# ------------------------------- # Malwarebytes AdwCleaner 7.2.7.0 # ------------------------------- # Build: 01-30-2019 # Database: 2019-02-15.6 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 02-19-2019 # Duration: 00:00:04 # OS: Windows 10 Home # Cleaned: 54 # Failed: 0 ***** [ Services ] ***** Deleted Amazon 1Button App Service ***** [ Folders ] ***** Deleted C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service Deleted C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service Deleted C:\Users\essel\AppData\Local\Host App Service Deleted C:\Users\essel\AppData\LocalLow\BubblesPop Deleted C:\Users\essel\AppData\LocalLow\MiNiNews ***** [ Files ] ***** Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk Deleted C:\Windows\ServiceProfiles\LocalService\Desktop\App Explorer.lnk Deleted C:\Windows\ServiceProfiles\NetworkService\Desktop\App Explorer.lnk Deleted C:\Windows\ServiceProfiles\NetworkService\Favorites\Booking.com.url Deleted C:\Windows\ServiceProfiles\LocalService\Favorites\Booking.com.url Deleted C:\Users\essel\Favorites\Booking.com.url Deleted C:\Windows\System32\LavasoftTcpService64.dll Deleted C:\Windows\SysWOW64\lavasofttcpservice.dll ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Host App Service Deleted HKLM\Software\Wow6432Node\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F5415905096AA504A9FB967C7A138943 Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe Deleted HKLM\SYSTEM\Setup\FirstBoot\Services\Amazon 1Button App Service Deleted HKLM\Software\Wow6432Node\Classes\AppID\AmazonAppIE.dll Deleted HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll Deleted HKLM\Software\Wow6432Node\Classes\Interface\{571139B2-8D93-4B29-9AA9-496EF27D6AF8} Deleted HKLM\Software\Classes\Interface\{571139B2-8D93-4B29-9AA9-496EF27D6AF8} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{3268A00F-D329-42E1-ABF0-E78D5656BA2A} Deleted HKLM\Software\Classes\Interface\{3268A00F-D329-42E1-ABF0-E78D5656BA2A} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C Deleted HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C Deleted HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C Deleted HKLM\Software\Wow6432Node\Classes\AppID\OverlayIcon.DLL Deleted HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769} Deleted HKLM\Software\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5} Deleted HKLM\Software\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5} Deleted HKLM\Software\Wow6432Node\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474} Deleted HKLM\Software\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474} Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} Deleted HKLM\Software\Wow6432Node\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B} Deleted HKLM\Software\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B} Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057} Deleted HKLM\Software\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057} Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** Deleted AVG Secure Search Deleted AVG Secure Search Deleted Softonic FR Deleted Softonic FR ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [6593 octets] - [19/02/2019 13:08:25] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########