# ------------------------------- # Malwarebytes AdwCleaner 7.2.5.0 # ------------------------------- # Build: 11-26-2018 # Database: 2018-12-17.4 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 12-18-2018 # Duration: 00:01:25 # OS: Windows 10 Enterprise # Cleaned: 127 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Users\ASUS\AppData\Local\snare Deleted C:\Users\ASUS\AppData\Local\CSHMDR Deleted C:\Users\ASUS\AppData\Local\3DM Deleted C:\Users\ASUS\AppData\Local\CWASRE Deleted C:\Users\ASUS\AppData\Local\SNAREA Deleted C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC Deleted C:\Program Files (x86)\amulell Deleted C:\Users\ASUS\AppData\Local\SNARER Deleted C:\Users\ASUS\AppData\Roaming\SNARER Deleted C:\Users\ASUS\AppData\Roaming\WinSnare Deleted C:\Program Files\f09er35s Deleted C:\Program Files (x86)\WinArcher Deleted C:\Program Files (x86)\Terela Deleted C:\Program Files (x86)\Default Company Name Deleted C:\Users\ASUS\AppData\Roaming\Kyubey Deleted C:\ProgramData\FileFinder Deleted C:\Program Files (x86)\FileFinder Deleted C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\FileFinder Deleted C:\Program Files (x86)\Bookness Deleted C:\Users\ASUS\AppData\Local\Bookness Deleted C:\Program Files (x86)\WINSNARE(4.4.6) Deleted C:\Program Files (x86)\WINSNARE(4.1.1) Deleted C:\Program Files (x86)\WINSNARE(4.1.0) Deleted C:\Program Files (x86)\WINSNARE(4.0.9) Deleted C:\Program Files (x86)\WINSNARE(4.0.8) Deleted C:\Program Files (x86)\BikaQRss Deleted C:\Program Files (x86)\BikaQRssReader Deleted C:\Users\ASUS\AppData\Roaming\DRPSu Deleted C:\ProgramData\WinSAPSvc Deleted C:\Users\ASUS\AppData\Roaming\WinSAPSvc Deleted C:\ProgramData\FFinder LTD Deleted C:\Program Files (x86)\AlphaGo Deleted C:\Program Files (x86)\deskapp Deleted C:\Program Files (x86)\amuleCexx Deleted C:\Program Files (x86)\Gub Deleted C:\Program Files (x86)\Gubed Deleted C:\Users\ASUS\AppData\Roaming\aMule Deleted C:\Program Files (x86)\reports Deleted C:\Users\ASUS\AppData\Roaming\Firefox Deleted C:\ProgramData\wintools ***** [ Files ] ***** Deleted C:\Users\ASUS\Desktop\FileFinder.lnk Deleted C:\Program Files (x86)\settings.dat Deleted C:\Users\Public\Documents\cfg.ini Deleted C:\Users\Public\Documents\cc.ini Deleted C:\Users\Public\Documents\temp.dat Deleted C:\Users\Public\Documents\report.dat ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted C:\Windows\System32\Tasks\Windows-PG Deleted C:\Windows\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel Deleted C:\Windows\System32\Tasks\WinTOOL ***** [ Registry ] ***** Deleted HKCU\Software\deskapp Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13D7C2E9-08E7-4889-94FF-87E707184E53} Deleted HKLM\Software\Wow6432Node\{84416237-6490-494D-9AD6-4994DD978971} Deleted HKCU\Software\WinSnare Deleted HKLM\Software\Wow6432Node\WinArcher Deleted HKU\S-1-5-18\Software\jhdbca Deleted HKU\.DEFAULT\Software\jhdbca Deleted HKLM\Software\Wow6432Node\jhdbca Deleted HKLM\Software\jhdbca Deleted HKLM\Software\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS Deleted HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA2B96BF-4FAA-4F3C-B337-82F0AB9040E7} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA2B96BF-4FAA-4F3C-B337-82F0AB9040E7} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows-PG Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\snare Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\CSHMDR Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\CWASRE Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SNAREA Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SNARER Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\WinSnare Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FileFinder Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A90E9850-8EC2-4143-A709-71213BFE729B} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B78D244D-9140-4116-980D-843D91167B5D} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{09F412AD-B2B2-4BBE-9E29-50EB5D369168} Deleted HKCU\SOFTWARE\0260FC955F0104BF5C8DE44FE934A295 Deleted HKLM\Software\Wow6432Node\0260FC955F0104BF5C8DE44FE934A295 Deleted HKLM\SOFTWARE\0260FC955F0104BF5C8DE44FE934A295 Deleted HKLM\Software\Wow6432Node\amisitesSoftware Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{73493EDD-E1C7-4AAB-8B94-89673B434C62} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73493EDD-E1C7-4AAB-8B94-89673B434C62} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BikaQ_FetchAndUpgrade_CanBeDel Deleted HKCU\Software\drpsu Deleted HKLM\Software\Wow6432Node\drpsu Deleted HKLM\Software\Wow6432Node\FFinder LTD Deleted HKCU\Software\csastats Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{97D2FBF4-72CF-4DD6-8DA8-26710BC7BE71} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E1AF73C7-0C82-4D66-829E-16B29FBBF384} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2C652C0A-EC71-4797-8077-F67649177AB0} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{51639FCA-678F-4D71-8044-E16E3D49187F} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{118B6258-BF13-47C9-8D46-B2A349196B5D} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{56B2B28A-E663-4D28-84A3-3846068A7D63} Deleted HKLM\Software\InterSect Alliance Deleted HKLM\Software\Wow6432Node\amule-custom Deleted HKCU\Software\ICSW1.23 Deleted HKLM\Software\Wow6432Node\trotuxSoftware Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{007B805B-64FF-4A13-9A34-F24C5FBA5CCE} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{007B805B-64FF-4A13-9A34-F24C5FBA5CCE} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\Manager Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.amisites.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\amisites.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.amisites.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\amisites.com Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Default_Page_URL Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Start Page Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Search Page Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Default_Search_URL Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL Deleted HKCU\Software\PRODUCTSETUP Deleted HKLM\Software\Wow6432Node\ScreenShot Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2906ABE2-B9AA-4C44-970D-E8D46EF40FF7} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2906ABE2-B9AA-4C44-970D-E8D46EF40FF7} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinTOOL ***** [ Chromium (and derivatives) ] ***** Deleted Fast search Deleted Fast search Deleted Fast search ***** [ Chromium URLs ] ***** Deleted mystarting123 Deleted http://www.amisites.com/?type=hp&ts=1486116690&z=2b6ca1d2f842fed5ebce2d7g0zdb3qbg5g8qbq3beb&from=che0812&uid=TOSHIBAXMQ01ABD100_6648P2P7TXX6648P2P7T Deleted http://www.amisites.com/?type=hp&ts=1486116690&z=2b6ca1d2f842fed5ebce2d7g0zdb3qbg5g8qbq3beb&from=che0812&uid=TOSHIBAXMQ01ABD100_6648P2P7TXX6648P2P7T Deleted amisites Deleted Ask Deleted http://www.ourluckysites.com/?type=hp&ts=1492424243&z=e9a158aca1217439b90f4e4g8zat0oczaobz3o5z5c&from=che0812&uid=TOSHIBAXMQ01ABD100_6648P2P7TXX6648P2P7T Deleted http://www.ourluckysites.com/?type=hp&ts=1492424243&z=e9a158aca1217439b90f4e4g8zat0oczaobz3o5z5c&from=che0812&uid=TOSHIBAXMQ01ABD100_6648P2P7TXX6648P2P7T Deleted mystarting123 ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [13156 octets] - [18/12/2018 16:20:35] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########