# ------------------------------- # Malwarebytes AdwCleaner 8.0.4.0 # ------------------------------- # Build: 04-03-2020 # Database: 2020-04-08.2 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 04-09-2020 # Duration: 00:00:07 # OS: Windows 10 Home # Cleaned: 53 # Failed: 0 ***** [ Services ] ***** Deleted WCAssistantService ***** [ Folders ] ***** Deleted C:\Program Files (x86)\Lavasoft\Web Companion Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion Deleted C:\ProgramData\CloudPrinter Deleted C:\ProgramData\Lavasoft\Web Companion Deleted C:\ProgramData\Logic Cramble Deleted C:\ProgramData\Microleaves Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion Deleted C:\ProgramData\Quoteexs Deleted C:\Users\dawid\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG Deleted C:\Users\dawid\AppData\Roaming\Lavasoft\Web Companion Deleted C:\Users\dawid\AppData\Roaming\Microleaves Deleted C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} ***** [ Files ] ***** Deleted C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} Deleted C:\Windows\SysWOW64\findit.xml ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Environment|SNF Deleted HKCU\Environment|SNP Deleted HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\vshare.io Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\vshare.io Deleted HKCU\Software\Lavasoft\Web Companion Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\warthunder.com Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thebrighttag.com Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{993F5746-4C15-42BC-99C1-064A1764271B} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion Deleted HKCU\Software\PRODUCTSETUP Deleted HKLM\SOFTWARE\MICROSOFT\Speedycar Deleted HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\Quoteex.exe Deleted HKLM\SYSTEM\Setup\FirstBoot\Services\WCAssistantService Deleted HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A Deleted HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A Deleted HKLM\Software\MICROSOFT\TechnologyDesktopnew Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|Multitimer Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion Deleted HKLM\Software\Wow6432Node\Microleaves Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{14f6d027-28dd-44b6-8597-87596e43b750}|DisplayIcon Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{14f6d027-28dd-44b6-8597-87596e43b750}|DisplayName Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{14f6d027-28dd-44b6-8597-87596e43b750}|UninstallString Deleted HKLM\Software\Wow6432Node\\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\Quoteex.exe Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WarThunder Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1 Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} Deleted HKLM\Software\Wow6432Node\mtQuoteex Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\Application Hosting Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014} Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014} Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** Deleted Preinstalled.SamsungSmartSwitch Folder C:\Users\dawid\AppData\Roaming\SAMSUNG\SMART SWITCH PC ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [6804 octets] - [09/04/2020 09:20:02] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########