# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-10-01.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-03-2018
# Duration: 00:00:13
# OS: Windows 10 Home
# Cleaned: 126
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Fabrice\AppData\Roaming\Microleaves
Deleted C:\Users\Fabrice\AppData\LocalLow\AskToolbar
Deleted C:\ProgramData\UAB
Deleted C:\Users\Fabrice\AppData\Local\FileViewPro
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player
Deleted C:\Program Files (x86)\FLV Player
Deleted C:\Users\Fabrice\AppData\Roaming\Interstatnogui
Deleted C:\Users\Fabrice\AppData\Roaming\mipony
Deleted C:\Users\Fabrice\AppData\Local\YSearchUtil
Deleted C:\Users\Fabrice\AppData\Local\genienext
Deleted C:\Program Files (x86)\DriverToolkit
Deleted C:\Users\Fabrice\AppData\Local\DriverToolkit
Deleted C:\Program Files (x86)\Mobogenie
Deleted C:\Users\Fabrice\AppData\Local\Mobogenie
Deleted C:\Users\Fabrice\Documents\Mobogenie
Deleted C:\Users\Fabrice\AppData\Roaming\BrowserExtensions
Deleted C:\Users\Fabrice\AppData\Local\MalwareProtectionLive
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Powzip
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Solvusoft
Deleted C:\Users\Fabrice\AppData\Roaming\UpProVerified
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Up Pro (Verified)

***** [ Files ] *****

Deleted C:\Users\Fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\wldnljfx.default\searchplugins\daemon-search.xml
Deleted C:\Users\Fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\wldnljfx.default\searchplugins\yahoo_ff.xml
Deleted C:\Users\Fabrice\appdata\local\installationconfiguration.xml
Deleted C:\Users\Fabrice\daemonprocess.txt
Deleted C:\Users\Fabrice\AppData\Local\Main.dat
Deleted C:\Windows\SysWOW64\findit.xml

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

Deleted C:\Users\Fabrice\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
Deleted C:\Users\Fabrice\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Deleted C:\Users\Fabrice\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\LaunchSignup
Deleted C:\Windows\System32\Tasks\SoftUpgrade
Deleted C:\Windows\System32\Tasks\YourFile Update

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\mtQuoteex
Deleted HKLM\Software\Wow6432Node\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs - "C:\ProgramData\Quoteex\Holdair.dll"
Deleted HKLM\SOFTWARE\313c963b401b74512ec818f7aeefa8d0
Deleted HKLM\SOFTWARE\0463b5cd5d3873f14c83c9783c77a087
Deleted HKLM\Software\Wow6432Node\Conduit
Deleted HKLM\Software\Wow6432Node\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Deleted HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Deleted HKU\S-1-5-18\Software\IBUpdaterService
Deleted HKU\.DEFAULT\Software\IBUpdaterService
Deleted HKCU\Software\Interstatnogui
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Browser Extensions
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\NextLive
Deleted HKLM\Software\Wow6432Node\TWEAKBIT
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
Deleted HKCU\Software\ImInstaller
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
Deleted HKLM\Software\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Deleted HKCU\Software\Classes\Applications\interstatnogui.exe
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
Deleted HKLM\Software\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Deleted HKLM\Software\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Deleted HKLM\Software\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Deleted HKLM\Software\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{923AFEB1-8CD9-42DB-9C29-DBEC50BA4388}
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8CB69E1A-7697-4631-8483-437A79E93C5F}
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92578A0B-2009-4AF5-BE28-4372A91D240F}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92578A0B-2009-4AF5-BE28-4372A91D240F}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup
Deleted HKU\.DEFAULT\Environment|SNP
Deleted HKU\S-1-5-18\Environment|SNP
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB4251E2-D3A5-4CDA-9341-B96AEEDDDF31}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB4251E2-D3A5-4CDA-9341-B96AEEDDDF31}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SoftUpgrade
Deleted HKCU\Software\AppDataLow\Software\Browser Extensions
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90E4CD0C-426F-4207-805B-7885AB32D43F}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAE9BEC8-4723-4347-AFC6-25EE3326BA5B}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61db39d5-034c-45c0-8bb2-daf857edcf3b}
Deleted HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61db39d5-034c-45c0-8bb2-daf857edcf3b}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1672163f-8651-4c0d-9c05-4ba941123972}
Deleted HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1672163f-8651-4c0d-9c05-4ba941123972}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC476340-E334-496E-BA8C-2622BDBD5089}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile Update
Deleted HKLM\Software\Wow6432Node\SHMADDON
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F26F9E3E-D06D-4CDF-A062-3C20729F1457}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F26F9E3E-D06D-4CDF-A062-3C20729F1457}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System\SystemChecks

***** [ Chromium (and derivatives) ] *****

Deleted Yahoo pour Chrome

***** [ Chromium URLs ] *****

Deleted DAEMON Search

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

Deleted file:///C:/ProgramData/Quoteexs/ff.HP
Not Deleted suggestqueries.google.com
Deleted file:///C:/ProgramData/Quoteexs/ff.HP


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [15311 octets] - [03/10/2018 23:11:17]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########