# AdwCleaner v6.044 - Logfile created 27/03/2017 at 15:59:48 # Updated on 28/02/2017 by Malwarebytes # Database : 2017-03-27.1 [Server] # Operating System : Windows 10 Home (X64) # Username : J.P Meusureux - JPMEUSUREUX-PC # Running from : C:\Users\J.P Meusureux\Downloads\adwcleaner_6.044.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\Program Files\ByteFence [-] Folder deleted: C:\ProgramData\ByteFence [#] Folder deleted on reboot: C:\ProgramData\Application Data\ByteFence [-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot [-] Folder deleted: C:\Users\J.P Meusureux\AppData\Local\Google\Chrome\User Data\Default\Extensions\gobbnicjoijcfndfmmfjnfgldgcnjibl [-] Folder deleted: C:\Users\J.P Meusureux\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gobbnicjoijcfndfmmfjnfgldgcnjibl ***** [ Files ] ***** [-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk [-] File deleted: C:\Users\J.P Meusureux\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gobbnicjoijcfndfmmfjnfgldgcnjibl_0.localstorage [-] File deleted: C:\Users\J.P Meusureux\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gobbnicjoijcfndfmmfjnfgldgcnjibl_0.localstorage-journal ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** [-] Task deleted: ByteFence ***** [ Registry ] ***** [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService [-] Key deleted: HKU\.DEFAULT\Software\xvb`lj [-] Key deleted: HKU\S-1-5-21-4140145555-2342484209-1620211677-1000\Software\SwytShop [-] Key deleted: HKU\S-1-5-21-4140145555-2342484209-1620211677-1000\Software\C84E [-] Key deleted: HKU\S-1-5-21-4140145555-2342484209-1620211677-1000\Software\Genius [#] Key deleted on reboot: HKU\S-1-5-18\Software\xvb`lj [#] Key deleted on reboot: HKCU\Software\SwytShop [#] Key deleted on reboot: HKCU\Software\C84E [#] Key deleted on reboot: HKCU\Software\Genius [-] Key deleted: HKLM\SOFTWARE\xvb`lj [-] Key deleted: HKLM\SOFTWARE\msServer [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 [#] Key deleted on reboot: [x64] HKCU\Software\SwytShop [#] Key deleted on reboot: [x64] HKCU\Software\C84E [#] Key deleted on reboot: [x64] HKCU\Software\Genius [-] Key deleted: [x64] HKLM\SOFTWARE\xvb`lj [-] Data restored: HKU\S-1-5-21-4140145555-2342484209-1620211677-1000\Software\Microsoft\Internet Explorer\Main [Start Page] [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] [-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] [-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] [-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com [-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [AppTrailers] [-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [LocalWiFiService] ***** [ Web browsers ] ***** [-] Firefox preferences cleaned: "browser.search.selectedEngine" - "Yahoo! Powered" [-] Firefox preferences cleaned: "browser.search.defaultenginename" - "Yahoo! Powered" [-] Firefox preferences cleaned: "browser.startup.homepage" - "hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_12¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDyC0D0CyBtAyCtByE0D0A0E0D0AyCtN0D0Tzu0StCzytCtCtN1L2XzutAtFtByBtFyEtFyCtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEyCzy0BtDyCzyyBtGtByCtCtAtGzzzztC0BtGyCyEtDtBtG0AyDzz0CyCyD0DtC0E0F0CtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0C0ByC0Azy0BtGtD0AyEzztGyEtDyDzytGzy0FtA0DtG0BtCyDyEtCzyyDzytDtCyBzy2QtN0A0LzuyE%26cr%3D1754789830%26a%3Dwbf_frmr_17_12%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome" [-] [C:\Users\J.P Meusureux\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Deleted: yahoo! powered [-] [C:\Users\J.P Meusureux\AppData\Local\Chromium\User Data\Default] [startup_urls] Deleted: hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_12¶m1=1¶m2=f%3D7%26b%3Dchmm%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDyC0D0CyBtAyCtByE0D0A0E0D0AyCtN0D0Tzu0StCzytCtCtN1L2XzutAtFtByBtFyEtFyCtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEyCzy0BtDyCzyyBtGtByCtCtAtGzzzztC0BtGyCyEtDtBtG0AyDzz0CyCyD0DtC0E0F0CtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0C0ByC0Azy0BtGtD0AyEzztGyEtDyDzytGzy0FtA0DtG0BtCyDyEtCzyyDzytDtCyBzy2QtN0A0LzuyE%26cr%3D1754789830%26a%3Dwbf_frmr_17_12%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome [-] [C:\Users\J.P Meusureux\AppData\Local\Chromium\User Data\Default] [homepage] Deleted: hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_12¶m1=1¶m2=f%3D1%26b%3Dchmm%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDyC0D0CyBtAyCtByE0D0A0E0D0AyCtN0D0Tzu0StCzytCtCtN1L2XzutAtFtByBtFyEtFyCtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEyCzy0BtDyCzyyBtGtByCtCtAtGzzzztC0BtGyCyEtDtBtG0AyDzz0CyCyD0DtC0E0F0CtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0C0ByC0Azy0BtGtD0AyEzztGyEtDyDzytGzy0FtA0DtG0BtCyDyEtCzyyDzytDtCyBzy2QtN0A0LzuyE%26cr%3D1754789830%26a%3Dwbf_frmr_17_12%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome [-] [C:\Users\J.P Meusureux\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: gobbnicjoijcfndfmmfjnfgldgcnjibl ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [7590 Bytes] - [27/03/2017 15:59:48] C:\AdwCleaner\AdwCleaner[S0].txt - [7060 Bytes] - [27/03/2017 15:58:58] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7736 Bytes] ##########