# ------------------------------- # Malwarebytes AdwCleaner 7.2.0.0 # ------------------------------- # Build: 06-05-2018 # Database: 2018-06-15.3 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 06-18-2018 # Duration: 00:00:07 # OS: Windows 7 Ultimate # Cleaned: 52 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Users\deckx\AppData\Local\VirtualStore\ProgramData\Tencent Deleted C:\ProgramData\PARETOLOGIC Deleted C:\Users\deckx\AppData\Roaming\PARETOLOGIC ***** [ Files ] ***** Deleted C:\ProgramData\xdo.zip Deleted C:\ProgramData\webad.xml ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKU\S-1-5-18\SOFTWARE\AA11766496ECB13683B47973E291581A Deleted HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\SOFTWARE\d2be3e6d11846430c067fc874a79f583 Deleted HKU\.DEFAULT\SOFTWARE\AA11766496ECB13683B47973E291581A Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpSvc Deleted HKCU\Software\ParetoLogic Deleted HKLM\Software\Wow6432Node\ParetoLogic Deleted HKCU\Software\PopWnd Deleted HKU\S-1-5-18\Software\UpgSvr Deleted HKCU\Software\UpgSvr Deleted HKU\.DEFAULT\Software\UpgSvr Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3377807318-2724434003-2614323792-1000\Products\44e6d02e296c92344d59752e99f63cde Deleted HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95} Deleted HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A} Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe Deleted HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMSoftExt Deleted HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\QMSoftExt Deleted HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextUninstall Deleted HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan Deleted HKLM\Software\Wow6432Node\Microsoft\MediaPlayer\ShimInclusionList\UCBrowser.exe Deleted HKLM\SOFTWARE\Classes\.qbox Deleted HKLM\Software\Wow6432Node\RegisteredApplications|Yeaplayer Deleted HKLM\SOFTWARE\RegisteredApplications|Yeaplayer Deleted HKLM\Software\Wow6432Node\Clients\Media\yeaplayer Deleted HKLM\SOFTWARE\Clients\Media\yeaplayer Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0} Deleted HKLM\Software\Classes\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1} Deleted HKLM\Software\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1} Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16EE6530-8649-4F42-A9E4-F6A3295AF975} Deleted HKLM\Software\Classes\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81} Deleted HKLM\Software\Classes\CLSID\{D4801E96-E7A1-45F6-B124-7A36DFB40B81} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{754DF2CE-51E8-4895-B53C-6381418B84AE} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{63332668-8CE1-445D-A5EE-25929176714E} Deleted HKLM\Software\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{CBDECEF7-7A29-4CBF-A009-2673D82C7BF9} Deleted HKLM\Software\Classes\CLSID\{CBDECEF7-7A29-4CBF-A009-2673D82C7BF9} Deleted HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{50F4150A-48B2-417A-BE4C-C83F580FB904} Deleted HKLM\Software\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{C69276F0-9BC1-404F-8566-FCB14D0ED4B8} Deleted HKLM\Software\Classes\TypeLib\{C69276F0-9BC1-404F-8566-FCB14D0ED4B8} Deleted HKLM\Software\Classes\IESearchPlugin.MailRuBHO Deleted HKLM\Software\Reimage Deleted HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DCFCC2EC-3F33-45A8-8ADF-A6C81F11232F} Deleted HKCU\Software\Yeaplayer ***** [ Chromium (and derivatives) ] ***** Deleted ???????? ???????? Mail.Ru Deleted ???????? ???????? Mail.Ru Deleted ???????? ???????? Mail.Ru ***** [ Chromium URLs ] ***** Deleted ask.com ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [6052 octets] - [18/06/2018 19:07:31] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########