# ------------------------------- # Malwarebytes AdwCleaner 8.0.9.0 # ------------------------------- # Build: 01-11-2021 # Database: 2021-01-11.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 01-18-2021 # Duration: 00:00:57 # OS: Windows 8.1 # Cleaned: 155 # Failed: 9 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Program Files (x86)\AlphaGo Deleted C:\Program Files (x86)\deskapp Deleted C:\Program Files (x86)\reports Deleted C:\ProgramData\wintools Deleted C:\Users\Byaku\AppData\Local\69FD9AD0-1428973723-81EB-3FFF-2025641ED10C Deleted C:\Users\Byaku\AppData\Local\69FD9AD0-1481973717-81EB-3FFF-2025641ED10C Deleted C:\Users\Byaku\AppData\Roaming\LDSGameCenter Deleted C:\Users\Byaku\AppData\Roaming\Softlink Deleted C:\Users\Byaku\AppData\Roaming\navplugin Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\aMule ***** [ Files ] ***** Deleted C:\Program Files (x86)\settings.dat Deleted C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Deleted C:\TOSTACK Deleted C:\Users\Byaku\AppData\Roaming\Config.xml Deleted C:\Users\Byaku\AppData\Roaming\Installer.dat Deleted C:\Users\Byaku\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BigFarm.lnk Deleted C:\Users\Byaku\AppData\Roaming\agent.dat Deleted C:\Users\Public\Documents\report.dat Deleted C:\Users\Public\Documents\temp.dat Deleted C:\Windows\System32\log\iSafeKrnlCall.log Deleted C:\Windows\Syswow64\kz.exe ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\SOFTWARE\999E65DE9074619A4E1C70ED8D4237D5 Deleted HKCU\Software\360WallPaper Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer Deleted HKCU\Software\MICROSOFT\OTUT Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bestpriceninja.com Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\eshopcomp.com Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.eshopcomp.com Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\qtipr.com Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\yeabd66.cc Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF} Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes|DoNotAskAgain Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|360wp-srv Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|svchost0 Deleted HKCU\Software\PopWnd Deleted HKCU\Software\QiLu Inc. Deleted HKCU\Software\UpgSvr Deleted HKCU\Software\dlr Deleted HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt Deleted HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt Deleted HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iSafeSvc2.exe Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SecureUpdater Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|ANSARE Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|CSHMDR Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|CWASRE Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|SANARE Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|SNAREA Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|VNASRE Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|WANARE Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|WINSNARE Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|glory Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|terana Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|KuaiZip Shell Extension Deleted HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot Deleted HKLM\Software\Classes\AppID\{3E0DB45B-9FCC-4064-B48C-080BD03A99A4} Deleted HKLM\Software\Classes\AppID\{C81BED3B-31BD-491F-813D-78EFC2638CE1} Deleted HKLM\Software\Classes\CLSID\{34B3C588-D06C-4F92-929C-2C3A0BC7F821} Deleted HKLM\Software\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E Deleted HKLM\Software\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E Deleted HKLM\Software\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} Deleted HKLM\Software\Classes\Interface\{BF8946CD-EEBE-436B-8282-B19A021C9EFE} Deleted HKLM\Software\Classes\Interface\{D8CB24E3-DDA3-4B7F-8BA3-871DB7D3D986} Deleted HKLM\Software\Classes\Interface\{F6DF4318-A699-4E88-BE1D-84F4A009B08A} Deleted HKLM\Software\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} Deleted HKLM\Software\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} Deleted HKLM\Software\Classes\TypeLib\{38DD0B4A-E4E0-4A57-99EE-DCCB185B4728} Deleted HKLM\Software\Classes\TypeLib\{45965C76-4C88-4512-9358-368483E1C3B1} Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes|DoNotAskAgain Deleted HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|DiskPower Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{1F91A9A1-01BA-4C81-863D-3BA0751E1419} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{4F622628-7632-4B28-B184-D7BA0CA3273B} Deleted HKLM\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb} Deleted HKLM\Software\Wow6432Node\999E65DE9074619A4E1C70ED8D4237D5 Deleted HKLM\Software\Wow6432Node\ScreenShot Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{3E0DB45B-9FCC-4064-B48C-080BD03A99A4} Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{C81BED3B-31BD-491F-813D-78EFC2638CE1} Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\ForeceRemove Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BF8946CD-EEBE-436B-8282-B19A021C9EFE} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{D8CB24E3-DDA3-4B7F-8BA3-871DB7D3D986} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{F6DF4318-A699-4E88-BE1D-84F4A009B08A} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{38DD0B4A-E4E0-4A57-99EE-DCCB185B4728} Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{45965C76-4C88-4512-9358-368483E1C3B1} Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF} Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Svchost|3DM Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Svchost|ArcherGroupEx Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Svchost|BIT Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Svchost|GubZLGroEx Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Svchost|GubedZLGroupEx Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Svchost|Kitty Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Svchost|WinSAPSvc Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Svchost|kuaizipupdatesvc Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Svchost|netsvcs - "GmSvc" Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Svchost|netsvcs - "HpSvc" Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Svchost|netsvcs - "WpSvc" Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{1F91A9A1-01BA-4C81-863D-3BA0751E1419} Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{51639FCA-678F-4D71-8044-E16E3D49187F} Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B7CB7055-EFAE-4CD2-928A-15DB5F4FF7C7} Deleted HKLM\Software\Wow6432Node\amule-custom Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\WdsManPro Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\mailUpdate Deleted HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer Deleted HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_ Deleted HKU\.DEFAULT\Software\UpgSvr Deleted HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer Deleted HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_ Deleted HKU\S-1-5-18\Software\UpgSvr Deleted HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF} Deleted HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF} ***** [ Chromium (and derivatives) ] ***** Deleted Search People - papbadoldddalgcjcicnikcfenodpghp Deleted bokijhalndhhhikpnaniimagniglonke Deleted dceidjjhomnclmfgflmjaomohekdgdgb Deleted fijhlnmmmgflacagjecncpmpnhjieggk ***** [ Chromium URLs ] ***** Deleted V9 Deleted luckysearches Not Deleted Google Not Deleted V9 Not Deleted V9 Not Deleted V9 Not Deleted istartsurf Not Deleted luckysearches Not Deleted nice Not Deleted nice Not Deleted nice ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [19036 octets] - [18/01/2021 16:35:29] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########