# AdwCleaner 7.0.8.0 - Logfile created on Wed Apr 04 20:38:25 2018 # Updated on 2018/08/02 by Malwarebytes # Running on Windows 10 Home (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** Deleted: 152438d6a1a99da4958b37478156c197 Deleted: 75df57d52ecd112448d2b7e69b3ab73a Deleted: 93509b2d85073eea36054792237580dd ***** [ Folders ] ***** Deleted: C:\Windows\System32\\SSL Deleted: C:\Windows\SysWOW64\\SSL Deleted: C:\Program Files (x86)\DriverUpdaterPlus Deleted: C:\ProgramData\Logic Cramble Deleted: C:\ProgramData\Application Data\Logic Cramble Deleted: C:\Users\All Users\Logic Cramble Deleted: C:\ProgramData\Subairs Deleted: C:\ProgramData\Application Data\Subairs Deleted: C:\Users\All Users\Subairs Deleted: C:\ProgramData\PrefsSecure Deleted: C:\ProgramData\Application Data\PrefsSecure Deleted: C:\Users\All Users\PrefsSecure Deleted: C:\Program Files (x86)\ProxyGate Deleted: C:\Windows\\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} Deleted: C:\ProgramData\Subair Deleted: C:\ProgramData\Application Data\Subair Deleted: C:\Users\All Users\Subair Deleted: C:\Program Files\152438d6a1a99da4958b37478156c197 Deleted: C:\Program Files\6a2e64d8dbd7ec839006c1c20b2819b3 ***** [ Files ] ***** Deleted: C:\Users\Raada\AppData\Local\Main.dat Deleted: C:\Windows\System32\config\systemprofile\appdata\local\installationconfiguration.xml Deleted: C:\Users\Raada\appdata\local\installationconfiguration.xml Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk Deleted: C:\Windows\\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} Deleted: C:\Windows\System32\findit.xml Deleted: C:\Windows\SysWOW64\findit.xml ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk[%SNP%] Cleaned: C:\Users\Public\Desktop\Google Chrome.lnk[%SNP%] Cleaned: C:\Users\Raada\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk[%SNP%] Cleaned: C:\Users\Raada\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk[%SNP%] ***** [ Tasks ] ***** Deleted: InstallShield® Update Service Scheduler Deleted: Optimize Thumbnail Cache Files Deleted: 152438d6a1a99da4958b37478156c197 Deleted: psv_Sanit ***** [ Registry ] ***** Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKCU\Software\Classes\Applications\interstatnogui.exe Deleted: [Key] - HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs [C:\ProgramData\Subair\U-air.dll] Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6604DA2E-424D-40E2-89DC-22A6E7CB8415} Deleted: [Key] - HKLM\SOFTWARE\Jawego Deleted: [Key] - HKU\S-1-5-21-503127206-489687179-509319998-1001\Software\Jawego Deleted: [Key] - HKCU\Software\Jawego Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 Deleted: [Key] - HKLM\SOFTWARE\mtSubair Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Subair.exe Deleted: [Key] - HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014} Deleted: [Key] - HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Online Application\ Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\ Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\ ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** SearchProvider deleted: SweetIM Search - sweetim.com SearchProvider deleted: Conduit - search.conduit.com SearchProvider deleted: MyStart Search - mystart.incredibar.com/mb106 SearchProvider deleted: Search the web (Babylon) - babylon.com ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [6369 B] - [2018/4/4 20:36:59] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########