# AdwCleaner 7.0.6.0 - Logfile created on Sat Jan 06 10:58:42 2018
# Updated on 2017/21/12 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: WtuSystemSupport


***** [ Folders ] *****

Deleted: C:\ProgramData\AVG Secure Search
Deleted: C:\ProgramData\Application Data\AVG Secure Search
Deleted: C:\Program Files\Common Files\AVG Secure Search
Deleted: C:\Users\All Users\AVG Secure Search
Deleted: C:\ProgramData\AVG Security Toolbar
Deleted: C:\ProgramData\Application Data\AVG Security Toolbar
Deleted: C:\Users\All Users\AVG Security Toolbar
Deleted: C:\Users\RandySp\AppData\Local\avg web tuneup
Deleted: C:\ProgramData\Pokki
Deleted: C:\ProgramData\Application Data\Pokki
Deleted: C:\Users\All Users\Pokki
Deleted: C:\Users\Default\AppData\Local\Pokki
Deleted: C:\Users\Default User\AppData\Local\Pokki
Deleted: C:\Users\Public\Pokki
Deleted: C:\Users\RandySp\AppData\Local\Pokki
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com
Deleted: C:\Program Files\Booking.com
Deleted: C:\Program Files (x86)\Booking.com
Deleted: C:\Users\RandySp\AppData\Roaming\FirefoxToolbar


***** [ Files ] *****

Deleted: C:\Users\RandySp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
Deleted: C:\Users\RandySp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
Deleted: C:\Users\RandySp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\AVG Secure Search
Deleted: [Key] - HKU\S-1-5-21-3669440298-1739476700-4279047772-1001\Software\Pokki
Deleted: [Key] - HKCU\Software\Pokki
Deleted: [Key] - HKLM\SOFTWARE\AVG Tuneup
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
Deleted: [Value] - HKU\S-1-5-21-3669440298-1739476700-4279047772-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Pokki
Deleted: [Key] - HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Deleted: [Key] - HKCU\Software\Classes\Directory\shell\pokki
Deleted: [Key] - HKCU\Software\Classes\Drive\shell\pokki
Deleted: [Key] - HKCU\Software\Classes\lnkfile\shell\pokki
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_removal_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_reporter_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted: [Key] - HKU\S-1-5-21-3669440298-1739476700-4279047772-1001\Software\Booking.com
Deleted: [Key] - HKCU\Software\Booking.com
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx|{8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD}.SDB
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}
Deleted: [Key] - HKU\S-1-5-21-3669440298-1739476700-4279047772-1001\Software\csastats
Deleted: [Key] - HKCU\Software\csastats
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WarThunder
Deleted: [Key] - HKU\S-1-5-21-3669440298-1739476700-4279047772-1001\Software\PRODUCTSETUP
Deleted: [Key] - HKCU\Software\PRODUCTSETUP
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_a65116cdc0b4377bed428e280c19949d56248d11


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [3590 B] - [2015/1/2 19:22:52]
C:/AdwCleaner/AdwCleaner[S1].txt - [6544 B] - [2018/1/6 10:57:11]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########