# AdwCleaner 7.0.2.1 - Logfile created on Sat Sep 23 13:08:40 2017 # Updated on 2017/29/08 by Malwarebytes # Running on Windows 7 Ultimate (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\Users\Bartek\AppData\Local\DriverToolkit Deleted: C:\Users\Bartek\AppData\Roaming\eCyber Deleted: C:\Program Files (x86)\WeatherChickn ***** [ Files ] ***** Deleted: C:\END Deleted: C:\Windows\SysNative\bi3.exe ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk[https:\\launchpage.org\?uid=oTlKBKjchxocXe%2FWrUZCG7qKYIrY3ndPJFlyD8TbELWDkEafc%2B65xTmhEN3Q8aOs1w%3D%3D] Cleaned: C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk[https:\\launchpage.org\?uid=oTlKBKjchxocXe%2FWrUZCG7qKYIrY3ndPJFlyD8TbELWDkEafc%2B65xTmhEN3Q8aOs1w%3D%3D] Cleaned: C:\Users\Bartek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[https:\\launchpage.org\?uid=oTlKBKjchxocXe%2FWrUZCG7qKYIrY3ndPJFlyD8TbELWDkEafc%2B65xTmhEN3Q8aOs1w%3D%3D] ***** [ Tasks ] ***** Deleted: DRIVERTOOLKIT AUTORUN ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\WinSaberSvc Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application Deleted: [Key] - HKU\S-1-5-21-360975752-3786565279-1083807947-1001\Software\DriverToolkit Deleted: [Key] - HKCU\Software\DriverToolkit Deleted: [Key] - HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D} Deleted: [Key] - HKLM\SOFTWARE\WinZiper Deleted: [Key] - HKLM\SOFTWARE\ompndb Deleted: [Key] - HKU\.DEFAULT\Software\ompndb Deleted: [Key] - HKU\S-1-5-18\Software\ompndb Deleted: [Key] - HKLM\SOFTWARE\InterHop Deleted: [Key] - HKLM\SOFTWARE\mylucky123Software Deleted: [Key] - HKLM\SOFTWARE\amule-custom Deleted: [Key] - HKLM\SOFTWARE\xvb`lj Deleted: [Key] - HKU\.DEFAULT\Software\xvb`lj Deleted: [Key] - HKU\S-1-5-18\Software\xvb`lj Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E Deleted: [Key] - HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC} Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1} Deleted: [Key] - HKLM\SOFTWARE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\BrowserairExec.exe Deleted: [Key] - HKLM\SOFTWARE\UvConverter Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.001 Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.7z Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.arj Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.bz2 Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.bzip2 Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.cab Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.cpio Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.deb Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.dmg Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.fat Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.gz Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.gzip Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.hfs Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.iso Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.lha Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.lzh Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.lzma Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.ntfs Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.rar Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.rpm Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.squashfs Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.swm Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.tar Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.taz Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.tbz Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.tbz2 Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.tgz Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.tpz Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.txz Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.vhd Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.wim Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.xar Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.xz Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.z Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZippers.zip ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** Startpage deleted: search.mpc.am Startpage deleted: http://www.nuesearch.com/?type=hp&ts=1473878928&z=f9f952440e59a61b3e327dbg3zam8cfbbmabctfo6w&from=qks0914&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX Startpage deleted: http://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX Startpage deleted: search.mpc.am Startpage deleted: http://www.nuesearch.com/?type=hp&ts=1473878928&z=f9f952440e59a61b3e327dbg3zam8cfbbmabctfo6w&from=qks0914&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX Startpage deleted: http://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX Startpage deleted: search.mpc.am Startpage deleted: http://www.nuesearch.com/?type=hp&ts=1473878928&z=f9f952440e59a61b3e327dbg3zam8cfbbmabctfo6w&from=qks0914&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX Startpage deleted: http://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX Startpage deleted: search.mpc.am Startpage deleted: http://www.nuesearch.com/?type=hp&ts=1473878928&z=f9f952440e59a61b3e327dbg3zam8cfbbmabctfo6w&from=qks0914&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX Startpage deleted: http://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX Startpage deleted: search.mpc.am Startpage deleted: http://www.nuesearch.com/?type=hp&ts=1473878928&z=f9f952440e59a61b3e327dbg3zam8cfbbmabctfo6w&from=qks0914&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX Startpage deleted: http://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX Startpage deleted: search.mpc.am Startpage deleted: http://www.nuesearch.com/?type=hp&ts=1473878928&z=f9f952440e59a61b3e327dbg3zam8cfbbmabctfo6w&from=qks0914&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX Startpage deleted: http://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX Startpage deleted: search.mpc.am Startpage deleted: http://www.nuesearch.com/?type=hp&ts=1473878928&z=f9f952440e59a61b3e327dbg3zam8cfbbmabctfo6w&from=qks0914&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX Startpage deleted: http://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX Startpage deleted: search.mpc.am Startpage deleted: http://www.nuesearch.com/?type=hp&ts=1473878928&z=f9f952440e59a61b3e327dbg3zam8cfbbmabctfo6w&from=qks0914&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX Startpage deleted: http://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX Startpage deleted: search.mpc.am Startpage deleted: http://www.nuesearch.com/?type=hp&ts=1473878928&z=f9f952440e59a61b3e327dbg3zam8cfbbmabctfo6w&from=qks0914&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX Startpage deleted: http://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX Startpage deleted: search.mpc.am Startpage deleted: http://www.nuesearch.com/?type=hp&ts=1473878928&z=f9f952440e59a61b3e327dbg3zam8cfbbmabctfo6w&from=qks0914&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX Startpage deleted: http://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX Startpage deleted: search.mpc.am Startpage deleted: http://www.nuesearch.com/?type=hp&ts=1473878928&z=f9f952440e59a61b3e327dbg3zam8cfbbmabctfo6w&from=qks0914&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX Startpage deleted: http://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX Startpage deleted: search.mpc.am Startpage deleted: http://www.nuesearch.com/?type=hp&ts=1473878928&z=f9f952440e59a61b3e327dbg3zam8cfbbmabctfo6w&from=qks0914&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX Startpage deleted: http://www.mylucky123.com/?type=hp&ts=1477333215&z=246edfc7b45dca66060252ag4z5m8m9c2c8c3o4g7c&from=interhop1024&uid=HitachiXHTS543232L9A300_090930FB8400CEJ4270AX ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [7046 B] - [2017/9/23 13:1:16] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########