# ------------------------------- # Malwarebytes AdwCleaner 7.2.7.0 # ------------------------------- # Build: 01-30-2019 # Database: 2019-03-25.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 03-29-2019 # Duration: 00:00:13 # OS: Windows 10 Home # Cleaned: 81 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service Deleted C:\Users\Public\App Explorer Deleted C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service Deleted C:\Users\Public\Pokki Deleted C:\Users\amado\AppData\Local\Host App Service Deleted C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\abb-acer@amazon.com ***** [ Files ] ***** Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk Deleted C:\Windows\ServiceProfiles\LocalService\Desktop\App Explorer.lnk Deleted C:\Windows\ServiceProfiles\NetworkService\Desktop\App Explorer.lnk Deleted C:\Windows\System32\Tasks_Migrated\App Explorer Deleted C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonAssistant.lnk Deleted C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonAssistant.lnk Deleted C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonAssistant (2).lnk Deleted C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonAssistant (2).lnk Deleted C:\Users\amado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonAssistant.lnk Deleted C:\Windows\ServiceProfiles\NetworkService\Favorites\Booking.com.url Deleted C:\Windows\ServiceProfiles\LocalService\Favorites\Booking.com.url Deleted C:\Users\amado\Favorites\Booking.com.url ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted C:\Windows\System32\Tasks\App Explorer ***** [ Registry ] ***** Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service Deleted HKCU\Software\Host App Service Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B21B283-16ED-4867-ABF7-15CAF389F57F} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer Deleted HKCU\Software\Classes\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp Deleted HKU\S-1-5-18\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp Deleted HKCU\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp Deleted HKU\.DEFAULT\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp Deleted HKLM\Software\Wow6432Node\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F5415905096AA504A9FB967C7A138943 Deleted HKLM\Software\Wow6432Node\AppDataLow\Software\Amazon\AmazonAssistant Deleted HKLM\Software\Wow6432Node\Classes\AppID\AmazonAppIE.dll Deleted HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll Deleted HKLM\SYSTEM\Setup\FirstBoot\Services\Amazon Assistant Service Deleted HKLM\Software\Wow6432Node\Classes\Interface\{571139B2-8D93-4B29-9AA9-496EF27D6AF8} Deleted HKLM\Software\Classes\Interface\{571139B2-8D93-4B29-9AA9-496EF27D6AF8} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{BFF94CF8-2D3B-4B2F-BB83-3600280AFEBA} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{3268A00F-D329-42E1-ABF0-E78D5656BA2A} Deleted HKLM\Software\Classes\Interface\{3268A00F-D329-42E1-ABF0-E78D5656BA2A} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{F18AE3C4-D2AD-42AC-9282-509DCF035D06} Deleted HKLM\Software\Classes\AppID\{F18AE3C4-D2AD-42AC-9282-509DCF035D06} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ddcea2a-7b00-4349-8acb-af7ba6da251f} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ddcea2a-7b00-4349-8acb-af7ba6da251f} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ddcea2a-7b00-4349-8acb-af7ba6da251f} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ddcea2a-7b00-4349-8acb-af7ba6da251f} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C Deleted HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C Deleted HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769} Deleted HKLM\Software\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774} Deleted HKLM\Software\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77} Deleted HKLM\Software\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9} Deleted HKLM\Software\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB} Deleted HKLM\Software\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2} Deleted HKLM\Software\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9} Deleted HKLM\Software\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C} Deleted HKLM\Software\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D} Deleted HKLM\Software\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205} Deleted HKLM\Software\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205} Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\titan.service.amazonbrowserapp.co.uk Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.co.uk Deleted HKCU\Software\SSProtect Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant ***** [ Chromium (and derivatives) ] ***** Deleted Amazon Assistant for Chrome Deleted Avira SafeSearch Plus ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** Deleted Amazon Assistant for Firefox ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [9869 octets] - [29/03/2019 19:37:09] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########