# AdwCleaner v6.046 - Logfile created 02/05/2017 at 01:27:16
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-04-24.1 [Local]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : TYBA CAFE - TYBACAFE-PC
# Running from : C:\Users\TYBA CAFE\Desktop\adwcleaner_6.046.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

Service Found:  MasSvc_{MaxthonAppStore_1.1.0.10848}


***** [ Folders ] *****

Folder Found:  C:\Users\TYBA CAFE\AppData\LocalLow\IObit\Advanced SystemCare
Folder Found:  C:\Users\TYBA CAFE\AppData\Roaming\IObit\Advanced SystemCare
Folder Found:  C:\Program Files\Hola
Folder Found:  C:\ProgramData\IObit\ASCDownloader
Folder Found:  C:\ProgramData\IObit\Advanced SystemCare
Folder Found:  C:\ProgramData\Application Data\IObit\ASCDownloader
Folder Found:  C:\ProgramData\Application Data\IObit\Advanced SystemCare
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
Folder Found:  C:\Users\Public\Documents\Guid
Folder Found:  C:\Program Files (x86)\IObit\Advanced SystemCare
Folder Found:  C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Folder Found:  C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\ScreenSnapshotTool
Folder Found:  C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Folder Found:  C:\Users\TYBA CAFE\AppData\Roaming\Mozilla\Firefox\Profiles\877kdp4p.default-1458949860277\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}


***** [ Files ] *****

File Found:  C:\Users\TYBA CAFE\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_notehomepage.dl.tb.ask.com_0.localstorage
File Found:  C:\Users\TYBA CAFE\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_nova.rambler.ru_0.localstorage
File Found:  C:\Users\TYBA CAFE\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_search.newtabtvsearch.com_0.localstorage
File Found:  C:\Users\TYBA CAFE\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_ttdetect.staticimgfarm.com_0.localstorage


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

Shortcut infected:  C:\Users\Public\Desktop\Google Chrome.lnk ( hxxps://launchpage.org/?uid=oTlKGGjMhx0cXWEzogOQNFcIVtuT2KFXCYywn4sezHYevm5aLFuH4i4h%2BDZWaMwwqg%3D%3D )
Shortcut infected:  C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk ( hxxps://launchpage.org/?uid=oTlKGGjMhx0cXWEzogOQNFcIVtuT2KFXCYywn4sezHYevm5aLFuH4i4h%2BDZWaMwwqg%3D%3D )
Shortcut infected:  C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxps://launchpage.org/?uid=oTlKGGjMhx0cXWEzogOQNFcIVtuT2KFXCYywn4sezHYevm5aLFuH4i4h%2BDZWaMwwqg%3D%3D )
Shortcut infected:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ( hxxps://launchpage.org/?uid=oTlKGGjMhx0cXWEzogOQNFcIVtuT2KFXCYywn4sezHYevm5aLFuH4i4h%2BDZWaMwwqg%3D%3D )
Shortcut infected:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxps://launchpage.org/?uid=oTlKGGjMhx0cXWEzogOQNFcIVtuT2KFXCYywn4sezHYevm5aLFuH4i4h%2BDZWaMwwqg%3D%3D )
Shortcut infected:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser\Maxthon Cloud Browser.lnk ( hxxps://launchpage.org/?uid=oTlKGGjMhx0cXWEzogOQNFcIVtuT2KFXCYywn4sezHYevm5aLFuH4i4h%2BDZWaMwwqg%
Shortcut infected:  C:\Users\TYBA CAFE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk ( hxxps://launchpage.org/?uid=oTlKGGjMhx0cXWEzogOQNFcIVtuT2KFXCYywn4sezHYevm5aLFuH4i4h%2BDZWaMww
Shortcut infected:  C:\Users\TYBA CAFE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxps://launchpage.org/?uid=oTlKGGjMhx0cXWEzogOQNFcIVtuT2KFXCYywn4sezHYevm5aLFuH4i4h%2BDZWaMwwqg%3D%3D 
Shortcut infected:  C:\Users\TYBA CAFE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxps://launchpage.org/?uid=oTlKGGjMhx0cXWEzogOQNFcIVtuT2KFXCYywn
Shortcut infected:  C:\Users\TYBA CAFE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxps://launchpage.org/?uid=oTlKGGjMhx0cXWEzogOQNFcIVtuT2KFXCYywn4sezHYevm5aLFuH4i4h%
Shortcut infected:  C:\Users\TYBA CAFE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( hxxps://launchpage.org/?uid=oTlKGGjMhx0cXWEzogOQNFcIVtuT2KFXCYywn4sezHYevm5aLFuH
Shortcut infected:  C:\Users\TYBA CAFE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Maxthon Cloud Browser.lnk ( hxxps://launchpage.org/?uid=oTlKGGjMhx0cXWEzogOQNFcIVtuT2KFXCYywn4sezHYevm5a
Shortcut infected:  C:\Users\TYBA CAFE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxps://launchpage.org/?uid=oTlKGGjMhx0cXWEzogOQNFcIVtuT2KFXCYywn4sezHYevm5aLFuH4i


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\ASCExtMenu.CExtMenu
Key Found:  HKLM\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1
Key Found:  HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found:  HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\ASCExtMenu.CExtMenu
Key Found:  [x64] HKLM\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found:  [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found:  HKU\.DEFAULT\Software\Hola
Key Found:  HKU\S-1-5-21-441084707-1445331647-454265335-1000\Software\Hola
Key Found:  HKU\S-1-5-21-441084707-1445331647-454265335-1000\Software\PRODUCTSETUP
Key Found:  HKU\S-1-5-21-441084707-1445331647-454265335-1000\Software\Yahoo\Companion
Key Found:  HKU\S-1-5-21-441084707-1445331647-454265335-1000\Software\Yahoo\YFriendsBar
Key Found:  HKU\S-1-5-21-441084707-1445331647-454265335-1000\Software\csastats
Key Found:  HKU\S-1-5-21-441084707-1445331647-454265335-1000\Software\ICSW1.23
Key Found:  HKU\S-1-5-21-441084707-1445331647-454265335-1000\Software\AppDataLow\Software\Yahoo\Companion
Key Found:  HKU\S-1-5-18\Software\Hola
Key Found:  HKCU\Software\Hola
Key Found:  HKCU\Software\PRODUCTSETUP
Key Found:  HKCU\Software\Yahoo\Companion
Key Found:  HKCU\Software\Yahoo\YFriendsBar
Key Found:  HKCU\Software\csastats
Key Found:  HKCU\Software\ICSW1.23
Key Found:  HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found:  HKLM\SOFTWARE\Yahoo\Companion
Key Found:  HKLM\SOFTWARE\IOBIT\ASC
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
Key Found:  [x64] HKCU\Software\Hola
Key Found:  [x64] HKCU\Software\PRODUCTSETUP
Key Found:  [x64] HKCU\Software\Yahoo\Companion
Key Found:  [x64] HKCU\Software\Yahoo\YFriendsBar
Key Found:  [x64] HKCU\Software\csastats
Key Found:  [x64] HKCU\Software\ICSW1.23
Key Found:  [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found:  [x64] HKLM\SOFTWARE\{61FFE1F9-137D-4c31-A181-3415FCAA5946}
Key Found:  [x64] HKLM\SOFTWARE\Hola
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\hola
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org
Key Found:  HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Key Found:  HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Key Found:  HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Key Found:  HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [9319 Bytes] - [02/05/2017 01:27:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9392 Bytes] ##########