# AdwCleaner v6.047 - Logfile created 03/06/2017 at 17:21:39 # Updated on 19/05/2017 by Malwarebytes # Database : 2017-06-02.2 [Server] # Operating System : Windows 10 Pro (X64) # Username : HSC - HANIFA # Running from : C:\Users\HSC\Desktop\adwcleaner_6.047.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** Folder Found: C:\ProgramData\Mistl Folder Found: C:\ProgramData\Application Data\Mistl Folder Found: C:\Users\HSC\AppData\Roaming\Mozilla\Firefox\Profiles\6pih6go9.default-1453919690407\extensions\{068e178c-61a9-4a63-b74f-87404a6f5ea1} Folder Found: C:\Users\HSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc Folder Found: C:\Users\HSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\floipahigmmkfhkoapmnijnlnboniglg ***** [ Files ] ***** File Found: C:\Users\HSC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_floipahigmmkfhkoapmnijnlnboniglg_0.localstorage File Found: C:\Users\HSC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_floipahigmmkfhkoapmnijnlnboniglg_0.localstorage-journal ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** Task Found: LaunchPreSignup Task Found: Newsfeed Task Found: ScheduledScan Task Found: Mistl Task Found: mistl Task Found: newsfeed Task Found: drv update ***** [ Registry ] ***** Key Found: HKLM\SOFTWARE\Classes\AppID\{6DD1B906-45FA-4A57-9AC6-01108C25067F} Value Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{2ED35963-FCC9-4698-B619-787FE1C75079}] Key Found: HKU\S-1-5-21-3559785478-2585440320-1797854511-1001\Software\ARHome Key Found: HKU\S-1-5-21-3559785478-2585440320-1797854511-1001\Software\NoVooITSet Key Found: HKU\S-1-5-21-3559785478-2585440320-1797854511-1001\Software\PRODUCTSETUP Key Found: HKU\S-1-5-21-3559785478-2585440320-1797854511-1001\Software\Vonteera Safe ads Key Found: HKCU\Software\ARHome Key Found: HKCU\Software\NoVooITSet Key Found: HKCU\Software\PRODUCTSETUP Key Found: HKCU\Software\Vonteera Safe ads Key Found: HKLM\SOFTWARE\Conduit Key Found: [x64] HKCU\Software\ARHome Key Found: [x64] HKCU\Software\NoVooITSet Key Found: [x64] HKCU\Software\PRODUCTSETUP Key Found: [x64] HKCU\Software\Vonteera Safe ads Key Found: HKCU\Software\Google\Chrome\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd Key Found: [x64] HKCU\Software\Google\Chrome\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd ***** [ Web browsers ] ***** No malicious Firefox based browser items found. Chrome pref Found: [C:\Users\HSC\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com Chrome pref Found: [C:\Users\HSC\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com Chrome pref Found: [C:\Users\HSC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - bknbnapaddjdnbilpmlacdkjdkjmbjhd Chrome pref Found: [C:\Users\HSC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - floipahigmmkfhkoapmnijnlnboniglg Chrome pref Found: [C:\Users\HSC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - okanipcmceoeemlbjnmnbdibhgpbllgc [!] You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. Please consult this Google help: https://support.google.com/chrome/answer/3097271?hl=en [!] ************************* C:\AdwCleaner\AdwCleaner[S0].txt - [3773 Bytes] - [03/06/2017 17:21:39] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3846 Bytes] ##########