# ------------------------------- # Malwarebytes AdwCleaner 7.2.7.0 # ------------------------------- # Build: 01-30-2019 # Database: 2019-01-31.3 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 02-03-2019 # Duration: 00:00:05 # OS: Windows 10 Home # Cleaned: 39 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\ProgramData\ByteFence Deleted C:\ProgramData\Mail.Ru Deleted C:\Program Files (x86)\Mail.Ru Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Mail.Ru Deleted C:\Users\tilla\AppData\Local\Mail.Ru Deleted C:\Users\tilla\AppData\Roaming\MaxiBuy Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxi Buy Deleted C:\Program Files (x86)\Maxi Buy ***** [ Files ] ***** Deleted C:\Users\tilla\Favorites\?????? ? ?????????.url Deleted C:\Users\tilla\Favorites\Mail.Ru.url ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted C:\Windows\System32\Tasks\MaxiBuy Deleted C:\Windows\System32\Tasks\MaxiBuy2 ***** [ Registry ] ***** Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1655C0CA-7AE7-4012-8502-970C8675E5F8 Deleted HKU\S-1-5-18\Software\ByteFence Deleted HKU\.DEFAULT\Software\ByteFence Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe Deleted HKCU\Software\csastats Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099} Deleted HKCU\Software\AppDataLow\Software\Mail.Ru Deleted HKCU\Software\Mail.Ru Deleted HKLM\Software\Wow6432Node\Mail.Ru Deleted HKCU\Software\Google\Chrome\NativeMessagingHosts\ru.mail.go.ext_info_host Deleted HKLM\Software\Classes\IESearchPlugin.MailRuBHO Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page Deleted HKLM\Software\Wow6432Node\SHMADDON Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MaxiBuy Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MaxiBuy Deleted HKCU\Software\MaxiBuy Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{716D2234-E822-4AB0-874A-1DD7F75047DB}_is1 Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3370CDD6-F48E-4696-8B5C-9C8D84BBD493} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MaxiBuy Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE11E89F-5277-4991-83D4-B660AB70B728} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE11E89F-5277-4991-83D4-B660AB70B728} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MaxiBuy2 ***** [ Chromium (and derivatives) ] ***** Deleted ????? Deleted Maxi Buy ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1242 octets] - [13/05/2018 22:47:19] AdwCleaner[C00].txt - [1367 octets] - [13/05/2018 22:47:52] AdwCleaner[S01].txt - [4792 octets] - [03/02/2019 19:00:33] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########