# ------------------------------- # Malwarebytes AdwCleaner 7.1.0.0 # ------------------------------- # Build: 04-12-2018 # Database: 2018-04-11.1 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 04-13-2018 # Duration: 00:00:17 # OS: Windows 10 Pro # Cleaned: 169 # Failed: 6 ***** [ Services ] ***** Deleted NativeDesktopMediaService Deleted mweshieldup Deleted mweshield ***** [ Folders ] ***** Not Deleted C:\Users\Gert Jan \AppData\Roaming\notepad3k Deleted C:\Users\Gert Jan \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\notepad3k Deleted C:\ProgramData\{6EDC6FC7-212C-1} Deleted C:\ProgramData\{4F930FD6-412C-1} Deleted C:\ProgramData\{3E36720B-712C-1} Deleted C:\ProgramData\{3BFE1EE3-712C-1} Deleted C:\ProgramData\{25B20D3C-712C-0} Deleted C:\ProgramData\{1F7B43A0-612C-0} Deleted C:\ProgramData\{1EF357A1-612C-0} Deleted C:\ProgramData\{1BA95240-212C-0} Deleted C:\ProgramData\68BC8E78 Deleted C:\ProgramData\3CF86374-7D71-1 Deleted C:\ProgramData\3CF86374-7BA7-0 Deleted C:\ProgramData\3CF86374-7B41-0 Deleted C:\ProgramData\3CF86374-79F3-0 Deleted C:\ProgramData\3CF86374-7941-1 Deleted C:\ProgramData\3CF86374-74E5-1 Deleted C:\ProgramData\3CF86374-6E21-0 Deleted C:\ProgramData\3CF86374-6E05-0 Deleted C:\ProgramData\3CF86374-6C77-0 Deleted C:\ProgramData\3CF86374-6A57-0 Deleted C:\ProgramData\3CF86374-6407-0 Deleted C:\ProgramData\3CF86374-6271-1 Deleted C:\ProgramData\3CF86374-6017-1 Deleted C:\ProgramData\3CF86374-5ED7-0 Deleted C:\ProgramData\3CF86374-5E53-0 Deleted C:\ProgramData\3CF86374-59E7-0 Deleted C:\ProgramData\3CF86374-55A7-1 Deleted C:\ProgramData\3CF86374-5411-1 Deleted C:\ProgramData\3CF86374-51E1-0 Deleted C:\ProgramData\3CF86374-4E55-1 Deleted C:\ProgramData\3CF86374-4D01-0 Deleted C:\ProgramData\3CF86374-4787-0 Deleted C:\ProgramData\3CF86374-4737-1 Deleted C:\ProgramData\3CF86374-4685-1 Deleted C:\ProgramData\3CF86374-4561-1 Deleted C:\ProgramData\3CF86374-42B7-0 Deleted C:\ProgramData\3CF86374-42A7-0 Deleted C:\ProgramData\3CF86374-4105-0 Deleted C:\ProgramData\3CF86374-3D63-1 Deleted C:\ProgramData\3CF86374-3CC3-0 Deleted C:\ProgramData\3CF86374-3BF1-0 Deleted C:\ProgramData\3CF86374-38A3-1 Deleted C:\ProgramData\3CF86374-3793-0 Deleted C:\ProgramData\3CF86374-3635-0 Deleted C:\ProgramData\3CF86374-35E7-1 Deleted C:\ProgramData\3CF86374-3471-0 Deleted C:\ProgramData\3CF86374-3447-0 Deleted C:\ProgramData\3CF86374-3155-1 Deleted C:\ProgramData\3CF86374-2F53-0 Deleted C:\ProgramData\3CF86374-2917-1 Deleted C:\ProgramData\3CF86374-2713-0 Deleted C:\ProgramData\3CF86374-2235-1 Deleted C:\ProgramData\3CF86374-2043-1 Deleted C:\ProgramData\3CF86374-2027-1 Deleted C:\ProgramData\3CF86374-17D7-0 Deleted C:\ProgramData\3CF86374-14E5-1 Deleted C:\ProgramData\3CF86374-1423-1 Deleted C:\ProgramData\3CF86374-1315-0 Deleted C:\ProgramData\3CF86374-1077-0 Deleted C:\ProgramData\3CF86374-0C37-1 Deleted C:\ProgramData\3CF86374-08C3-0 Deleted C:\ProgramData\3CF86374-0887-1 Deleted C:\ProgramData\3CF86374-06D7-1 Deleted C:\ProgramData\3CF86374-0545-1 Deleted C:\ProgramData\3CF86374-04C5-1 Deleted C:\ProgramData\3CF86374-03C7-0 Deleted C:\ProgramData\3CF86374-0195-1 Deleted C:\ProgramData\3CF86374-0185-1 Deleted C:\ProgramData\39E0E970-5FE1-0 Deleted C:\ProgramData\39E0E970-5581-1 Deleted C:\ProgramData\39E0E970-5141-1 Deleted C:\ProgramData\39E0E970-5063-1 Deleted C:\ProgramData\39E0E970-45A3-0 Deleted C:\ProgramData\39E0E970-2607-0 Deleted C:\ProgramData\39E0E970-22C1-0 Deleted C:\ProgramData\39E0E970-2241-1 Deleted C:\ProgramData\39E0E970-1267-0 Deleted C:\ProgramData\IObit\Advanced SystemCare Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare Deleted C:\Users\Gert Jan \AppData\LocalLow\IObit\Advanced SystemCare Deleted C:\ProgramData\Jetmedia Deleted C:\Program Files\Jetmedia Deleted C:\ProgramData\IObit\ASCDownloader Deleted C:\ProgramData\Mail.Ru Deleted C:\Program Files (x86)\Mail.Ru Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Mail.Ru Deleted C:\Users\Gert Jan \AppData\Local\Mail.Ru Deleted C:\Program Files\My Web Shield Deleted C:\Users\Gert Jan \AppData\Roaming\OneSystemCare Deleted C:\Program Files (x86)\Smart Application Controller Deleted C:\Users\Gert Jan \AppData\Roaming\Smart Application Controller ***** [ Files ] ***** Deleted C:\Windows\System32\REGISTRYDEFRAGBOOTTIME.EXE Deleted C:\Users\Gert Jan \Favorites\Mail.Ru ????? - ????????? ??? ???????!.url Deleted C:\Users\Gert Jan \Favorites\Mail.Ru.url Deleted C:\Windows\System32\drivers\mwescontroller.sys Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manager.lnk ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted C:\Windows\System32\Tasks\Checker64 Deleted C:\Windows\System32\Tasks\OneSystemCare Task ***** [ Registry ] ***** Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Deleted HKLM\Software\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|notepad3k Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\notepad3k Deleted HKCU\Software\notepad3k Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68bc8e78} Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector Deleted HKCU\Software\IObit\Advanced SystemCare Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare Deleted HKLM\Software\Wow6432Node\IOBIT\ASC Deleted HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare Deleted HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare Deleted HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare Deleted HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B} Deleted HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99} Deleted HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99} Deleted HKLM\Software\Wow6432Node\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E Deleted HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E Deleted HKLM\Software\Wow6432Node\Jetmedia Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Checker64 Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 10 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\mweshield Deleted HKLM\Software\mweshield Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{D5397E85-8AF4-414B-90FC-9F4244CD46FA} Deleted HKLM\Software\Classes\TypeLib\{D5397E85-8AF4-414B-90FC-9F4244CD46FA} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{CCA2A357-CCB4-41C9-B6F5-4F202B8CDC82} Deleted HKLM\Software\Classes\TypeLib\{CCA2A357-CCB4-41C9-B6F5-4F202B8CDC82} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{B910D9A1-9F21-484A-8650-82250DABF38E} Deleted HKLM\Software\Classes\Interface\{B910D9A1-9F21-484A-8650-82250DABF38E} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{B28F9114-243E-4046-B173-11825352D18A} Deleted HKLM\Software\Classes\Interface\{B28F9114-243E-4046-B173-11825352D18A} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{C81BED3B-31BD-491F-813D-78EFC2638CE1} Deleted HKLM\Software\Classes\AppID\{C81BED3B-31BD-491F-813D-78EFC2638CE1} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{3E0DB45B-9FCC-4064-B48C-080BD03A99A4} Deleted HKLM\Software\Classes\AppID\{3E0DB45B-9FCC-4064-B48C-080BD03A99A4} Deleted HKLM\Software\Classes\CLSID\{35F4BB37-03C5-41DE-85AF-7C301390C7EC} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099} Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c981894e-c8ac-4446-86a5-f810d9994235}|NameServer - "82.163.143.176" Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c981894e-c8ac-4446-86a5-f810d9994235}|DhcpNameServer - "82.163.143.176" Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c06f4903-413e-49d6-8880-dff800db7ddb}|NameServer - "82.163.143.176" Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c06f4903-413e-49d6-8880-dff800db7ddb}|DhcpNameServer - "82.163.143.176" Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{777ebc06-dfd8-4c3a-88f5-ada87c45f4c3}|NameServer - "82.163.143.176" Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5cf2ef7c-b538-43f3-8cad-ec8c87273ecd}|NameServer - "82.163.143.176" Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5cf2ef7c-b538-43f3-8cad-ec8c87273ecd}|DhcpNameServer - "82.163.143.176" Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters|NameServer - "82.163.143.176" Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c981894e-c8ac-4446-86a5-f810d9994235}|NameServer - "82.163.142.178" Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c06f4903-413e-49d6-8880-dff800db7ddb}|NameServer - "82.163.142.178" Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{777ebc06-dfd8-4c3a-88f5-ada87c45f4c3}|NameServer - "82.163.142.178" Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5cf2ef7c-b538-43f3-8cad-ec8c87273ecd}|NameServer - "82.163.142.178" Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters|NameServer - "82.163.142.178" Deleted HKCU\Software\AppDataLow\Software\Mail.Ru Deleted HKU\S-1-5-18\Software\Mail.Ru Deleted HKCU\Software\Mail.Ru Deleted HKU\.DEFAULT\Software\Mail.Ru Deleted HKLM\Software\Wow6432Node\Mail.Ru Deleted HKCU\Software\Mozilla\NativeMessagingHosts\ru.mail.go.ext_info_host Deleted HKCU\Software\Google\Chrome\NativeMessagingHosts\ru.mail.go.ext_info_host Deleted HKLM\Software\Classes\IESearchPlugin.MailRuBHO Deleted HKCU\Software\One System Care Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneSystemCare Task ***** [ Chromium (and derivatives) ] ***** Not Deleted ?????????? ???????? Mail.Ru Not Deleted ???????? ???????? Mail.Ru Not Deleted ????? Mail.Ru ***** [ Chromium URLs ] ***** Not Deleted http://mail.ru/cnt/10445?gp=843051 Not Deleted http://mail.ru/cnt/10445?gp=843051 ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########