# AdwCleaner v6.044 - Logfile created 25/03/2017 at 16:45:49 # Updated on 28/02/2017 by Malwarebytes # Database : 2017-03-23.2 [Local] # Operating System : Windows 8.1 (X64) # Username : Ola - KOMPUTER-OLI # Running from : C:\Users\Ola\Downloads\adwcleaner_6.044.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** Service Found: winzipersvc Service Found: qkseeService Service Found: winsaber Service Found: UncheckitSvc Service Found: cktSvc Service Found: WinSAPSvc Service Found: ed2kidle Service Found: iThemes5 Service Found: WinSnare Service Found: Kyubey ***** [ Folders ] ***** Folder Found: C:\Program Files (x86)\WinSnare(4.1.0) Folder Found: C:\Program Files (x86)\WinSnare(4.3.2) Folder Found: C:\ProgramData\1winp1 Folder Found: C:\ProgramData\2winp2 Folder Found: C:\ProgramData\GwinpG Folder Found: C:\ProgramData\NwinpN Folder Found: C:\ProgramData\pWdMp Folder Found: C:\ProgramData\rWdMr Folder Found: C:\ProgramData\RwinpR Folder Found: C:\Users\Ola\AppData\Local\Zooface Folder Found: C:\Users\Ola\AppData\Local\Hisarah Folder Found: C:\Users\Ola\AppData\Local\Tooltony Folder Found: C:\Users\Ola\AppData\Local\Coldmay Folder Found: C:\Users\Ola\AppData\Roaming\eCyber Folder Found: C:\Users\Ola\AppData\Roaming\istartpageing Folder Found: C:\Users\Ola\AppData\Roaming\Picexa Viewer Folder Found: C:\Users\Ola\AppData\Roaming\TSv Folder Found: C:\Users\Ola\AppData\Roaming\qksee Folder Found: C:\Users\Ola\AppData\Roaming\Uncheckit Folder Found: C:\Users\Ola\AppData\Roaming\WinSAPSvc Folder Found: C:\Users\Ola\AppData\Roaming\aMule Folder Found: C:\Users\Ola\AppData\Roaming\WinSnare Folder Found: C:\Users\Ola\AppData\Roaming\Kyubey Folder Found: C:\Users\Ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC Folder Found: C:\Program Files\wwchromek3 Folder Found: C:\ProgramData\Tmp0x0x Folder Found: C:\ProgramData\Uncheckit Folder Found: C:\ProgramData\Zooface Folder Found: C:\ProgramData\uckt Folder Found: C:\ProgramData\Hisarah Folder Found: C:\ProgramData\WinSAPSvc Folder Found: C:\ProgramData\Application Data\Tmp0x0x Folder Found: C:\ProgramData\Application Data\Uncheckit Folder Found: C:\ProgramData\Application Data\Zooface Folder Found: C:\ProgramData\Application Data\uckt Folder Found: C:\ProgramData\Application Data\Hisarah Folder Found: C:\ProgramData\Application Data\WinSAPSvc Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uncheckit Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ Folder Found: C:\Program Files (x86)\SFK Folder Found: C:\Program Files (x86)\WinZipper Folder Found: C:\Program Files (x86)\qksee Folder Found: C:\Program Files (x86)\Uncheckit Folder Found: C:\Program Files (x86)\Zooface Folder Found: C:\Program Files (x86)\WinSaber Folder Found: C:\Program Files (x86)\winsaber Folder Found: C:\Program Files (x86)\Hisarah Folder Found: C:\Program Files (x86)\InterHop Folder Found: C:\Program Files (x86)\WinArcher Folder Found: C:\Program Files (x86)\UvConverter Folder Found: C:\Program Files (x86)\amuleC Folder Found: C:\Program Files (x86)\winarcher Folder Found: C:\Program Files (x86)\amuleC1 Folder Found: C:\Program Files (x86)\Gubed Folder Found: C:\Program Files (x86)\Tooltony Folder Found: C:\Program Files (x86)\amuleCexx Folder Found: C:\Program Files (x86)\BikaQRss Folder Found: C:\Program Files (x86)\amulell Folder Found: C:\Program Files (x86)\Coldmay Folder Found: C:\Program Files (x86)\deskapp Folder Found: C:\WINDOWS\SysWOW64\_SSpm Folder Found: C:\WINDOWS\SysWOW64\_tWm Folder Found: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Uncheckit Folder Found: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Tencent Folder Found: C:\Program Files (x86)\Firefox Folder Found: C:\ProgramData\WinTools Folder Found: C:\Users\Ola\AppData\Roaming\WinSnare Folder Found: C:\Program Files (x86)\reports Folder Found: C:\Users\Ola\AppData\Roaming\Firefox Folder Found: C:\Users\Ola\AppData\Local\Firefox ***** [ Files ] ***** File Found: C:\Users\Ola\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\qksee.lnk File Found: C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat File Found: C:\ProgramData\Application Data\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat File Found: C:\Program Files (x86)\Common Files\SERVICES\ITHEMES.DLL File Found: C:\Program Files (x86)\settings.dat File Found: C:\Users\Public\Documents\temp.dat File Found: C:\Users\Public\Documents\report.dat ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** Shortcut infected: C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488471310&z=d9802711092bede40039ab8g3z5b5b7zam2gbc0g1o&from=ggg0221&uid=ST750LM022XHN-M750MBB_S2Y7J9AD721488 ) Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ( hxxp://www.nuesearch.com/?type=sc&ts=1468512701&z=0387b3a7d4b6561544e6496g3z0qcbfwcg3o8mee6o&from=wpm0616&uid=ST750LM022XHN-M75 Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.nuesearch.com/?type=sc&ts=1468512701&z=0387b3a7d4b6561544e6496g3z0qcbfwcg3o8mee6o&from=wpm0616&uid=ST750LM022XHN-M Shortcut infected: C:\Users\Ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.nuesearch.com/?type=sc&ts=1468512701&z=0387b3a7d4b6561544e6496g3z0qcbfwcg3o8mee6o&from=wpm0616&uid Shortcut infected: C:\Users\Ola\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www.nuesearch.com/?type=sc&ts=1468512701&z=0387b3a7d4b6561544e6496g3z0qcbfwcg3o8mee6o&from=wpm0616&uid= Shortcut infected: C:\Users\Ola\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.nuesearch.com/?type=sc&ts=1468512701&z=0387b3a7d4b6561544e6496g3z0qcbfwcg3o8mee6 Shortcut infected: C:\Users\Ola\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488471310&z=d9802711092bede40039ab8g3z5b5b7zam Shortcut infected: C:\Users\Ola\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488471310&z=d9802711092bede40039ab8g3z5b5b7z ***** [ Scheduled Tasks ] ***** Task Found: UncheckitTaskMN Task Found: WinTOOL Task Found: Milimili Task Found: BikaQ_FetchAndUpgrade_CanBeDel ***** [ Registry ] ***** Key Found: HKLM\SOFTWARE\Classes\WinZippers.001 Key Found: HKLM\SOFTWARE\Classes\WinZippers.7z Key Found: HKLM\SOFTWARE\Classes\WinZippers.arj Key Found: HKLM\SOFTWARE\Classes\WinZippers.bz2 Key Found: HKLM\SOFTWARE\Classes\WinZippers.bzip2 Key Found: HKLM\SOFTWARE\Classes\WinZippers.cab Key Found: HKLM\SOFTWARE\Classes\WinZippers.cpio Key Found: HKLM\SOFTWARE\Classes\WinZippers.deb Key Found: HKLM\SOFTWARE\Classes\WinZippers.dmg Key Found: HKLM\SOFTWARE\Classes\WinZippers.fat Key Found: HKLM\SOFTWARE\Classes\WinZippers.gz Key Found: HKLM\SOFTWARE\Classes\WinZippers.gzip Key Found: HKLM\SOFTWARE\Classes\WinZippers.hfs Key Found: HKLM\SOFTWARE\Classes\WinZippers.iso Key Found: HKLM\SOFTWARE\Classes\WinZippers.lha Key Found: HKLM\SOFTWARE\Classes\WinZippers.lzh Key Found: HKLM\SOFTWARE\Classes\WinZippers.lzma Key Found: HKLM\SOFTWARE\Classes\WinZippers.ntfs Key Found: HKLM\SOFTWARE\Classes\WinZippers.rar Key Found: HKLM\SOFTWARE\Classes\WinZippers.rpm Key Found: HKLM\SOFTWARE\Classes\WinZippers.squashfs Key Found: HKLM\SOFTWARE\Classes\WinZippers.swm Key Found: HKLM\SOFTWARE\Classes\WinZippers.tar Key Found: HKLM\SOFTWARE\Classes\WinZippers.taz Key Found: HKLM\SOFTWARE\Classes\WinZippers.tbz Key Found: HKLM\SOFTWARE\Classes\WinZippers.tbz2 Key Found: HKLM\SOFTWARE\Classes\WinZippers.tgz Key Found: HKLM\SOFTWARE\Classes\WinZippers.tpz Key Found: HKLM\SOFTWARE\Classes\WinZippers.txz Key Found: HKLM\SOFTWARE\Classes\WinZippers.vhd Key Found: HKLM\SOFTWARE\Classes\WinZippers.wim Key Found: HKLM\SOFTWARE\Classes\WinZippers.xar Key Found: HKLM\SOFTWARE\Classes\WinZippers.xz Key Found: HKLM\SOFTWARE\Classes\WinZippers.z Key Found: HKLM\SOFTWARE\Classes\WinZippers.zip Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowsMangerProtect Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowsMangerProtect Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\PicexaService Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\PicexaService Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdMan Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdMan Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\windowsmangerprotect Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\windowsmangerprotect Key Found: HKLM\SOFTWARE\Classes\PicexaViewer.bmp Key Found: HKLM\SOFTWARE\Classes\PicexaViewer.gif Key Found: HKLM\SOFTWARE\Classes\PicexaViewer.jpeg Key Found: HKLM\SOFTWARE\Classes\PicexaViewer.jpg Key Found: HKLM\SOFTWARE\Classes\PicexaViewer.png Key Found: HKLM\SOFTWARE\Classes\PicexaViewer.tif Key Found: HKLM\SOFTWARE\Classes\qkseeViewer.bmp Key Found: HKLM\SOFTWARE\Classes\qkseeViewer.gif Key Found: HKLM\SOFTWARE\Classes\qkseeViewer.jpeg Key Found: HKLM\SOFTWARE\Classes\qkseeViewer.jpg Key Found: HKLM\SOFTWARE\Classes\qkseeViewer.png Key Found: HKLM\SOFTWARE\Classes\qkseeViewer.tif Key Found: [x64] HKLM\SOFTWARE\Classes\PicexaViewer.bmp Key Found: [x64] HKLM\SOFTWARE\Classes\PicexaViewer.gif Key Found: [x64] HKLM\SOFTWARE\Classes\PicexaViewer.jpeg Key Found: [x64] HKLM\SOFTWARE\Classes\PicexaViewer.jpg Key Found: [x64] HKLM\SOFTWARE\Classes\PicexaViewer.png Key Found: [x64] HKLM\SOFTWARE\Classes\PicexaViewer.tif Key Found: [x64] HKLM\SOFTWARE\Classes\qkseeViewer.bmp Key Found: [x64] HKLM\SOFTWARE\Classes\qkseeViewer.gif Key Found: [x64] HKLM\SOFTWARE\Classes\qkseeViewer.jpeg Key Found: [x64] HKLM\SOFTWARE\Classes\qkseeViewer.jpg Key Found: [x64] HKLM\SOFTWARE\Classes\qkseeViewer.png Key Found: [x64] HKLM\SOFTWARE\Classes\qkseeViewer.tif Key Found: HKU\S-1-5-21-3794669067-3654194230-2469239551-1002\Software\dobreprogramy Key Found: HKU\S-1-5-21-3794669067-3654194230-2469239551-1002\Software\ForumerIT Key Found: HKU\S-1-5-21-3794669067-3654194230-2469239551-1002\Software\PRODUCTSETUP Key Found: HKU\S-1-5-21-3794669067-3654194230-2469239551-1002\Software\V9 Key Found: HKU\S-1-5-21-3794669067-3654194230-2469239551-1002\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I Key Found: HKU\S-1-5-21-3794669067-3654194230-2469239551-1002\Software\qksee Key Found: HKU\S-1-5-21-3794669067-3654194230-2469239551-1002\Software\Uncheckit Key Found: HKU\S-1-5-21-3794669067-3654194230-2469239551-1002\Software\WinSnare Key Found: HKU\S-1-5-21-3794669067-3654194230-2469239551-1002\Software\deskapp Key Found: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3794669067-3654194230-2469239551-1002\Software\Greener Web Key Found: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3794669067-3654194230-2469239551-1002\Software\Solution Real Key Found: HKCU\Software\dobreprogramy Key Found: HKCU\Software\ForumerIT Key Found: HKCU\Software\PRODUCTSETUP Key Found: HKCU\Software\V9 Key Found: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I Key Found: HKCU\Software\qksee Key Found: HKCU\Software\Uncheckit Key Found: HKCU\Software\WinSnare Key Found: HKCU\Software\deskapp Key Found: HKLM\SOFTWARE\hdcode Key Found: HKLM\SOFTWARE\istartpageingSoftware Key Found: HKLM\SOFTWARE\TSv Key Found: HKLM\SOFTWARE\yoursites123Software Key Found: HKLM\SOFTWARE\qkseeSvc Key Found: HKLM\SOFTWARE\qksee Key Found: HKLM\SOFTWARE\Uncheckit Key Found: HKLM\SOFTWARE\ScreenShot Key Found: HKLM\SOFTWARE\WinZiper Key Found: HKLM\SOFTWARE\WinSaberSvc Key Found: HKLM\SOFTWARE\InterHop Key Found: HKLM\SOFTWARE\WinArcher Key Found: HKLM\SOFTWARE\amule-custom Key Found: HKLM\SOFTWARE\UvConverter Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartpageing uninstall Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qksee Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uncheckit Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0275D4F-FFAB-4A42-9874-B871B1C4CA3D} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19539992-061C-4E8B-9053-07B175303AF4} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13D7C2E9-08E7-4889-94FF-87E707184E53} Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3794669067-3654194230-2469239551-1002\Software\Greener Web Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3794669067-3654194230-2469239551-1002\Software\Solution Real Key Found: [x64] HKCU\Software\dobreprogramy Key Found: [x64] HKCU\Software\ForumerIT Key Found: [x64] HKCU\Software\PRODUCTSETUP Key Found: [x64] HKCU\Software\V9 Key Found: [x64] HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I Key Found: [x64] HKCU\Software\qksee Key Found: [x64] HKCU\Software\Uncheckit Key Found: [x64] HKCU\Software\WinSnare Key Found: [x64] HKCU\Software\deskapp Key Found: [x64] HKLM\SOFTWARE\InterSect Alliance Key Found: HKLM\SOFTWARE\Classes\Installer\Features\F4D5720ABAFF24A489478B171B4CACD3 Key Found: HKLM\SOFTWARE\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E Key Found: HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307 Key Found: HKLM\SOFTWARE\Classes\Installer\Products\F4D5720ABAFF24A489478B171B4CACD3 Key Found: HKLM\SOFTWARE\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E Key Found: HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307 Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3794669067-3654194230-2469239551-1002\Products\29993591C160B8E40935701B5703A34F Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3794669067-3654194230-2469239551-1002\Products\3CADD814C61E2C745BEFF4CBBAE0010D Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4D5720ABAFF24A489478B171B4CACD3 Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307 Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\29993591C160B8E40935701B5703A34F Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C767D9D7BB3F9C4B839FF09B6C80DCF Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4EE2F0310EBEC29A0C48C035C43786AA Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2A47D6F1D42DD81A292C027724D291 Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\999D2A873764CCF418E8750BFAF8B307 Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29993591C160B8E40935701B5703A34F Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA0118CE95AE0D70F14E7E8A72452C8 Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4D5720ABAFF24A489478B171B4CACD3 Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307 Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\29993591C160B8E40935701B5703A34F Key Found: [x64] HKLM\SOFTWARE\Classes\Installer\Features\F4D5720ABAFF24A489478B171B4CACD3 Key Found: [x64] HKLM\SOFTWARE\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E Key Found: [x64] HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307 Key Found: [x64] HKLM\SOFTWARE\Classes\Installer\Products\F4D5720ABAFF24A489478B171B4CACD3 Key Found: [x64] HKLM\SOFTWARE\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E Key Found: [x64] HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307 Data Found: HKU\S-1-5-21-3794669067-3654194230-2469239551-1002\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.nuesearch.com/search/?type=ds&ts=1468920831&z=cd4931ea7ab037489adbe36gaz4qfbbt9o Data Found: HKU\S-1-5-21-3794669067-3654194230-2469239551-1002\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.nuesearch.com/?type=hp&ts=1468512701&z=0387b3a7d4b6561544e6496g3z0qcbfwcg3o8mee6o Data Found: HKU\S-1-5-21-3794669067-3654194230-2469239551-1002\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.nuesearch.com/?type=hp&ts=1468512701&z=0387b3a7d4b6561544e6496g3z0qcbfwcg3o Data Found: HKU\S-1-5-21-3794669067-3654194230-2469239551-1002\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.nuesearch.com/search/?type=ds&ts=1468920831&z=cd4931ea7ab037489adbe36gaz4 Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.nuesearch.com/search/?type=ds&ts=1468920831&z=cd4931ea7ab037489adbe36gaz4qfbbt9o0e8b9c3o&from=wpm0616&uid=ST750LM022XHN-M750MB Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.nuesearch.com/?type=hp&ts=1468512701&z=0387b3a7d4b6561544e6496g3z0qcbfwcg3o8mee6o&from=wpm0616&uid=ST750LM022XHN-M750MBB_S2Y7J9 Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.nuesearch.com/?type=hp&ts=1468512701&z=0387b3a7d4b6561544e6496g3z0qcbfwcg3o8mee6o&from=wpm0616&uid=ST750LM022XHN-M750MBB_ Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.nuesearch.com/search/?type=ds&ts=1468920831&z=cd4931ea7ab037489adbe36gaz4qfbbt9o0e8b9c3o&from=wpm0616&uid=ST750LM022XHN Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.amisites.com/search/?type=ds&ts=1483094169&z=154ebcd266ba7fe0dcca79fgaz7b2c7eft1z4gcmee&from=archer1028&uid=ST750LM022X Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.amisites.com/search/?type=ds&ts=1483094169&z=154ebcd266ba7fe0dcca79fgaz7b2c7eft1z4gcmee&from=archer1028&uid=ST750LM022XHN-M750 Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.nuesearch.com/search/?type=ds&ts=1468920831&z=cd4931ea7ab037489adbe36gaz4qfbbt9o0e8b9c3o&from=wpm0616&uid=ST750LM022XHN-M750 Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.nuesearch.com/?type=hp&ts=1468512701&z=0387b3a7d4b6561544e6496g3z0qcbfwcg3o8mee6o&from=wpm0616&uid=ST750LM022XHN-M750MBB_S2Y7 Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.nuesearch.com/?type=hp&ts=1468512701&z=0387b3a7d4b6561544e6496g3z0qcbfwcg3o8mee6o&from=wpm0616&uid=ST750LM022XHN-M750MB Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.nuesearch.com/search/?type=ds&ts=1468920831&z=cd4931ea7ab037489adbe36gaz4qfbbt9o0e8b9c3o&from=wpm0616&uid=ST750LM022X Data Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.nuesearch.com/search/?type=ds&ts=1468512701&z=0387b3a7d4b6561544e6496g3z0qcbfwcg3o8mee6o&from=wpm0616&uid=ST750LM022X Data Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.nuesearch.com/?type=hp&ts=1468512701&z=0387b3a7d4b6561544e6496g3z0qcbfwcg3o8mee6o&from=wpm0616&uid=ST750LM022XHN-M750MB Data Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.nuesearch.com/?type=hp&ts=1468512701&z=0387b3a7d4b6561544e6496g3z0qcbfwcg3o8mee6o&from=wpm0616&uid=ST750LM022XHN-M750MBB_S2Y7 Data Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.nuesearch.com/search/?type=ds&ts=1468512701&z=0387b3a7d4b6561544e6496g3z0qcbfwcg3o8mee6o&from=wpm0616&uid=ST750LM022XHN-M750 Value Found: HKU\S-1-5-21-3794669067-3654194230-2469239551-1002\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain] Key Found: HKU\S-1-5-21-3794669067-3654194230-2469239551-1002\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Data Found: HKU\S-1-5-21-3794669067-3654194230-2469239551-1002\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Value Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain] Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Data Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Value Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain] Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Data Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Data Found: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.amisites.com/?type=sc&ts=1483094169&z=154ebcd266ba7fe0dcca79fgaz Data Found: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.startpageing123.com/?type=sc&ts=1489608297&z=95c0 Data Found: [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.startpageing123.com/?type=sc&ts=1489608297&z=95 Data Found: HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [] - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.startpageing123.com/?type=sc&ts=1489608297&z=95c058e9fd161e6 Key Found: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper Key Found: HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper Key Found: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper Value Found: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc] Value Found: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx] Key Found: HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper Value Found: HKLM\SYSTEM\CurrentControlSet\Services\Themes [DependOnService] Value Found: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubedZLGroupEx] Key Found: HKCU\SOFTWARE\Classes\ChromeHTML Key Found: HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML Key Found: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd Key Found: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd ***** [ Web browsers ] ***** Firefox pref Found: [C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\x10cotoa.default\prefs.js] - "browser.startup.homepage" - "hxxp://www.nuesearch.com/?type=hp&ts=1468512701&z=0387b3a7d4b6561544e6496g3z0qcbfwcg3o No malicious Chromium based browser items found. ************************* C:\AdwCleaner\AdwCleaner[S1].txt - [18260 Bytes] - [30/07/2016 19:34:52] C:\AdwCleaner\AdwCleaner[S2].txt - [26909 Bytes] - [24/03/2017 20:56:44] C:\AdwCleaner\AdwCleaner[S3].txt - [25412 Bytes] - [25/03/2017 16:45:49] ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [25486 Bytes] ##########