# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-10-31.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-04-2018
# Duration: 00:00:11
# OS: Windows 8.1 Pro
# Cleaned: 101
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\ErrorFixKIT
Deleted C:\Users\noble\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ErrorFix Kit
Deleted C:\Users\Public\Documents\Downloaded Installers
Deleted C:\Users\Public\Documents\Guid
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barre d'outils Crawler
Deleted C:\ProgramData\NERO\NERO TUNEITUP
Deleted C:\Program Files (x86)\NERO\NERO TUNEITUP
Deleted C:\Users\noble\AppData\Roaming\PARETOLOGIC
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Solvusoft
Deleted C:\Users\noble\AppData\Roaming\Solvusoft
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Local\LavasoftTcpService

***** [ Files ] *****

Deleted C:\Windows\System32\LavasoftTcpService64.dll
Deleted C:\Windows\System32\LavasoftTcpServiceOff.ini
Deleted C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
Deleted C:\Windows\SysWOW64\lavasofttcpservice.dll
Deleted C:\Windows\System32\drivers\swdumon.sys
Deleted C:\Users\Public\Desktop\NERO TUNEITUP.LNK

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Installer
Deleted HKCU\SOFTWARE\128D9A03C486746FBC70D8E7C6C18FB9
Deleted HKLM\Software\Wow6432Node\128D9A03C486746FBC70D8E7C6C18FB9
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|msiql
Deleted HKCU\Software\dlr
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CommonToolkitTray_Solvusoft
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|MalwareProtectionLive
Deleted HKCU\Software\SNDA
Deleted HKCU\Software\AutoTime
Deleted HKCU\Software\CoinisRevShare
Deleted HKCU\Software\CToolbar
Deleted HKCU\Software\PopWnd
Deleted HKCU\Software\SecuredDownload
Deleted HKU\S-1-5-18\Software\UpgSvr
Deleted HKCU\Software\UpgSvr
Deleted HKU\.DEFAULT\Software\UpgSvr
Deleted HKLM\Software\Wow6432Node\Classes\AppID\QZipShell.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL
Deleted HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\


KuaiZipShlExt
Deleted HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\


KuaiZipShlExt
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|KuaiZip Shell Extension
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost|kuaizipupdatesvc
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\UserData\Crawler
Deleted HKLM\Software\Wow6432Node\Classes\PROTOCOLS\Handler\tbr
Deleted HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\tbr
Deleted HKCU\Software\Microsoft\Internet Explorer\MenuExt\Crawler Search
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
Deleted HKLM\Software\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
Deleted HKLM\Software\Classes\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E}
Deleted HKLM\Software\Classes\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}
Deleted HKLM\Software\Classes\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C}
Deleted HKLM\Software\Classes\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBF1B8D2-9A06-4174-A8B5-E38606DDB92B}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Deleted HKLM\Software\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566}
Deleted HKLM\Software\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Deleted HKLM\Software\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7459F1D0-9FB6-4D71-AA7B-9DECB34EB704}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Deleted HKLM\Software\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
Deleted HKLM\Software\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Deleted HKLM\Software\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{04006843-5199-4CE4-B3CD-8092CC91706E}
Deleted HKLM\Software\Classes\TypeLib\{04006843-5199-4CE4-B3CD-8092CC91706E}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Deleted HKLM\Software\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Deleted HKLM\Software\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Deleted HKLM\Software\Wow6432Node\NERO\nero_tuneitup
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{849FFDD9-DFDB-493D-BFF1-B0E2C76A8AEE}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{20110ECF-1C68-4E61-BA8E-8CA0B0F0F53A}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{2A6A8E92-38D7-4432-9067-6E1735B31165}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{139AAF02-CE25-4FF3-B0BA-873E0DC9F9F9}
Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc
Deleted HKLM\Software\DtsEncodeTools
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\Software\Wow6432Node\Classes\AppID\LavasoftTcpService.exe
Deleted HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}
Deleted HKLM\Software\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted http://www.youndoo.com/?z=120f8ebb755980fda2c1364gcz4b6e1q7mdz5e2o7e&from=wak&uid=ST500DM002-1BD142_W2AJ8FQ0XXXXW2AJ8FQ0&type=hp
Deleted http://www.youndoo.com/?z=120f8ebb755980fda2c1364gcz4b6e1q7mdz5e2o7e&from=wak&uid=ST500DM002-1BD142_W2AJ8FQ0XXXXW2AJ8FQ0&type=hp

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [11651 octets] - [04/11/2018 12:09:17]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########