# ------------------------------- # Malwarebytes AdwCleaner 7.2.5.0 # ------------------------------- # Build: 11-26-2018 # Database: 2018-12-19.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 12-20-2018 # Duration: 00:00:20 # OS: Windows 7 Ultimate # Cleaned: 115 # Failed: 1 ***** [ Services ] ***** Deleted WCAssistantService ***** [ Folders ] ***** Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freeTVRadio Deleted C:\Program Files (x86)\freeTVRadio Deleted C:\Users\Didier\AppData\Roaming\freeTVRadio Deleted C:\Users\Didier\AppData\Local\freetvradio Air Deleted C:\Users\Didier\AppData\Roaming\FissaSearch Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKLM\Software\Classes\bbylntlbr.bbylntlbrHlpr Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\babylon.com Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\AboutUrls|Tabs Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion Deleted HKCU\Software\YahooPartnerToolbar Deleted HKCU\Software\Spointer Deleted HKCU\Software\freeTVRadio Deleted HKLM\Software\Wow6432Node\freeTVRadio Deleted HKCU\Software\FissaSearch Deleted HKLM\Software\Wow6432Node\FissaSearch Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{38470B46-9BF1-40AE-A588-F6AD6D1C2D42} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Genius Professional Edition_is1 Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2C8574B5-6935-4FCE-860E-F4E8602378FF} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\698B1BCDAEA97B945AE4001A96F1E755 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\67909B00FA069BE4E80548738FE558FB Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64B074831FB9EA045A886FDAD6C1D224 Deleted HKLM\Software\Classes\Installer\Products\64B074831FB9EA045A886FDAD6C1D224 Deleted HKLM\Software\Classes\Installer\Features\64B074831FB9EA045A886FDAD6C1D224 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B2F30BE10C5A9DD43A593262265CA298 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\48A0552292E14244E8F3980FD3D01541 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BA172DB42E6685D4FA8808EFB370074C Deleted HKLM\Software\Classes\Installer\Products\BA172DB42E6685D4FA8808EFB370074C Deleted HKLM\Software\Classes\Installer\Features\BA172DB42E6685D4FA8808EFB370074C Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\503398D5204CBDD48A5EE476D0CFCFEC Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5BDF578D2C71DDC4997692F83B0A5C75 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5B4758C25396ECF468E04F8E063287FF Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5B4758C25396ECF468E04F8E063287FF Deleted HKLM\Software\Classes\Installer\UpgradeCodes\5B4758C25396ECF468E04F8E063287FF Deleted HKLM\Software\Classes\Installer\Products\5B4758C25396ECF468E04F8E063287FF Deleted HKLM\Software\Classes\Installer\Features\5B4758C25396ECF468E04F8E063287FF Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9ED6CAB2F119182EB7D8CE7156DC0915 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A3D6A80A87E22324A91C14AEBDF78525 Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E6611210321F8640B41F98B10A8BD0A Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ADFBDCA3E069A47B07ECC2CED1E2B2 Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ForceRenive Deleted HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL Deleted HKLM\SOFTWARE\Classes\AppID\escort.DLL Deleted HKLM\Software\Wow6432Node\Classes\Interface\{FA417304-519C-4278-9155-9B6562942C39} Deleted HKLM\Software\Classes\Interface\{FA417304-519C-4278-9155-9B6562942C39} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{F5419E28-D7D4-4B5E-89D4-008BC67B51B4} Deleted HKLM\Software\Classes\TypeLib\{F5419E28-D7D4-4B5E-89D4-008BC67B51B4} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{F46EF622-9190-44FF-A3EF-FC1DDD82BC65} Deleted HKLM\Software\Classes\TypeLib\{F46EF622-9190-44FF-A3EF-FC1DDD82BC65} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{D5F775F6-8871-46A4-9521-68A9694B6830} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{D5F775F6-8871-46A4-9521-68A9694B6830} Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0828293-E520-483A-816A-1B547C4AD7E6} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{C20001AC-EA08-4185-A47F-423473FA96E6} Deleted HKLM\Software\Classes\Interface\{C20001AC-EA08-4185-A47F-423473FA96E6} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Deleted HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5312367-B3B5-4757-8247-B70184629B2B} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{A1F3BAED-C4B1-4E7D-9AD4-3FEAC1ABB06C} Deleted HKLM\Software\Classes\Interface\{A1F3BAED-C4B1-4E7D-9AD4-3FEAC1ABB06C} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{A1F3BAED-C4B1-4E7D-9AD4-3FEAC1ABB06C} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{7C36E7FF-9860-4437-A5FF-B1349A43835B} Deleted HKLM\Software\Classes\Interface\{7C36E7FF-9860-4437-A5FF-B1349A43835B} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{7C36E7FF-9860-4437-A5FF-B1349A43835B} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{746B5408-3579-4CED-B76A-BEC915730F45} Deleted HKLM\Software\Classes\Interface\{746B5408-3579-4CED-B76A-BEC915730F45} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{746B5408-3579-4CED-B76A-BEC915730F45} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3} Deleted HKLM\Software\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{596117CB-19F1-47B4-AA3A-CFF13970450A} Deleted HKLM\Software\Classes\Interface\{596117CB-19F1-47B4-AA3A-CFF13970450A} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{4AF195E5-1978-4F8D-A316-5BCCE06D7F89} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4AF195E5-1978-4F8D-A316-5BCCE06D7F89} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{4AF195E5-1978-4F8D-A316-5BCCE06D7F89} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{40038D23-8356-413E-95B5-4070C5D042FF} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{40038D23-8356-413E-95B5-4070C5D042FF} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{3763EE44-612E-457D-8932-F3E2BDE560D4} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{3763EE44-612E-457D-8932-F3E2BDE560D4} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{303D092C-7A38-4F1A-BB61-4C5A90BDA313} Deleted HKLM\Software\Classes\TypeLib\{303D092C-7A38-4F1A-BB61-4C5A90BDA313} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{2D110684-626C-41A5-B737-9FA4613D7398} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{20B456BE-E93B-48C4-B8E8-876AC01E8A20} Deleted HKLM\Software\Classes\Interface\{20B456BE-E93B-48C4-B8E8-876AC01E8A20} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{20B456BE-E93B-48C4-B8E8-876AC01E8A20} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{1E5CEE40-211D-4FEF-B03F-6D784089A445} Deleted HKLM\Software\Classes\Interface\{1E5CEE40-211D-4FEF-B03F-6D784089A445} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Deleted HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Deleted HKLM\Software\Classes\Prod.cap Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9} Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com Deleted HKU\S-1-5-18\Software\Lavasoft\Web Companion Deleted HKCU\Software\Lavasoft\Web Companion Deleted HKU\.DEFAULT\Software\Lavasoft\Web Companion Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com ***** [ Chromium (and derivatives) ] ***** Deleted Interest Recognizer for Freetvradio Deleted Interest Recognizer for Freetvradio Deleted bopakagnckmlgajfccecajhnimjiiedh ***** [ Chromium URLs ] ***** Deleted Fissa ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** Deleted http://www.bing.com/?pc=COSP&ptag=D082118-A9FCDBB39EF&form=CONMHP&conlogo=CT3335799 Not Deleted fissa.com ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [13875 octets] - [20/12/2018 18:22:24] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########