ProgramData\62d13578-5d27-1 Deleted: C:\ProgramData\62d13578-5d37-1 Deleted: C:\ProgramData\62d13578-5f95-1 Deleted: C:\ProgramData\62d13578-60b1-1 Deleted: C:\ProgramData\62d13578-6165-1 Deleted: C:\ProgramData\62d13578-61b7-0 Deleted: C:\ProgramData\62d13578-6211-0 Deleted: C:\ProgramData\62d13578-6241-1 Deleted: C:\ProgramData\62d13578-6263-1 Deleted: C:\ProgramData\62d13578-62a3-1 Deleted: C:\ProgramData\62d13578-62b7-1 Deleted: C:\ProgramData\62d13578-63e3-1 Deleted: C:\ProgramData\62d13578-63f5-0 Deleted: C:\ProgramData\62d13578-64d1-1 Deleted: C:\ProgramData\62d13578-6625-1 Deleted: C:\ProgramData\62d13578-67f1-1 Deleted: C:\ProgramData\62d13578-6865-0 Deleted: C:\ProgramData\62d13578-6893-0 Deleted: C:\ProgramData\62d13578-6921-1 Deleted: C:\ProgramData\62d13578-6947-1 Deleted: C:\ProgramData\62d13578-6a05-0 Deleted: C:\ProgramData\62d13578-6a27-1 Deleted: C:\ProgramData\62d13578-6a65-1 Deleted: C:\ProgramData\62d13578-6a71-1 Deleted: C:\ProgramData\62d13578-6ac5-0 Deleted: C:\ProgramData\62d13578-6c73-1 Deleted: C:\ProgramData\62d13578-6cc5-1 Deleted: C:\ProgramData\62d13578-6e47-0 Deleted: C:\ProgramData\62d13578-6e73-1 Deleted: C:\ProgramData\62d13578-6ed3-1 Deleted: C:\ProgramData\62d13578-6f07-1 Deleted: C:\ProgramData\62d13578-6f51-1 Deleted: C:\ProgramData\62d13578-71a1-1 Deleted: C:\ProgramData\62d13578-7255-1 Deleted: C:\ProgramData\62d13578-7311-1 Deleted: C:\ProgramData\62d13578-7355-1 Deleted: C:\ProgramData\62d13578-7565-1 Deleted: C:\ProgramData\62d13578-76f1-1 Deleted: C:\ProgramData\62d13578-7761-1 Deleted: C:\ProgramData\62d13578-7831-1 Deleted: C:\ProgramData\62d13578-7865-0 Deleted: C:\ProgramData\62d13578-7ad3-1 Deleted: C:\ProgramData\62d13578-7b23-1 Deleted: C:\ProgramData\62d13578-7c63-1 Deleted: C:\ProgramData\62d13578-7ce1-1 Deleted: C:\ProgramData\62d13578-7d21-1 Deleted: C:\ProgramData\62d13578-7d51-0 Deleted: C:\ProgramData\62d13578-7db5-1 Deleted: C:\ProgramData\62d13578-7fd1-1 Deleted: C:\ProgramData\62d13578-7fe5-1 Deleted: C:\ProgramData\a1bd8073-3ff7-1 Deleted: C:\ProgramData\a1bd8073-7607-0 Deleted: C:\ProgramData\bfa51af5 Deleted: C:\ProgramData\{027e25d8-012c-1} Deleted: C:\ProgramData\{189f6d86-112c-0} Deleted: C:\ProgramData\{1b274f6a-112c-0} Deleted: C:\ProgramData\{20d70a2d-012c-1} Deleted: C:\ProgramData\{26d87c85-412c-0} Deleted: C:\ProgramData\{2cab7e2a-512c-1} Deleted: C:\ProgramData\{2cfa6180-212c-0} Deleted: C:\ProgramData\{34405b56-012c-1} Deleted: C:\ProgramData\{34c3137f-512c-0} Deleted: C:\ProgramData\{3aa0385d-212c-1} Deleted: C:\ProgramData\{40980772-212c-0} Deleted: C:\ProgramData\{4bb86e3f-612c-0} Deleted: C:\ProgramData\{4cca2d19-512c-1} Deleted: C:\ProgramData\{57615a64-512c-0} Deleted: C:\ProgramData\{64ea00fd-312c-1} Deleted: C:\ProgramData\{66b13b47-212c-0} Deleted: C:\ProgramData\{72c06dc8-112c-1} Deleted: C:\ProgramData\{7dce680e-612c-0} ***** [ Files ] ***** Deleted: C:\Users\BOB\AppData\Roaming\\agent.dat Deleted: C:\Users\BOB\AppData\Roaming\Main.dat Deleted: C:\Users\BOB\AppData\Roaming\\InstallationConfiguration.xml Deleted: C:\Users\BOB\AppData\Roaming\\Installer.dat Deleted: C:\Users\BOB\AppData\Roaming\\noah.dat Deleted: C:\Users\BOB\AppData\Roaming\\Config.xml Deleted: C:\Users\BOB\AppData\Roaming\\md.xml Deleted: C:\Users\Public\Documents\\report.dat Deleted: C:\Users\Public\Documents\\temp.dat Deleted: C:\ProgramData\Software\Apple\Apps\\Notification.dll Deleted: C:\Windows\SysNative\wsusnative64.exe Deleted: C:\END Deleted: C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys Deleted: C:\Windows\SysNative\drivers\iSafeNetFilter.sys Deleted: C:\Windows\SysNative\log\iSafeKrnlCall.log Deleted: C:\appverifier.txt Deleted: C:\Users\BOB\AppData\Local\Temp\big_bang_empire.lnk Deleted: C:\Windows\SysNative\drivers\lanmamaster.sys Deleted: C:\Windows\SysNative\lanmamasterHelp.dll Deleted: C:\Windows\System32\TMhardware.dll Deleted: C:\Windows\SysWOW64\TMhardware.dll Deleted: C:\Windows\SysNative\drivers\TMhardware.sys Deleted: C:\Windows\SysNative\NetUtils2016.dll Deleted: C:\Windows\System32\NetUtils2016.exe Deleted: C:\Windows\SysWOW64\NetUtils2016.exe Deleted: C:\Windows\SysNative\drivers\NetUtils2016.sys Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk Deleted: C:\Users\BOB\AppData\Local\uninstallce.exe ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted: Milimili Deleted: Windows-PG Deleted: Y2Go\Updater\Y2GoUpdater Deleted: Online Application V2G1 Deleted: Online Application V2G3 Deleted: Y2Go\Y2Go\Y2Go Deleted: Online Application V2G2 Deleted: Universal Deleted: System\SystemCheck Deleted: WinZip Malware Protector_startup Deleted: Start Registry Reviver Update Deleted: Start Registry Reviver Schedule Deleted: Microsoft\Windows\Media Center\VCore Deleted: Updater_Online_Application Deleted: Start Registry Reviver for SWAGCOMPUTER9@BOB(logon) Deleted: Start Registry Reviver( SR ) for SWAGCOMPUTER9@BOB at logon Deleted: Start Registry Reviver( SR ) for SWAGCOMPUTER9@BOB Deleted: acbfa4650af99dfd75de9e6b9233a85d Deleted: Start Registry Reviver for SWAGCOMPUTER9@BOB(logon) Deleted: Start Registry Reviver Schedule Deleted: Start Registry Reviver Update Deleted: Start Registry Reviver( SR ) for SWAGCOMPUTER9@BOB Deleted: Start Registry Reviver( SR ) for SWAGCOMPUTER9@BOB at logon ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\Elex-tech Deleted: [Key] - HKLM\SOFTWARE\jhdbca Deleted: [Key] - HKU\.DEFAULT\Software\jhdbca Deleted: [Key] - HKU\S-1-5-18\Software\jhdbca Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\WinSnare Deleted: [Key] - HKCU\Software\WinSnare Deleted: [Key] - HKLM\SOFTWARE\{84416237-6490-494D-9AD6-4994DD978971} Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\deskapp Deleted: [Key] - HKCU\Software\deskapp Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|NPASRE Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|SNARE Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5CE7A480-D564-45FF-B4B3-1188EFD3622C} Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{484E81DD-3F21-4D04-9A9B-94D8D61DFB1D}C:\users\bob\appdata\roaming\cacaoweb\cacaoweb.exe Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{E2C7948E-D591-4DAB-9CD8-EFFB0601F6B3}C:\users\bob\appdata\roaming\cacaoweb\cacaoweb.exe Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{46E470C1-78C4-41B3-B67C-A6F8C5605E08}C:\users\bob\appdata\roaming\cacaoweb\cacaoweb.exe Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{35F58424-DADC-4AE2-8B50-96597A37FCAC}C:\users\bob\appdata\roaming\cacaoweb\cacaoweb.exe Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{8EE79310-B14E-4011-B3BF-575925B81DCE} Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0EFD97E3-229F-44F4-9887-F69B2172BB34} Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{2DD5F29E-425B-4C75-BADB-D1017825E499} Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F266FA27-D576-4848-B4AA-2BDD90E52586} Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{076B1C6B-150D-4A8F-AD5F-0C720984A93B} Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B0625169-92DD-4C0B-9970-0019571E3EFB} Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FB2562AA-86AA-46D2-94E0-7B66CD529D84} Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F7133DA9-AC20-49D3-A6F5-21451C524C9E} Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{6D8B3EB3-AC43-4E60-BD4F-78663FD136B2}C:\users\bob\desktop\cacaoweb.exe Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{11A37612-116E-46BE-9EF4-D4B1DC080420}C:\users\bob\desktop\cacaoweb.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\cacaoweb Deleted: [Key] - HKCU\Software\cacaoweb Deleted: [Key] - HKLM\SOFTWARE\registry Reviver Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\registry Reviver Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\GoldenGate Deleted: [Key] - HKCU\Software\GoldenGate Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion Deleted: [Key] - HKLM\SOFTWARE\youndooSoftware Deleted: [Key] - HKLM\SOFTWARE\trotuxSoftware Deleted: [Key] - HKLM\SOFTWARE\b`nl{y Deleted: [Key] - HKU\.DEFAULT\Software\b`nl{y Deleted: [Key] - HKU\S-1-5-18\Software\b`nl{y Deleted: [Key] - HKLM\SOFTWARE\ompndb Deleted: [Key] - HKU\.DEFAULT\Software\ompndb Deleted: [Key] - HKU\S-1-5-18\Software\ompndb Deleted: [Key] - HKLM\SOFTWARE\amule-custom Deleted: [Key] - HKLM\SOFTWARE\pcv-var Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\VideoBox Deleted: [Key] - HKCU\Software\VideoBox Deleted: [Key] - HKLM\SOFTWARE\InterSect Alliance Deleted: [Key] - HKLM\SOFTWARE\msServer Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{59B5A9CD-253D-4C41-A073-B387D4C9672D} Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\C84E Deleted: [Key] - HKCU\Software\C84E Deleted: [Key] - HKLM\SOFTWARE\Speedownloader0099 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsTM Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{118B6258-BF13-47C9-8D46-B2A349196B5D} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B7CB7055-EFAE-4CD2-928A-15DB5F4FF7C7} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{51639FCA-678F-4D71-8044-E16E3D49187F} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C652C0A-EC71-4797-8077-F67649177AB0} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{97D2FBF4-72CF-4DD6-8DA8-26710BC7BE71} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{0757C9D8-D8A3-33F5-CEE2-11D09918BA8F} Deleted: [Value] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\Microsoft\Windows\CurrentVersion\Run|cacaoweb Deleted: [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cacaoweb Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iSafeSvc2.exe Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|WinSAPSvc Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|SNARER Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|Kitty Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|WANARE Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|SNAREA Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|BIT Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|3DM Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|VNASRE Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|CWASRE Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|CSHMDR Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|terana Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|glory Deleted: [Key] - HKCU\Software\Classes\Applications\interstatnogui.exe Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0187837F-FA61-437D-9647-EE1E86233276} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CBB7A1EB-D3C4-45A9-A5C9-EFB40A22BF7E} Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\WajIEnhance Deleted: [Key] - HKCU\Software\WajIEnhance Deleted: [Key] - HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 Deleted: [Key] - HKLM\SOFTWARE\BSD Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\BSD Deleted: [Key] - HKCU\Software\BSD Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\AppDataLow\Software\AppTrailers Deleted: [Key] - HKCU\Software\AppDataLow\Software\AppTrailers Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\win Deleted: [Key] - HKCU\Software\win Deleted: [Key] - HKU\.DEFAULT\Software\ByteFence Deleted: [Key] - HKU\S-1-5-18\Software\ByteFence Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\One System Care Deleted: [Key] - HKCU\Software\One System Care Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SOFTWARE\BSD Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\BSD Deleted: [Key] - HKCU\Software\BSD Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\System Healer Deleted: [Key] - HKCU\Software\System Healer Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\SwytShop Deleted: [Key] - HKCU\Software\SwytShop Deleted: [Key] - HKLM\SOFTWARE\ourluckysitesSoftware Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1 Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\MICROSOFT\wewewe Deleted: [Key] - HKCU\Software\MICROSOFT\wewewe Deleted: [Key] - HKLM\SOFTWARE\ScreenShot Deleted: [Key] - HKLM\SOFTWARE\Socia2Se Browser Enhancer Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SOFTWARE\Microleaves Deleted: [Key] - HKLM\SOFTWARE\AppApcVerifier Deleted: [Key] - HKLM\SOFTWARE\OtherSearch Deleted: [Key] - HKLM\SOFTWARE\startpageing123Software Deleted: [Key] - HKLM\SOFTWARE\ourluckysitesSoftware Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\PROPCCleanerLanguage Deleted: [Key] - HKCU\Software\PROPCCleanerLanguage Deleted: [Key] - HKLM\SOFTWARE\PRO PC Cleaner Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FB2562AA-86AA-46D2-94E0-7B66CD529D84} Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F7133DA9-AC20-49D3-A6F5-21451C524C9E} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Y2Go Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\Y2Go Deleted: [Key] - HKCU\Software\Y2Go Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\Interstatnogui Deleted: [Key] - HKCU\Software\Interstatnogui Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|WINSNARE Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 Deleted: [Key] - HKLM\SOFTWARE\HDWallpaper Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\Genius Deleted: [Key] - HKCU\Software\Genius Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} Deleted: [Key] - HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SOFTWARE\Soci2Sear Browser Enhancer Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\csastats Deleted: [Key] - HKCU\Software\csastats Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\PRODUCTSETUP Deleted: [Key] - HKCU\Software\PRODUCTSETUP Deleted: [Key] - HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\SpeeDownloader Deleted: [Key] - HKCU\Software\SpeeDownloader Deleted: [Key] - HKLM\SOFTWARE\mtPlusdax Deleted: [Key] - HKLM\SOFTWARE\PCVARK Deleted: [Key] - HKU\S-1-5-21-4197031219-1917498957-2016370213-1000\Software\PCVARK Deleted: [Key] - HKCU\Software\PCVARK Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Online Application\ Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\ Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\ ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** Plugin deleted: MSN Homepage & Bing Search Engine - Plugin deleted: Search Manager - ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [36685 B] - [2017/12/29 8:55:4] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########