# AdwCleaner 7.0.6.0 - Logfile created on Tue Jan 16 21:00:14 2018 # Updated on 2017/21/12 by Malwarebytes # Running on Windows 7 Home Premium (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** Deleted: Windows Node ***** [ Folders ] ***** Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\AdvinstAnalytics Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\AdvinstAnalytics Deleted: C:\Users\Default\AppData\Local\AdvinstAnalytics Deleted: C:\Users\Default User\AppData\Local\AdvinstAnalytics Deleted: C:\Windows\WinKit Deleted: C:\Windows\WinKit Deleted: C:\Program Files (x86)\WeatherChickn Deleted: C:\ProgramData\Utatity Deleted: C:\ProgramData\Application Data\Utatity Deleted: C:\Users\All Users\Utatity Deleted: C:\ProgramData\Utatitys Deleted: C:\ProgramData\Application Data\Utatitys Deleted: C:\Users\All Users\Utatitys Deleted: C:\Microleaves Deleted: C:\ProgramData\Microleaves Deleted: C:\ProgramData\Application Data\Microleaves Deleted: C:\Program Files (x86)\Microleaves Deleted: C:\Users\All Users\Microleaves Deleted: C:\Users\redouanne\AppData\Roaming\Microleaves Deleted: C:\Program Files (x86)\ContentPush Deleted: C:\Program Files (x86)\Corteli Deleted: C:\Users\redouanne\AppData\Local\GenericTools ***** [ Files ] ***** Deleted: C:\Users\redouanne\AppData\Roaming\\agent.dat Deleted: C:\Users\redouanne\AppData\Roaming\\InstallationConfiguration.xml Deleted: C:\Users\redouanne\AppData\Roaming\\Installer.dat Deleted: C:\Users\redouanne\AppData\Roaming\\noah.dat Deleted: C:\Users\redouanne\AppData\Roaming\\Config.xml Deleted: C:\Users\redouanne\AppData\Roaming\\md.xml Deleted: C:\Windows\System32\findit.xml Deleted: C:\Windows\SysWOW64\findit.xml ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted: Online Application V2G1 Deleted: Online Application V2G3 Deleted: Online Application V2G2 Deleted: Traffic Exchange Updater Deleted: Traffic Exchange Guard Deleted: Online Application v2 Guardian Deleted: Online Application Updater Deleted: Online Application v2 Deleted: Online Application Guardian Deleted: Online Application v2 Guard Deleted: Online Application Guard Deleted: Traffic Exchange Guardian Deleted: Traffic Exchange Deleted: Online Application Deleted: Updater_Online_Application ***** [ Registry ] ***** Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\safefinder.com Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.safefinder.com Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\testonlinespeed.dl.tb.ask.com Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\weatherblink.dl.tb.ask.com Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A} Deleted: [Key] - HKLM\SOFTWARE\mtUtatity Deleted: [Key] - HKU\S-1-5-21-4060538960-4076228373-212456521-1000\Software\mtUtatity Deleted: [Key] - HKCU\Software\mtUtatity Deleted: [Key] - HKLM\SOFTWARE\Microleaves Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{263A5900-A5C1-4830-A777-3BB2E9040BD2} Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{8AAA620C-DA95-4049-9529-1829997C56F0} Deleted: [Key] - HKU\S-1-5-21-4060538960-4076228373-212456521-1000\Software\InstallCore Deleted: [Key] - HKCU\Software\InstallCore Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKLM\SOFTWARE\Corteli Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Online Application\ Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\ Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\ Deleted: [Key] - HKU\S-1-5-21-4060538960-4076228373-212456521-1000\Software\GenericTools Deleted: [Key] - HKCU\Software\GenericTools Deleted: [Key] - HKU\S-1-5-21-4060538960-4076228373-212456521-1000\Software\myprintscreen.com Deleted: [Key] - HKCU\Software\myprintscreen.com ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** Plugin deleted: Chrome Cleaner Pro - ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [7421 B] - [2018/1/16 20:57:44] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########