# ------------------------------- # Malwarebytes AdwCleaner 7.2.6.0 # ------------------------------- # Build: 12-18-2018 # Database: 2019-01-02.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 01-08-2019 # Duration: 00:00:07 # OS: Windows 7 Professional # Cleaned: 102 # Failed: 0 ***** [ Services ] ***** Deleted CRMSvc Deleted Windefender Deleted Nettrans Deleted backlh Deleted WCAssistantService Deleted Voyasollam ***** [ Folders ] ***** Deleted C:\Windows\System32\config\systemprofile\AppData\Roaming\CRMSvc Deleted C:\Users\hp\AppData\Roaming\CRMSvc Deleted C:\Program Files\Speedycar Deleted C:\ProgramData\Logic Cramble Deleted C:\Program Files\hUmbquBpttZU2 Deleted C:\Program Files\qUgzYKxVLnesC Deleted C:\Program Files\fHDlqDVwU Deleted C:\Program Files\ooxzIAzTqruiVIszQdR Deleted C:\Program Files\VKkhWVSisIE Deleted C:\Program Files\utzZkkanmIUn Deleted C:\ProgramData\Voyasollams Deleted C:\ProgramData\Voyasollam Deleted C:\Program Files\butler Deleted C:\Program Files\FastDataX Deleted C:\Users\hp\AppData\Roaming\EpicNet Inc Deleted C:\Users\hp\Desktop\DCE Deleted C:\ProgramData\PrefsSecure Deleted C:\Windows\Temp\Smartbar Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion Deleted C:\Users\hp\AppData\Local\WhiteClick Deleted C:\Users\hp\AppData\Roaming\WidModule ***** [ Files ] ***** Deleted C:\Users\hp\Downloads\DriverToolkitInstaller.exe Deleted C:\Windows\System32\config\systemprofile\appdata\local\installationconfiguration.xml Deleted C:\Users\hp\appdata\local\installationconfiguration.xml Deleted C:\Users\hp\AppData\Local\Main.dat Deleted C:\Users\hp\AppData\Local\Temp\WhiteClick.exe Deleted C:\Windows\System32\findit.xml Deleted C:\Windows\System32\drivers\WinmonProcessMonitor.sys ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** Deleted C:\Users\hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk Deleted C:\Users\hp\Desktop\Google Chrome.lnk Deleted C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Deleted C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk Deleted C:\Users\hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Deleted C:\Users\hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk Deleted C:\Users\hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ***** [ Tasks ] ***** Deleted C:\Windows\System32\Tasks\ScheduledUpdate Deleted C:\Windows\System32\Tasks\SOVqgpLsuXhFCxp2 Deleted C:\Windows\System32\Tasks\iYMvCriySoqaGgPjbmR2 Deleted C:\Windows\System32\Tasks\DvwLFWwXutwLxJgmB2 Deleted C:\Windows\System32\Tasks\mMzvDpxKxjJVUr ***** [ Registry ] ***** Deleted HKLM\Software\CRMSvc Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D105DFE2-8DF6-4BA0-ABF1-392716658963} Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\CRMSvc Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95A869FD-A72B-47C2-8CBA-416FF9CCFC25} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ScheduledUpdate Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Speedycar Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Speedycar_is1 Deleted HKLM\Software\MICROSOFT\TechnologyDesktopnew Deleted HKLM\SOFTWARE\MICROSOFT\Speedycar Deleted HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VOYASOLLAM.EXE Deleted HKCU\Software\mtVoyasollam Deleted HKLM\Software\mtVoyasollam Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1655C0CA-7AE7-4012-8502-970C8675E5F8 Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37282C4D-9E01-49D3-9A0D-308ACD0C3559} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SOVqgpLsuXhFCxp2 Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A051C2AB-051B-43AD-BD70-C2FAFE64A39E} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iYMvCriySoqaGgPjbmR2 Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F44DF4B4-5085-4892-8ADE-991E40B3FC3B} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DvwLFWwXutwLxJgmB2 Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{936EC811-9F56-4EFF-8B36-5A96F601B766} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{936EC811-9F56-4EFF-8B36-5A96F601B766} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mMzvDpxKxjJVUr Deleted HKLM\Software\Wow6432Node\ByteFence Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe Deleted HKCU\Software\drpsu Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FastDataX_is1 Deleted HKCU\Software\FastDataX Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cloudnet Deleted HKCU\Software\EpicNet Inc. Deleted HKCU\Software\csastats Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion Deleted HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Voyasollam.exe Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\Application Hosting Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes\ielnksrch Deleted HKU\S-1-5-18\Environment|SNP Deleted HKU\.DEFAULT\Environment|SNP Deleted HKU\S-1-5-18\Software\Lavasoft\Web Companion Deleted HKCU\Software\Lavasoft\Web Companion Deleted HKU\.DEFAULT\Software\Lavasoft\Web Companion Deleted HKLM\Software\Lavasoft\Web Companion Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted HKLM\Software\Classes\CLSID\{198A2D6D-5D0E-4C79-9416-AA889D7CA7A6} Deleted HKLM\Software\Classes\MailSearch.Helpers.AutoComplete Deleted HKLM\Software\Classes\MailSearch.MailSearchBandObject Deleted HKLM\Software\Classes\MailSearch.Installer Deleted HKLM\Software\Classes\MailSearch.Attributes.BandObjectAttribute ***** [ Chromium (and derivatives) ] ***** Deleted Quick Searcher Deleted MSN Homepage & Bing Search Engine ***** [ Chromium URLs ] ***** Deleted WebSearch ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [9956 octets] - [08/01/2019 07:49:46] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########