# AdwCleaner 7.0.6.0 - Logfile created on Sat Jan 06 10:57:11 2018 # Updated on 2017/21/12 by Malwarebytes # Database: 12-21-2017.1 # Running on Windows 10 Home (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** PUP.Optional.Legacy, WtuSystemSupport ***** [ Folders ] ***** PUP.Optional.Legacy, C:\ProgramData\AVG Secure Search PUP.Optional.Legacy, C:\ProgramData\Application Data\AVG Secure Search PUP.Optional.Legacy, C:\Program Files\Common Files\AVG Secure Search PUP.Optional.Legacy, C:\Users\All Users\AVG Secure Search PUP.Optional.Legacy, C:\ProgramData\AVG Security Toolbar PUP.Optional.Legacy, C:\ProgramData\Application Data\AVG Security Toolbar PUP.Optional.Legacy, C:\Users\All Users\AVG Security Toolbar PUP.Optional.Legacy, C:\Users\RandySp\AppData\Local\avg web tuneup PUP.Optional.Legacy, C:\ProgramData\Pokki PUP.Optional.Legacy, C:\ProgramData\Application Data\Pokki PUP.Optional.Legacy, C:\Users\All Users\Pokki PUP.Optional.Legacy, C:\Users\Default\AppData\Local\Pokki PUP.Optional.Legacy, C:\Users\Default User\AppData\Local\Pokki PUP.Optional.Legacy, C:\Users\Public\Pokki PUP.Optional.Legacy, C:\Users\RandySp\AppData\Local\Pokki PUP.Optional.Booking, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com PUP.Optional.Booking, C:\Program Files\Booking.com PUP.Optional.Booking, C:\Program Files (x86)\Booking.com PUP.Optional.Bandoo.AppFlsh, C:\Users\RandySp\AppData\Roaming\FirefoxToolbar ***** [ Files ] ***** PUP.Optional.Legacy, C:\Users\RandySp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk PUP.Optional.Legacy, C:\Users\RandySp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk PUP.Optional.PCAppStore, C:\Users\RandySp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\AVG Secure Search PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3669440298-1739476700-4279047772-1001\Software\Pokki PUP.Optional.Legacy, [Key] - HKCU\Software\Pokki PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\AVG Tuneup PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5} PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-3669440298-1739476700-4279047772-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | Pokki PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\AllFileSystemObjects\shell\pokki PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Directory\shell\pokki PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Drive\shell\pokki PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\lnkfile\shell\pokki PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe | {8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe | {8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\chrome.exe | {8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\firefox.exe | {8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\iexplore.exe | {8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_removal_tool.exe | {8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_reporter_tool.exe | {8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb PUP.Optional.Booking, [Key] - HKU\S-1-5-21-3669440298-1739476700-4279047772-1001\Software\Booking.com PUP.Optional.Booking, [Key] - HKCU\Software\Booking.com PUP.Optional.Trovi, [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx | {8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD}.SDB PUP.Optional.SettingsManager, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B} PUP.Optional.InstallCore, [Key] - HKU\S-1-5-21-3669440298-1739476700-4279047772-1001\Software\csastats PUP.Optional.InstallCore, [Key] - HKCU\Software\csastats PUP.Optional.EoRezo, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WarThunder PUP.Optional.ProductSetup.A, [Key] - HKU\S-1-5-21-3669440298-1739476700-4279047772-1001\Software\PRODUCTSETUP PUP.Optional.ProductSetup.A, [Key] - HKCU\Software\PRODUCTSETUP PUP.Optional.Linkey, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} PUP.Adware.Heuristic, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_a65116cdc0b4377bed428e280c19949d56248d11 ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [3590 B] - [2015/1/2 19:22:52] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########