# ------------------------------- # Malwarebytes AdwCleaner 7.2.0.0 # ------------------------------- # Build: 06-05-2018 # Database: 2018-06-11.1 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 06-12-2018 # Duration: 00:00:05 # OS: Windows 10 Home # Cleaned: 171 # Failed: 0 ***** [ Services ] ***** Deleted saiyitechnology Deleted WNetworkMgmt Deleted MicroService ***** [ Folders ] ***** Deleted C:\Users\Mariusz\AppData\Local\XService Deleted C:\ProgramData\Quoteexs Deleted C:\ProgramData\Logic Cramble Deleted C:\Users\Mariusz\AppData\Local\cypjMERAky Deleted C:\Program Files (x86)\Microleaves Deleted C:\Users\Mariusz\AppData\Roaming\Microleaves Deleted C:\Users\Mariusz\AppData\Roaming\IObit\Advanced SystemCare Deleted C:\ProgramData\ByteFence Deleted C:\Program Files (x86)\FastDataX Deleted C:\Users\Mariusz\AppData\Roaming\FastDataX Deleted C:\ProgramData\IObit\ASCDownloader Deleted C:\Users\Mariusz\AppData\Local\AdvinstAnalytics Deleted C:\ProgramData\yahoochrome_D Deleted C:\Users\Public\Documents\Downloaded Installers Deleted C:\Users\Mariusz\AppData\Local\avg web tuneup Deleted C:\Users\Mariusz\AppData\LocalLow\avg web tuneup Deleted C:\Users\Mariusz\AppData\Roaming\GoldenGate Deleted C:\ProgramData\Quoteex Deleted C:\Users\Mariusz\AppData\Local\Packages\windows_ie_ac_001\AC\AVG Web TuneUp Deleted C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} Deleted C:\Users\Mariusz\AppData\Local\slimware utilities inc Deleted C:\Windows\Temp\Smartbar Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinThruster Deleted C:\Program Files (x86)\WinThruster Deleted C:\Users\Mariusz\AppData\Roaming\Solvusoft Deleted C:\Users\Mariusz\AppData\Roaming\SystemHealer Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer Deleted C:\Users\Mariusz\AppData\Roaming\System Healer Deleted C:\ProgramData\Microsoft\Windows\WNetworkMgmt Deleted C:\Users\Mariusz\AppData\Roaming\WidModule ***** [ Files ] ***** Deleted C:\Users\Mariusz\appdata\local\installationconfiguration.xml Deleted C:\Windows\System32\drivers\swdumon.sys Deleted C:\Users\Mariusz\AppData\Local\Main.dat Deleted C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} Deleted C:\Windows\System32\roboot64.exe Deleted C:\Users\Public\Desktop\WinThruster.lnk Deleted C:\Windows\SysWOW64\findit.xml ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted C:\Windows\System32\Tasks\XLqsfoKFUKuTqG Deleted C:\Windows\System32\Tasks\rArHIXNWKfbeRtR2 Deleted C:\Windows\System32\Tasks\KnPQHVchzdGfrlHaz2 Deleted C:\Windows\System32\Tasks\TdqeVjasHzsikvrWtEm2 Deleted C:\Windows\Tasks\Online Application V2G5.job Deleted C:\Windows\System32\Tasks\Online Application V2G5 Deleted C:\Windows\Tasks\Online Application V2G4.job Deleted C:\Windows\System32\Tasks\Online Application V2G4 Deleted C:\Windows\Tasks\Online Application V2G6.job Deleted C:\Windows\System32\Tasks\Online Application V2G6 Deleted C:\Windows\System32\Tasks\{DB743FC9-7CA7-42E8-9D6D-5908C374DE01} Deleted C:\Windows\System32\Tasks\ErrorFixKIT Deleted C:\Windows\System32\Tasks\Driver Booster Scheduler Deleted C:\Windows\Tasks\Online Application V2G2.job Deleted C:\Windows\System32\Tasks\Online Application V2G2 Deleted C:\Windows\Tasks\Online Application V2G3.job Deleted C:\Windows\System32\Tasks\Online Application V2G3 Deleted C:\Windows\Tasks\Online Application V2G1.job Deleted C:\Windows\System32\Tasks\Online Application V2G1 Deleted C:\Windows\System32\Tasks\SVC Update Deleted C:\Windows\Tasks\Updater_Online_Application.job Deleted C:\Windows\System32\Tasks\Updater_Online_Application Deleted C:\Windows\System32\Tasks\System Healer Monitor ***** [ Registry ] ***** Deleted HKLM\Software\MICROSOFT\TechnologyDesktopnew Deleted HKLM\SOFTWARE\MICROSOFT\Speedycar Deleted HKLM\Software\Wow6432Node\mtQuoteex Deleted HKLM\Software\Wow6432Node\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe Deleted HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs - "_C:\PROGRA~3\Quoteex\Kontam.dll" Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs - "C:\ProgramData\Quoteex\Dripdom.dll" Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Deleted HKLM\Software\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{386F005E-F323-4EAC-96ED-2827BB8D382C} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{386F005E-F323-4EAC-96ED-2827BB8D382C} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\XLqsfoKFUKuTqG Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C5DEFE5-494E-4D95-AD1A-E5274B386F6F} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\rArHIXNWKfbeRtR2 Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EDC0C1E-B092-4415-B567-13F6F6AC87B8} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KnPQHVchzdGfrlHaz2 Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F26E76A-E880-44A7-ABA2-3FB458EC1BB9} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TdqeVjasHzsikvrWtEm2 Deleted HKLM\Software\Wow6432Node\Microleaves Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29424267-9C18-439C-90B1-AD5D6B6BDBCE} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29424267-9C18-439C-90B1-AD5D6B6BDBCE} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G5 Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2995EAA-6389-4B27-B736-F1842F5E288E} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2995EAA-6389-4B27-B736-F1842F5E288E} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4 Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFDD9527-77C5-4236-BA35-38512A5C18EA} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFDD9527-77C5-4236-BA35-38512A5C18EA} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6 Deleted HKLM\Software\RunBooster Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DB743FC9-7CA7-42E8-9D6D-5908C374DE01} Deleted HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2384729773-2530975304-3792660739-1002\Software\FindRight Deleted HKU\S-1-5-18\Software\ByteFence Deleted HKU\.DEFAULT\Software\ByteFence Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pl.bytefence.com Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bytefence.com Deleted HKCU\Software\Reg\Clean Deleted HKLM\Software\Wow6432Node\Reg\Clean Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DE798C0-0800-4208-92D6-3CA29E604AB3} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ErrorFixKIT Deleted HKCU\Software\FastDataX Deleted HKCU\Software\csastats Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Slick Savings Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|SearchSettings Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|pricefountainw.exe Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Browser Extensions Deleted HKCU\Software\AVG Tuneup Deleted HKLM\Software\Wow6432Node\AVG Tuneup Deleted HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I Deleted HKCU\Software\dobreprogramy Deleted HKCU\Software\GoldenGate Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} Deleted HKLM\Software\Wow6432Node\Google\Chrome\NativeMessagingHosts\avgsh Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{38DD0B4A-E4E0-4A57-99EE-DCCB185B4728} Deleted HKLM\Software\Classes\TypeLib\{38DD0B4A-E4E0-4A57-99EE-DCCB185B4728} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} Deleted HKLM\Software\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB4655B7-EA52-4CBD-975E-5FEB81C82A61} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{278A92E4-CA5C-4977-A2CB-2E279F0EAEE4} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{278A92E4-CA5C-4977-A2CB-2E279F0EAEE4} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2 Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11819A47-C8B7-428C-B715-0A500BE64895} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11819A47-C8B7-428C-B715-0A500BE64895} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3 Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07BF28C5-36AD-402F-822D-DC5C68DD4268} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07BF28C5-36AD-402F-822D-DC5C68DD4268} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1 Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5E50027-E825-4D43-92C9-50C10EA2BEF1} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5E50027-E825-4D43-92C9-50C10EA2BEF1} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SVC Update Deleted HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe Deleted HKLM\Software\Wow6432Node\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014} Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A Deleted HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A Deleted HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A99657D-87C5-488F-AE4E-110CCFAD0119} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A99657D-87C5-488F-AE4E-110CCFAD0119} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application Deleted HKCU\Software\PRODUCTSETUP Deleted HKCU\Environment|SNP Deleted HKCU\Environment|SNF Deleted HKCU\Software\SlimWare Utilities Inc Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sumo-paint.softonic.pl Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.pl Deleted HKCU\Software\Solvusoft Deleted HKLM\Software\Wow6432Node\Solvusoft Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Deleted HKCU\Software\System Healer Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE0D2B29-C9BF-42D8-BEE2-1FA32341ACBB} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Healer Monitor Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\WindowsProtectManger Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinThruster_is1 Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{D42C3A49-ABAF-464B-BBCE-991C3DD395E8} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} Deleted HKLM\Software\Classes\CLSID\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} Deleted HKCU\Software\WidModule ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [18385 octets] - [12/06/2018 22:42:28] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########