# AdwCleaner 7.0.5.0 - Logfile created on Sun Dec 10 10:17:48 2017 # Updated on 2017/29/11 by Malwarebytes # Running on Windows 7 Professional (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\Windows\System32\\SSL Deleted: C:\Windows\SysWOW64\\SSL Deleted: C:\Users\C-3PO\AppData\Roaming\Event Monitor Deleted: C:\Program Files\Common Files\Noobzo Deleted: C:\Users\C-3PO\AppData\Local\AdvinstAnalytics Deleted: C:\ProgramData\Logic Cramble Deleted: C:\ProgramData\Application Data\Logic Cramble Deleted: C:\Users\All Users\Logic Cramble Deleted: C:\Users\C-3PO\AppData\Local\AppTrailers Deleted: C:\Users\C-3PO\AppData\Roaming\gplyra Deleted: C:\Users\C-3PO\AppData\Local\AdService Deleted: C:\ProgramData\SearchModule Deleted: C:\ProgramData\Application Data\SearchModule Deleted: C:\Users\All Users\SearchModule Deleted: C:\Program Files (x86)\ProxyGate Deleted: C:\ProgramData\Quoteex Deleted: C:\ProgramData\Application Data\Quoteex Deleted: C:\Users\All Users\Quoteex Deleted: C:\ProgramData\Microleaves Deleted: C:\ProgramData\Application Data\Microleaves Deleted: C:\Users\All Users\Microleaves Deleted: C:\Users\C-3PO\AppData\Roaming\Microleaves Deleted: C:\Windows\\rss Deleted: C:\Program Files (x86)\thzXuJvjU Deleted: C:\Program Files (x86)\QYERbvxRHIE Deleted: C:\Program Files (x86)\GXZiGyYLSHyU2 Deleted: C:\Program Files (x86)\dCHHaxjOpqUn Deleted: C:\Program Files (x86)\SoftUpgrade Deleted: C:\Users\C-3PO\AppData\Roaming\Interstatnogui Deleted: C:\ProgramData\Quoteexs Deleted: C:\ProgramData\Application Data\Quoteexs Deleted: C:\Users\All Users\Quoteexs Deleted: C:\ProgramData\Quoteex Deleted: C:\ProgramData\Application Data\Quoteex Deleted: C:\Users\All Users\Quoteex Deleted: C:\Program Files (x86)\pccleanplus Deleted: C:\Program Files (x86)\bnsplayer Deleted: C:\Users\C-3PO\AppData\Roaming\NETCTL Deleted: C:\Users\C-3PO\AppData\Roaming\EpicNet Inc Deleted: C:\Users\C-3PO\AppData\Roaming\EpicNet Inc. Deleted: C:\Program Files\8c023e14d62cc32fcaee500b3f1fb4dd Deleted: C:\Program Files\02680e8d0cce57b8df28f1837c040670 Deleted: C:\Program Files\1c18ce34ae7044639b6f5760fa2e9576 Deleted: C:\Program Files\cdcce8892ce1e0817ee80313066dd4e8 Deleted: C:\ProgramData\65157148-1c93-1 Deleted: C:\ProgramData\65157148-2ae1-1 Deleted: C:\ProgramData\65157148-6247-0 Deleted: C:\ProgramData\db0cab8c-19c5-1 Deleted: C:\ProgramData\db0cab8c-3067-0 Deleted: C:\ProgramData\db0cab8c-3dd7-1 ***** [ Files ] ***** Deleted: C:\Users\C-3PO\AppData\Local\Main.dat Deleted: C:\END Deleted: C:\Windows\SysNative\drivers\Lace_wpf_x64.sys Deleted: C:\Windows\System32\config\systemprofile\appdata\local\installationconfiguration.xml Deleted: C:\Users\C-3PO\appdata\local\installationconfiguration.xml Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\PO.DB Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\PO.DB Deleted: C:\Users\C-3PO\AppData\Local\PO.DB Deleted: C:\Users\C-3PO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk Deleted: C:\Windows\System32\findit.xml Deleted: C:\Windows\SysWOW64\findit.xml Deleted: C:\Users\C-3PO\AppData\Local\uninstallce.exe ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted: FastDataX Task Deleted: SystemHealer Run Delay Deleted: PC Clean Plus ***** [ Registry ] ***** Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pccleanplus.com Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\plarium.com Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\utop.it Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.pccleanplus.com Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d22j4fzzszoii2.cloudfront.net Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\CoinisRevShare Deleted: [Key] - HKCU\Software\CoinisRevShare Deleted: [Key] - HKLM\SOFTWARE\PC Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\PC Deleted: [Key] - HKCU\Software\PC Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154} Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154} Deleted: [Key] - HKCU\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154} Deleted: [Key] - HKLM\SOFTWARE\Event Monitor Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Event Monitor Deleted: [Key] - HKCU\Software\Event Monitor Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2} Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2} Deleted: [Key] - HKCU\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2} Deleted: [Key] - HKLM\SOFTWARE\Speedownloader0099 Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Speedownloader0099 Deleted: [Key] - HKCU\Software\Speedownloader0099 Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\NetCtl Deleted: [Key] - HKCU\Software\NetCtl Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC} Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2} Deleted: [Key] - HKCU\Software\Classes\Applications\interstatnogui.exe Deleted: [Key] - HKU\.DEFAULT\Software\WajIEnhance Deleted: [Key] - HKU\S-1-5-18\Software\WajIEnhance Deleted: [Key] - HKLM\SOFTWARE\SrcAAAesom Browser Enhancer Deleted: [Key] - HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\AppDataLow\Software\AppTrailers Deleted: [Key] - HKCU\Software\AppDataLow\Software\AppTrailers Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gplyra Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bytefence.com Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\fr.bytefence.com Deleted: [Key] - HKU\.DEFAULT\Software\ByteFence Deleted: [Key] - HKU\S-1-5-18\Software\ByteFence Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\msaver Deleted: [Key] - HKCU\Software\msaver Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\FastDataX Deleted: [Key] - HKCU\Software\FastDataX Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb} Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb} Deleted: [Key] - HKCU\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb} Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|AdsServiceGroup Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\System Healer Deleted: [Key] - HKCU\Software\System Healer Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Hotspot Deleted: [Key] - HKCU\Software\Hotspot Deleted: [Key] - HKLM\SOFTWARE\SearchModule Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Amigo Deleted: [Key] - HKCU\Software\Amigo Deleted: [Key] - HKLM\SOFTWARE\mtQuoteex Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\mtQuoteex Deleted: [Key] - HKCU\Software\mtQuoteex Deleted: [Key] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe Deleted: [Key] - HKLM\SOFTWARE\OtherSearch Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Interstatnogui Deleted: [Key] - HKCU\Software\Interstatnogui Deleted: [Key] - HKLM\SOFTWARE\Jawego Deleted: [Key] - HKLM\SOFTWARE\mtQuoteex Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\mtQuoteex Deleted: [Key] - HKCU\Software\mtQuoteex Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\119 Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\119 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\PrAmNP Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Microsoft\PrAmNP Deleted: [Key] - HKCU\Software\Microsoft\PrAmNP Deleted: [Key] - HKLM\SOFTWARE\Microsoft\PrIncub Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} Deleted: [Key] - HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\csastats Deleted: [Key] - HKCU\Software\csastats Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\PRODUCTSETUP Deleted: [Key] - HKCU\Software\PRODUCTSETUP Deleted: [Key] - HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\EpicNet Inc. Deleted: [Key] - HKCU\Software\EpicNet Inc. Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|AdsServiceGroup Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Etsy Deleted: [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Microsoft\Etsy Deleted: [Key] - HKCU\Software\Microsoft\Etsy ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [14626 B] - [2017/12/9 18:30:6] C:/AdwCleaner/AdwCleaner[S1].txt - [13488 B] - [2017/12/10 10:15:29] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########