# ------------------------------- # Malwarebytes AdwCleaner 7.2.5.0 # ------------------------------- # Build: 11-26-2018 # Database: 2018-12-07.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 12-13-2018 # Duration: 00:00:18 # OS: Windows 10 Home # Cleaned: 75 # Failed: 1 ***** [ Services ] ***** Deleted hola_updater Deleted hola_svc ***** [ Folders ] ***** Deleted C:\ProgramData\IObit\Advanced SystemCare Deleted C:\Users\guebe\AppData\Roaming\IObit\Advanced SystemCare Deleted C:\Users\Public\Documents\Downloaded Installers Deleted C:\Users\guebe\AppData\Local\YSearchUtil Not Deleted C:\Program Files\Hola Deleted C:\Windows\System32\sstmp Deleted C:\Windows\System32\SSL Deleted C:\Users\guebe\AppData\Local\DownloadManager Deleted C:\Program Files (x86)\UCBrowser ***** [ Files ] ***** Deleted C:\Windows\ServiceProfiles\NetworkService\Favorites\Booking.com.url Deleted C:\Windows\ServiceProfiles\LocalService\Favorites\Booking.com.url Deleted C:\Users\guebe\Favorites\Booking.com.url Deleted C:\Users\guebe\Downloads\Hola-Setup.exe Deleted C:\Users\guebe\AppData\Roaming\Mozilla\Firefox\Profiles\84xbquz4.default\invalidprefs.js Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hola.lnk Deleted C:\Windows\System32\LavasoftTcpService64.dll Deleted C:\Windows\SysWOW64\lavasofttcpservice.dll Deleted C:\Windows\System32\drivers\swdumon.sys Deleted C:\Users\guebe\AppData\Roaming\Installer.dat ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted C:\Windows\System32\Tasks\UCBrowserSecureUpdater Deleted C:\Windows\System32\Tasks\Driver Booster Scheduler ***** [ Registry ] ***** Deleted HKLM\Software\Classes\tsckmna Deleted HKLM\SOFTWARE\Classes\UCHTML Deleted HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare Deleted HKCU\Software\Classes\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F5415905096AA504A9FB967C7A138943 Deleted HKU\S-1-5-18\Software\AppDataLow\Software\Amazon\AmazonAssistant Deleted HKU\.DEFAULT\Software\AppDataLow\Software\Amazon\AmazonAssistant Deleted HKLM\Software\Wow6432Node\AppDataLow\Software\Amazon\AmazonAssistant Deleted HKLM\Software\Wow6432Node\Classes\AppID\AmazonAppIE.dll Deleted HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll Deleted HKLM\Software\Wow6432Node\Classes\AppID\{F18AE3C4-D2AD-42AC-9282-509DCF035D06} Deleted HKLM\Software\Classes\AppID\{F18AE3C4-D2AD-42AC-9282-509DCF035D06} Deleted HKLM\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb} Deleted HKLM\Software\Microsoft\CasterDate Deleted HKCU\Software\dlr Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|hola Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hola Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hola Deleted HKCU\Software\Hola Deleted HKLM\Software\Hola Deleted HKCU\Software\PopWnd Deleted HKU\S-1-5-18\Software\UpgSvr Deleted HKCU\Software\UpgSvr Deleted HKU\.DEFAULT\Software\UpgSvr Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|KuaiZip Shell Extension Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj Deleted HKLM\Software\Wow6432Node\Microsoft\MediaPlayer\ShimInclusionList\UCBrowser.exe Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe Deleted HKLM\Software\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450} Deleted HKLM\Software\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} Deleted HKLM\Software\Classes\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8} Deleted HKLM\Software\Classes\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E} Deleted HKLM\Software\Classes\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} Deleted HKLM\Software\Classes\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C} Deleted HKLM\Software\Classes\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{4D12043C-2763-46DB-9FB4-84E5A460C436} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D12043C-2763-46DB-9FB4-84E5A460C436} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserSecureUpdater Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E74BF97-B8E9-4EB8-ABD2-8A132EA8E027} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdaterCore Deleted HKLM\Software\Reimage Deleted HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} Deleted HKU\S-1-5-18\Software\Lavasoft\Web Companion Deleted HKU\.DEFAULT\Software\Lavasoft\Web Companion ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** Deleted IObit Surfing Protection & Ads Removal ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [8166 octets] - [13/12/2018 20:22:54] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########