# ------------------------------- # Malwarebytes AdwCleaner 7.1.0.0 # ------------------------------- # Build: 04-12-2018 # Database: 2018-04-11.1 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 04-24-2018 # Duration: 00:00:23 # OS: Windows 10 Home # Cleaned: 171 # Failed: 0 ***** [ Services ] ***** Deleted 26c01a4a83ca01afa9a3a81d3f0e10bb Deleted pgt_svc ***** [ Folders ] ***** Deleted C:\Users\ASUS\AppData\Local\SearchProtect Deleted C:\ProgramData\Voyasollams Deleted C:\Program Files\B6E2FCC0D45E1919A8FB939CD87C58DA Deleted C:\Users\ASUS\AppData\Roaming\gplyra Deleted C:\Program Files (x86)\FastDataX Deleted C:\Users\ASUS\AppData\Roaming\FastDataX Deleted C:\Users\ASUS\AppData\Roaming\Fifth Deleted C:\ProgramData\yahoochrome_D Deleted C:\Users\ASUS\AppData\Roaming\1H1Q Deleted C:\Program Files (x86)\77zip Deleted C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\77zip Deleted C:\Windows\Syswow64\SSL Deleted C:\Program Files (x86)\RelevantKnowledge Deleted C:\Users\ASUS\AppData\Roaming\OfferMosquito Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care Deleted C:\Users\ASUS\AppData\Roaming\One System Care Deleted C:\Program Files (x86)\OneSystemCare Deleted C:\Users\ASUS\AppData\Roaming\OneSystemCare Deleted C:\Program Files (x86)\ProxyGate Deleted C:\Users\ASUS\AppData\Local\simple_new_tab Deleted C:\Program Files\Enigma Software Group Deleted C:\Program Files (x86)\SystemHealer Deleted C:\Users\ASUS\AppData\Roaming\SystemHealer Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer Deleted C:\Users\ASUS\AppData\Roaming\System Healer Deleted C:\ProgramData\apn Deleted C:\Users\ASUS\AppData\Roaming\WidModule ***** [ Files ] ***** Deleted C:\Windows\System32\drivers\26C01A4A83CA01AFA9A3A81D3F0E10BB.SYS Deleted C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\1n3bhbfq.default\searchplugins\findit.xml Deleted C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\1n3bhbfq.default\searchplugins\yahoo_ff.xml Deleted C:\Users\ASUS\appdata\local\installationconfiguration.xml Deleted C:\END Deleted C:\Users\ASUS\AppData\Local\Main.dat ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ***** [ Tasks ] ***** Deleted C:\Windows\System32\Tasks\Fifth Deleted C:\Windows\System32\Tasks\OMESupervisor ***** [ Registry ] ***** Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 Deleted HKCU\Software\mtVoyasollam Deleted HKLM\Software\Wow6432Node\mtVoyasollam Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b6e2fcc0d45e1919a8fb939cd87c58da Deleted HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4218804898-3349578849-4166337365-1001\Software\Mega Browse Deleted HKCU\Software\Mega Browse Deleted HKLM\Software\Wow6432Node\Mega Browse Deleted HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|BrowserWeb.exe Deleted HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|BrowserWeb.exe Deleted HKCU\Software\AppDataLow\Software\DynConIE Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastDataX_is1 Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Fifth Deleted HKCU\Software\csastats Deleted HKCU\Software\TeleCharger Deleted HKCU\Software\Snoozer Deleted HKCU\Software\AppDataLow\Software\adawarebp Deleted HKCU\Software\Video Player Deleted HKLM\Software\Wow6432Node\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Voyasollam.exe Deleted HKU\S-1-5-18\Environment|SNP Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD|BackgroundHost.exe Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|BackgroundHost.exe Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD|BackgroundHost64.exe Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|BackgroundHost64.exe Deleted HKLM\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\MPCBContextMenu Deleted HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249} Deleted HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5} Deleted HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6} Deleted HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C} Deleted HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501} Deleted HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E} Deleted HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90} Deleted HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D} Deleted HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7} Deleted HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D} Deleted HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91} Deleted HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438} Deleted HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85} Deleted HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{8DAA9564-C7BF-43E1-ADB9-17B44DA980A6} Deleted HKCU\Software\Classes\TypeLib\{B83C16AE-3C3D-5362-85D6-D19F9FB51262} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5C2DD58F-613F-4580-8AC0-F10D760AF938} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C2DD58F-613F-4580-8AC0-F10D760AF938} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C2DD58F-613F-4580-8AC0-F10D760AF938} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{5C2DD58F-613F-4580-8AC0-F10D760AF938} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{F03955F1-309E-34E9-A021-1399C3532273} Deleted HKLM\Software\Classes\CLSID\{F03955F1-309E-34E9-A021-1399C3532273} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000F} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000F} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000E} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000E} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000D} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000D} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000C} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000C} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000B} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000B} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000A} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D0000A} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00009} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00009} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00008} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00008} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00007} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00007} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00006} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00006} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00005} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00005} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00004} Deleted HKLM\Software\Classes\CLSID\{EBC25CF6-9120-4283-B972-0E5520D00004} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{BEEA930F-CD8A-341E-B6B5-5BAF659685D5} Deleted HKLM\Software\Classes\CLSID\{BEEA930F-CD8A-341E-B6B5-5BAF659685D5} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{4529EB14-6B38-3CC4-9504-6EAB6C9E1255} Deleted HKLM\Software\Classes\CLSID\{4529EB14-6B38-3CC4-9504-6EAB6C9E1255} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{3070CF0C-F396-3DCA-87D6-9DBF3D77B610} Deleted HKLM\Software\Classes\CLSID\{3070CF0C-F396-3DCA-87D6-9DBF3D77B610} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{2097A1B6-E86A-4072-A32D-2249A3ECBC5A} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{2097A1B6-E86A-4072-A32D-2249A3ECBC5A} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{2097A1B6-E86A-4072-A32D-2249A3ECBC5A} Deleted HKLM\Software\Classes\CLSID\{2097A1B6-E86A-4072-A32D-2249A3ECBC5A} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} Deleted HKLM\Software\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\Application Hosting Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.fbdownloader.com Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fbdownloader.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pckeeper.software Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\land.pckeeper.software Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pckeeper.software Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\land.pckeeper.software Deleted HKLM\Software\Wow6432Node\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH Deleted HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\MPCBContextMenu Deleted HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4218804898-3349578849-4166337365-1001\Software\mysearchdial Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mysearchdial Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\E3605470-291B-44EB-8648-745EE356599A Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OMESupervisor Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OneSystemCare_is1 Deleted HKCU\Software\One System Care Deleted HKCU\Software\PRODUCTSETUP Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1 Deleted HKU\.DEFAULT\Environment|SNP Deleted HKCU\Software\SimpleNewTab Deleted HKCU\Software\Softonic Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.softonic.fr Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.fr Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\rapidos.softonic.fr Deleted HKCU\Software\AppDataLow\Software\Slick Savings Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAE9BEC8-4723-4347-AFC6-25EE3326BA5B} Deleted HKLM\Software\EnigmaSoftwareGroup Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SystemHealer_is1 Deleted HKCU\Software\System Healer Deleted HKLM\Software\Wow6432Node\SrcAAAesom Browser Enhancer Deleted HKLM\Software\SrcAAAesom Browser Enhancer Deleted HKCU\Software\WajIEnhance Deleted HKLM\Software\Wow6432Node\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 Deleted HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 Deleted HKLM\Software\texttotalk ***** [ Chromium (and derivatives) ] ***** Deleted Quick Searcher ***** [ Chromium URLs ] ***** Deleted https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkGStHC4wmTIB36aAZL9J-XPJaHKaFaunp5ZifwvEKVkaiP-FSOanIALMUVNct6ml4ceDu-J9HB3LFdzsAmlvGoyMJ81iIqttxduFDETWiMmx7uYWoHiyKPG113YMb4pppVJtZ_z-PEUm8-89_DE-B1cg_EIm5ZHA3lVCoJLCQ,, Deleted WebSearch ***** [ Firefox (and derivatives) ] ***** Deleted Simple New Tab Deleted Slick Savings Deleted Start Page Deleted MySearchDial ***** [ Firefox URLs ] ***** Deleted C:\ProgramData\Voyasollams\ff.HP ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########