# ------------------------------- # Malwarebytes AdwCleaner 7.2.4.0 # ------------------------------- # Build: 09-25-2018 # Database: 2018-10-31.2 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 11-04-2018 # Duration: 00:00:11 # OS: Windows 8.1 Pro # Cleaned: 101 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Program Files (x86)\ErrorFixKIT Deleted C:\Users\noble\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ErrorFix Kit Deleted C:\Users\Public\Documents\Downloaded Installers Deleted C:\Users\Public\Documents\Guid Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barre d'outils Crawler Deleted C:\ProgramData\NERO\NERO TUNEITUP Deleted C:\Program Files (x86)\NERO\NERO TUNEITUP Deleted C:\Users\noble\AppData\Roaming\PARETOLOGIC Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Solvusoft Deleted C:\Users\noble\AppData\Roaming\Solvusoft Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Local\LavasoftTcpService ***** [ Files ] ***** Deleted C:\Windows\System32\LavasoftTcpService64.dll Deleted C:\Windows\System32\LavasoftTcpServiceOff.ini Deleted C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini Deleted C:\Windows\SysWOW64\lavasofttcpservice.dll Deleted C:\Windows\System32\drivers\swdumon.sys Deleted C:\Users\Public\Desktop\NERO TUNEITUP.LNK ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Installer Deleted HKCU\SOFTWARE\128D9A03C486746FBC70D8E7C6C18FB9 Deleted HKLM\Software\Wow6432Node\128D9A03C486746FBC70D8E7C6C18FB9 Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|msiql Deleted HKCU\Software\dlr Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CommonToolkitTray_Solvusoft Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|MalwareProtectionLive Deleted HKCU\Software\SNDA Deleted HKCU\Software\AutoTime Deleted HKCU\Software\CoinisRevShare Deleted HKCU\Software\CToolbar Deleted HKCU\Software\PopWnd Deleted HKCU\Software\SecuredDownload Deleted HKU\S-1-5-18\Software\UpgSvr Deleted HKCU\Software\UpgSvr Deleted HKU\.DEFAULT\Software\UpgSvr Deleted HKLM\Software\Wow6432Node\Classes\AppID\QZipShell.DLL Deleted HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL Deleted HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt Deleted HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|KuaiZip Shell Extension Deleted HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost|kuaizipupdatesvc Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\UserData\Crawler Deleted HKLM\Software\Wow6432Node\Classes\PROTOCOLS\Handler\tbr Deleted HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\tbr Deleted HKCU\Software\Microsoft\Internet Explorer\MenuExt\Crawler Search Deleted HKLM\Software\Wow6432Node\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1} Deleted HKLM\Software\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1} Deleted HKLM\Software\Classes\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E} Deleted HKLM\Software\Classes\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} Deleted HKLM\Software\Classes\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C} Deleted HKLM\Software\Classes\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B} Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBF1B8D2-9A06-4174-A8B5-E38606DDB92B} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0} Deleted HKLM\Software\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566} Deleted HKLM\Software\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9} Deleted HKLM\Software\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7459F1D0-9FB6-4D71-AA7B-9DECB34EB704} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808} Deleted HKLM\Software\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966} Deleted HKLM\Software\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE} Deleted HKLM\Software\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{04006843-5199-4CE4-B3CD-8092CC91706E} Deleted HKLM\Software\Classes\TypeLib\{04006843-5199-4CE4-B3CD-8092CC91706E} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF} Deleted HKLM\Software\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF} Deleted HKLM\Software\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF} Deleted HKLM\Software\Wow6432Node\NERO\nero_tuneitup Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{849FFDD9-DFDB-493D-BFF1-B0E2C76A8AEE} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{20110ECF-1C68-4E61-BA8E-8CA0B0F0F53A} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{2A6A8E92-38D7-4432-9067-6E1735B31165} Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{139AAF02-CE25-4FF3-B0BA-873E0DC9F9F9} Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc Deleted HKLM\Software\DtsEncodeTools Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted HKLM\Software\Wow6432Node\Classes\AppID\LavasoftTcpService.exe Deleted HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe Deleted HKLM\Software\Wow6432Node\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB} Deleted HKLM\Software\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB} ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** Deleted http://www.youndoo.com/?z=120f8ebb755980fda2c1364gcz4b6e1q7mdz5e2o7e&from=wak&uid=ST500DM002-1BD142_W2AJ8FQ0XXXXW2AJ8FQ0&type=hp Deleted http://www.youndoo.com/?z=120f8ebb755980fda2c1364gcz4b6e1q7mdz5e2o7e&from=wak&uid=ST500DM002-1BD142_W2AJ8FQ0XXXXW2AJ8FQ0&type=hp ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [11651 octets] - [04/11/2018 12:09:17] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########