Scribd
Upload
50 views10 pages

Native Log

The document details the removal of files and registry keys from a computer deemed to contain malware. Many files and registry values are removed or deleted from various locations on the system during the cleaning process.

Uploaded by

Abdrabu Abdallah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
50 views10 pages

Native Log

The document details the removal of files and registry keys from a computer deemed to contain malware. Many files and registry values are removed or deleted from various locations on the system during the cleaning process.

Uploaded by

Abdrabu Abdallah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 10

EnigmaSoft Limited, LLC

Initiating SpyHunter 5.0 Custom Removal Operation...


Running in MiniWin mode...

Restoring boot order...


No need to restore (single boot)
Found fix file: c:\spyhunter.fix
Removing file c:\Program Files\favism1\Setup1.exe
Success
Removing file c:\Users\aan.BINA\AppData\Roaming\jdshtds
Success
Removing file c:\Users\aan.BINA\AppData\Local\385515d5-64b3-4022-b51a-7e394920de76\
test3_0106.bmp.exe
Access Denied on: \??\c:\Users\aan.BINA\AppData\Local\385515d5-64b3-4022-b51a-
7e394920de76\test3_0106.bmp.exe
Success
Removing file c:\Users\aan.BINA\aan\AppData\Roaming\WindowsUpdate\c.dll
Success
Removing file c:\Users\aan.BINA\aan\AppData\Roaming\WindowsUpdate\a.dll
Success
Removing file c:\Users\aan.BINA\aan\AppData\Roaming\WindowsUpdate\b.dll
Success
Removing file c:\Users\aan.BINA\aan\AppData\Roaming\WindowsUpdate\
xmrstak_opencl_backend.dll
Success
Removing file c:\Users\aan.BINA\aan\AppData\Roaming\WindowsUpdate\
xmrstak_cuda_backend.dll
Success
Removing file c:\Users\aan.BINA\aan\AppData\Roaming\WindowsUpdate\
xmrstak_cuda_backend_cuda10_0.dll
Success
Deleting registry value
hive: windows\system32\config\software
key: Machiner\
value: 3_tag
Load hive fail 7
c:\windows\system32\config\software could not be loaded. Error: C000014C
Registry exception.
Releasing Registry...
Restoring registry hives...
Registry restore
Delete: "\device\harddiskvolume6\windows\system32\config\sam" Status=0
Move : "\??\C:\hDVfPZk6sNIwTvvA\hDVfPZk6sNIwTvvA\ESG_RegBk_19346"
to: "\device\harddiskvolume6\windows\system32\config\sam"
Status=0
Delete: "\device\harddiskvolume6\windows\system32\config\security" Status=0
Move : "\??\C:\hDVfPZk6sNIwTvvA\hDVfPZk6sNIwTvvA\ESG_RegBk_19347"
to: "\device\harddiskvolume6\windows\system32\config\security"
Status=0
Delete: "\device\harddiskvolume6\windows\system32\config\default" Status=0
Move : "\??\C:\hDVfPZk6sNIwTvvA\hDVfPZk6sNIwTvvA\ESG_RegBk_19348"
to: "\device\harddiskvolume6\windows\system32\config\default"
Status=0
Delete: "\device\harddiskvolume6\windows\system32\config\system" Status=0
Move : "\??\C:\hDVfPZk6sNIwTvvA\hDVfPZk6sNIwTvvA\ESG_RegBk_19349"
to: "\device\harddiskvolume6\windows\system32\config\system"
Status=0
Delete: "\device\harddiskvolume6\windows\system32\config\software" Status=0
Move : "\??\C:\hDVfPZk6sNIwTvvA\hDVfPZk6sNIwTvvA\ESG_RegBk_19350"
to: "\device\harddiskvolume6\windows\system32\config\software"
Status=0
Delete: "\device\harddiskvolume6\windows\serviceprofiles\networkservice\ntuser.dat"
Status=0
Move : "\??\C:\hDVfPZk6sNIwTvvA\hDVfPZk6sNIwTvvA\ESG_RegBk_19351"
to: "\device\harddiskvolume6\windows\serviceprofiles\networkservice\ntuser.dat"
Status=0
Delete: "\device\harddiskvolume6\windows\serviceprofiles\localservice\ntuser.dat"
Status=0
Move : "\??\C:\hDVfPZk6sNIwTvvA\hDVfPZk6sNIwTvvA\ESG_RegBk_19352"
to: "\device\harddiskvolume6\windows\serviceprofiles\localservice\ntuser.dat"
Status=0
Delete: "\device\harddiskvolume6\users\aan.bina\ntuser.dat" Status=0
Move : "\??\C:\hDVfPZk6sNIwTvvA\hDVfPZk6sNIwTvvA\ESG_RegBk_19353"
to: "\device\harddiskvolume6\users\aan.bina\ntuser.dat"
Status=0
Delete: "\device\harddiskvolume6\users\aan.bina\appdata\local\microsoft\windows\
usrclass.dat" Status=0
Move : "\??\C:\hDVfPZk6sNIwTvvA\hDVfPZk6sNIwTvvA\ESG_RegBk_19354"
to: "\device\harddiskvolume6\users\aan.bina\appdata\local\microsoft\windows\
usrclass.dat"
Status=0
Error: C000014C
Deleting registry value
hive: windows\system32\config\software
key: Machiner\
value: did
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\software
key: Machiner\
value: id
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\software
key: Machiner\
value: k_tag
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\software
key: Machiner\
value: s_t
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\software
key: Machiner\
value: tag
Skipping item (registry exception)
Removing file c:\Users\aan.BINA\AppData\Roaming\utshtds
Success
Removing file c:\windows\system32\wawlrptk\qptrntul.exe
Success
Deleting registry value
hive: windows\system32\config\system
key: ControlSet001\Services\wawlrptk\
value: Description
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: ControlSet001\Services\wawlrptk\
value: DisplayName
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: ControlSet001\Services\wawlrptk\
value: ErrorControl
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: ControlSet001\Services\wawlrptk\
value: ImagePath
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: ControlSet001\Services\wawlrptk\
value: ObjectName
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: ControlSet001\Services\wawlrptk\
value: Start
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: ControlSet001\Services\wawlrptk\
value: Type
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: CurrentControlSet\Services\wawlrptk\
value: Description
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: CurrentControlSet\Services\wawlrptk\
value: DisplayName
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: CurrentControlSet\Services\wawlrptk\
value: ErrorControl
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: CurrentControlSet\Services\wawlrptk\
value: ImagePath
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: CurrentControlSet\Services\wawlrptk\
value: ObjectName
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: CurrentControlSet\Services\wawlrptk\
value: Start
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: CurrentControlSet\Services\wawlrptk\
value: Type
Skipping item (registry exception)
Removing file c:\WINDOWS\System32\Tasks\Time Trigger Task
Failed to remove readonly, status=C0000034
Not found
Deleting registry value
hive: windows\system32\config\software
key: MicroRay\
value: ray
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\software
key: wsxy\
value: hash
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: ControlSet001\Services\EventLog\Application\SNARE\
value: CategoryCount
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: ControlSet001\Services\EventLog\Application\SNARE\
value: EventMessageFile
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: ControlSet001\Services\EventLog\Application\SNARE\
value: TypesSupported
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: CurrentControlSet\Services\EventLog\Application\SNARE\
value: CategoryCount
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: CurrentControlSet\Services\EventLog\Application\SNARE\
value: EventMessageFile
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: CurrentControlSet\Services\EventLog\Application\SNARE\
value: TypesSupported
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\software
key: mbs_install\
value: channel
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\software
key: mbs_install\
value: version
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\software
key: XOB\
value: T
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\software
key: XOB\
value: Z
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\software
key: Microsoft\
value: help
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\software
key: {DAF8B7E5-449D-4180-8281-10E536E597F2}\
value:
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\software
key: {DAF8B7E5-449D-4180-8281-10E536E597F2}\
value: it
Skipping item (registry exception)
Removing file c:\Program Files\Deskshare\Hilaenumaega.exe
Success
Moving file
from c:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\
Preferences.esgfix
to c:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\
Preferences
Success
Removing file c:\Program Files\Internet Download Manager\‫سن‬àëèٍü IDM.exe
Success
Removing file c:\Program Files\Adobe\Acrobat Reader DC\Reader\amtlib.dll
Success
Removing file c:\Users\aan.BINA\Desktop\Adobe Acrobat\Adobe Acrobat\amtlib.dll
Success
Removing file c:\Program Files\Adobe\Acrobat Reader DC\Reader\amtlib.dll.DEL
Success
Removing file c:\Program Files\DefenderControl\dControl.exe
Success
Removing file c:\Users\aan.BINA\aan\AppData\Roaming\.minecraft\versions\1.13\
natives\lwjgl_stb32.dll
Success
Removing file c:\Users\aan.BINA\aan\AppData\Roaming\.minecraft\versions\1.13.2\
natives\lwjgl_stb32.dll
Success
Removing file c:\Users\aan.BINA\aan\AppData\Roaming\.minecraft\versions\OptiFine
1.13.2\natives\lwjgl_stb32.dll
Success
Removing file c:\ProgramData\Garbage Cleaner\Bunifu_UI_v1.5.3.dll
Success
Removing file c:\ProgramData\Garbage Cleaner\Garbage Cleaner.exe.rrcc
Success
Removing file c:\Program Files\58DB7A7C_jumpeasy\tmpD221.tmp.dat.[6D65C167].
[[email protected]].CARLOS
Success
Removing file c:\Program Files\favism1\Microsoft Toolkit.exe
Success
Removing file c:\Users\aan.BINA\Downloads\Programs\
FortniteInstaller_4206043312.exe.rrcc
Success
Removing file c:\Users\aan.BINA\Downloads\Programs\roblox_2331538432.exe.rrcc
Success
Removing file c:\Users\aan.BINA\Downloads\Programs\roblox_0063631534.exe.rrcc
Success
Removing file c:\Users\aan.BINA\Downloads\vlc_media_player_2rTQ-M1.exe.rrcc
Success
Removing file c:\Program Files\4Videosoft Studio\4Videosoft Android Data Recovery\
Patch.exe
Success
Deleting registry value
hive: windows\system32\config\system
key: ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-
3b42174bea0f\
value: Description
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-
3b42174bea0f\
value: FriendlyName
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-
ad4be601ec1f\
value: Description
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-
ad4be601ec1f\
value: FriendlyName
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-
b4bb-3b42174bea0f\
value: Description
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-
b4bb-3b42174bea0f\
value: FriendlyName
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-
9e6f-ad4be601ec1f\
value: Description
Skipping item (registry exception)
Deleting registry value
hive: windows\system32\config\system
key: CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-
9e6f-ad4be601ec1f\
value: FriendlyName
Skipping item (registry exception)
Removing file c:\Program Files\EaseUS\EaseUS Data Recovery Wizard\(32-Bit) EDRW
Patcher v1.1.exe
Success
Removing file c:\Program Files\EaseUS\EaseUS Data Recovery Wizard\(64-Bit) EDRW
Patcher v1.1.exe
Success
Deleting registry value
hive: windows\system32\config\software
key: Classes\CLSID\{BFD98515-CD74-48A4-98E2-13D209E3EE4F}\
value:
Skipping item (registry exception)
Removing directory c:\Users\Administrator\AppData\Roaming\Elex-tech
Success
Removing directory c:\Users\aan.BINA\AppData\Local\385515d5-64b3-4022-b51a-
7e394920de76
Success
Removing directory c:\ProgramData\VideoMemoryDiagnostic
Success
Removing directory c:\ProgramData\TranslateService
Success
Removing directory c:\ProgramData\SystemNetwork
Success
Removing directory c:\ProgramData\Garbage Cleaner
Success
Removing directory c:\ProgramData\ErrorResponder
Success
Removing directory c:\Program Files\MachinerData
Success
Removing directory c:\Program Files\58DB7A7C_jumpeasy
Success
Removing directory c:\Program Files\58CCF617_cacayima
Success
Removing directory c:\Program Files\58C92B9D_cacayima
Success
Removing directory c:\Program Files\58C681A2_cacayima
Success
Removing directory c:\Program Files\58C177EF_cacayima
Success
Removing directory c:\Program Files\58BEBCA8_cacayima
Success
Deleting registry key
hive: windows\system32\config\system
key: CurrentControlSet\Services\wawlrptk\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\system
key: CurrentControlSet\Services\EventLog\Application\SNARE\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\system
key: CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-
9e6f-ad4be601ec1f\4f971e89-eebd-4455-a8de-9e59040e7347\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\system
key: CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-
9e6f-ad4be601ec1f\245d8541-3943-4422-b025-13a784f679b7\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\system
key: CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-
9e6f-ad4be601ec1f\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\system
key: CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-
b4bb-3b42174bea0f\4f971e89-eebd-4455-a8de-9e59040e7347\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\system
key: CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-
b4bb-3b42174bea0f\245d8541-3943-4422-b025-13a784f679b7\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\system
key: CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-
b4bb-3b42174bea0f\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\system
key: ControlSet001\Services\wawlrptk\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\system
key: ControlSet001\Services\EventLog\Application\SNARE\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\system
key: ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-
ad4be601ec1f\4f971e89-eebd-4455-a8de-9e59040e7347\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\system
key: ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-
ad4be601ec1f\245d8541-3943-4422-b025-13a784f679b7\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\system
key: ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-
ad4be601ec1f\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\system
key: ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-
3b42174bea0f\4f971e89-eebd-4455-a8de-9e59040e7347\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\system
key: ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-
3b42174bea0f\245d8541-3943-4422-b025-13a784f679b7\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\system
key: ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-
3b42174bea0f\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\software
key: {DAF8B7E5-449D-4180-8281-10E536E597F2}\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\software
key: Zerkaphhiguk\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\software
key: XOB\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\software
key: wsxy\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\software
key: MICROSOFT\TechnologyDesktopnew\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\software
key: MICROSOFT\Speedycar\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\software
key: Microsoft\shutdowntimecampaign5651\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\software
key: MICROSOFT\multitimercampaign84170\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\software
key: Microsoft\FstCar\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\software
key: Microsoft\DskFX\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\software
key: MICROSOFT\campaign9961\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\software
key: Microsoft\bestavicampaign563\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\software
key: Microsoft\avboostcampaign114\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\software
key: MicroRay\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\software
key: mbs_install\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\software
key: Machiner\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\software
key: Classes\CLSID\{BFD98515-CD74-48A4-98E2-13D209E3EE4F}\InprocServer32\
Skipping item (registry exception)
Deleting registry key
hive: windows\system32\config\software
key: Classes\CLSID\{BFD98515-CD74-48A4-98E2-13D209E3EE4F}\
Skipping item (registry exception)
Removing file c:\program files\recovermotion\yownfatw\ieskuanime_utils.dll
Access Denied on: \??\c:\program files\recovermotion\yownfatw\ieskuanime_utils.dll
Success
Disabling scheduled task Ztzxawpnv
Skipping item (not implemented)
Finished executing customfix
Process finished...

You might also like