# ------------------------------- # Malwarebytes AdwCleaner 7.1.1.0 # ------------------------------- # Build: 04-27-2018 # Database: 2018-05-07.1 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 05-08-2018 # Duration: 00:00:18 # OS: Windows 7 Home Premium # Cleaned: 155 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\ProgramData\B604CCB3 Deleted C:\Windows\Temp\APN-Stub Deleted C:\Users\NGOC TRAC LE\AppData\Roaming\Microsoft\Windows\Start Menu\Video Converter Deleted C:\Users\NGOC TRAC LE\AppData\Local\Mobogenie Deleted C:\Users\NGOC TRAC LE\Documents\Mobogenie Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPlayer Deleted C:\Program Files (x86)\VideoPlayer Deleted C:\Program Files (x86)\VideoConverter ***** [ Files ] ***** Deleted C:\Users\NGOC TRAC LE\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx Deleted C:\Users\NGOC TRAC LE\daemonprocess.txt ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted C:\Windows\System32\Tasks\4817 ***** [ Registry ] ***** Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b604ccb3} Deleted HKLM\Software\Wow6432Node\5c0dfdeb63ce443 Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce0B6B37A14A1C4DE2AFE27DBF855F5235 Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUser075F270CC496489BB05C7BEC4D64FB2B Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D3A23BC-5E44-4F9F-AAAF-6CBA54969755} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D3A23BC-5E44-4F9F-AAAF-6CBA54969755} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4817 Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C025A174-B360-4A90-AB9C-4377080F485} Deleted HKU\S-1-5-18\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp Deleted HKCU\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp Deleted HKU\S-1-5-20\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp Deleted HKU\S-1-5-19\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp Deleted HKU\.DEFAULT\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp Deleted HKLM\Software\Wow6432Node\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe Deleted HKLM\Software\Classes\Amazon1ButtonRuntime.Amazon1ButtonRuntime Deleted HKLM\Software\Classes\Amazon1ButtonRuntime.AmazonRuntimeServer Deleted HKLM\Software\Classes\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\Amazon Assistant Service Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Deleted HKCU\Software\BrowserCompanion Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Deleted HKLM\Software\Wow6432Node\5da059a482fd494db3f252126fbc3d5b Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\New Windows\Allow|*.crossrider.com Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1 Deleted HKCU\Software\Yahoo\YFriendsBar Deleted HKCU\Software\AppDataLow\Software\Yahoo\Companion Deleted HKCU\Software\Yahoo\Companion Deleted HKLM\Software\Wow6432Node\Yahoo\Companion Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Video Converter Deleted HKLM\Software\Wow6432Node\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C Deleted HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{981b174d-7733-4e7f-b89d-6545a7c21838} Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|HealerCheckout.exe Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769} Deleted HKLM\Software\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450} Deleted HKLM\Software\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{6557DB6C-EFE1-45AC-92A6-FBB1554B7502} Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} Deleted HKLM\Software\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8} Deleted HKLM\Software\Classes\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B} Deleted HKLM\Software\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{0757C9D8-D8A3-33F5-CEE2-11D09918BA8F} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{ADEA3C4E-2184-40A2-9556-488456427E80} Deleted HKLM\Software\Classes\TypeLib\{ADEA3C4E-2184-40A2-9556-488456427E80} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1} Deleted HKLM\Software\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{DEF4ED0D-E666-4631-A35A-A634332F0550} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{B162A975-6C7C-4202-9167-306028913A3D} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{98ED0D10-F1FC-4113-A095-9BD7F96040C9} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Deleted HKLM\Software\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E} Deleted HKLM\Software\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033} Deleted HKLM\Software\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Deleted HKLM\Software\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377} Deleted HKLM\Software\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Deleted HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Deleted HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Deleted HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Deleted HKLM\Software\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{869E753F-BD0D-4832-8131-94FEEE058AE3} Deleted HKLM\Software\Classes\Interface\{869E753F-BD0D-4832-8131-94FEEE058AE3} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB} Deleted HKLM\Software\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C} Deleted HKLM\Software\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Deleted HKLM\Software\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982} Deleted HKLM\Software\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E} Deleted HKLM\Software\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0} Deleted HKLM\Software\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3} Deleted HKLM\Software\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3} Deleted HKLM\Software\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C} Deleted HKLM\Software\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{5D9E7BE9-95E5-4392-8CD2-D82DE89589ED} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B} Deleted HKLM\Software\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B} Deleted HKLM\Software\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Deleted HKLM\Software\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{2D77AC8A-0A4C-40D0-9557-51907A575E45} Deleted HKLM\Software\Classes\TypeLib\{2D77AC8A-0A4C-40D0-9557-51907A575E45} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93} Deleted HKLM\Software\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{0BBF19A5-BE50-4E06-A340-6777A505E490} Deleted HKLM\Software\Classes\Interface\{0BBF19A5-BE50-4E06-A340-6777A505E490} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Deleted HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{01AD9322-02FF-4F4F-AC52-92FDA5AE65F0} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Deleted HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} Deleted HKLM\Software\Wow6432Node\VideoPlayer Deleted HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1488127205-2302878940-3680074537-1001\Software\Storimbo Deleted HKLM\Software\Wow6432Node\{6791A2F3-FC80-475C-A002-C014AF797E9C} Deleted HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Deleted HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1488127205-2302878940-3680074537-1001\Software\SweetIM Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\WinZip Malware Protector ***** [ Chromium (and derivatives) ] ***** Deleted Itineraire - Offres shopping Deleted Lightning Newtab Deleted Wajam ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########