# ------------------------------- # Malwarebytes AdwCleaner 8.4.0.0 # ------------------------------- # Build: 08-30-2022 # Database: 2023-07-19.3 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 12-06-2023 # Duration: 00:00:02 # OS: Windows 7 Service Pack 1 # Cleaned: 64 # Failed: 0 ***** [ Services ] ***** Deleted SparkSvc Deleted SparkUpdater ***** [ Folders ] ***** Deleted C:\Program Files (x86)\UCBrowser Deleted C:\ProgramData\SecuritySuite Deleted C:\Users\Public\Documents\pc faster Deleted C:\Users\dd\AppData\Local\UCBrowser Deleted C:\Users\dd\AppData\Local\torch Deleted C:\Users\dd\AppData\Roaming\Hola Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Local\UCBrowser Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV ***** [ Files ] ***** Deleted C:\Windows\System32\drivers\webshieldfilter.sys ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted C:\Windows\System32\Tasks\SPARKUPDATER Deleted C:\Windows\System32\Tasks\UCBROWSERUPDATERCORE Deleted C:\Windows\Tasks\UCBROWSERUPDATERCORE.JOB ***** [ Registry ] ***** Deleted HKCU\SOFTWARE\Classes\.htm\OpenWithProgids|UCHTML.AssocFile.HTM Deleted HKCU\SOFTWARE\Classes\.html\OpenWithProgids|UCHTML.AssocFile.HTML Deleted HKCU\SOFTWARE\Classes\.mht\OpenWithProgids|UCHTML.AssocFile.MHT Deleted HKCU\SOFTWARE\Classes\.shtm\OpenWithProgids|UCHTML.AssocFile.SHTM Deleted HKCU\SOFTWARE\Classes\.shtml\OpenWithProgids|UCHTML.AssocFile.SHTML Deleted HKCU\SOFTWARE\Classes\.webp\OpenWithProgids|UCHTML.AssocFile.WEBP Deleted HKCU\SOFTWARE\Classes\.xht\OpenWithProgids|UCHTML.AssocFile.XHT Deleted HKCU\SOFTWARE\Classes\.xhtml\OpenWithProgids|UCHTML.AssocFile.XHTML Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe Deleted HKCU\Software\Lavasoft\Web Companion Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spark Deleted HKCU\Software\SSProtect Deleted HKLM\SOFTWARE\Classes\*\shell\TotalAV Deleted HKLM\SOFTWARE\Classes\.htm\OpenWithProgids|UCHTML.AssocFile.HTM Deleted HKLM\SOFTWARE\Classes\.html\OpenWithProgids|UCHTML.AssocFile.HTML Deleted HKLM\SOFTWARE\Classes\.mht\OpenWithProgids|UCHTML.AssocFile.MHT Deleted HKLM\SOFTWARE\Classes\.shtm\OpenWithProgids|UCHTML.AssocFile.SHTM Deleted HKLM\SOFTWARE\Classes\.shtml\OpenWithProgids|UCHTML.AssocFile.SHTML Deleted HKLM\SOFTWARE\Classes\.webp\OpenWithProgids|UCHTML.AssocFile.WEBP Deleted HKLM\SOFTWARE\Classes\.xht\OpenWithProgids|UCHTML.AssocFile.XHT Deleted HKLM\SOFTWARE\Classes\.xhtml\OpenWithProgids|UCHTML.AssocFile.XHTML Deleted HKLM\SOFTWARE\Classes\Applications\torch-browser_65-0-0-1617_fr_418134.exe Deleted HKLM\SOFTWARE\Classes\UCHTML Deleted HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX Deleted HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM Deleted HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML Deleted HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT Deleted HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM Deleted HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML Deleted HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP Deleted HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT Deleted HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant Deleted HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39B77E5E-D546-4463-BD7E-9444F3CE7F0F} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2DC599C-D8C3-40DB-9216-D8419097B9F7} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkUpdater Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdaterCore Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant Deleted HKLM\Software\Classes\totalav Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion Deleted HKLM\Software\Wow6432Node\\Microsoft\MediaPlayer\ShimInclusionList\UCBrowser.exe Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Spark Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\TotalAV Deleted HKLM\Software\{DAF8B7E5-449D-4180-8281-10E536E597F2} Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService ***** [ Chromium (and derivatives) ] ***** Deleted Avira SafeSearch Plus - ipmkfpcnmccejididiaagpgchgjfajgp ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** Deleted Video Downloader professional - ffext_basicvideoext@startpage24 ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [6988 octets] - [06/12/2023 14:25:52] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########