# AdwCleaner 7.0.3.1 - Logfile created on Sat Oct 07 13:29:29 2017 # Updated on 2017/29/09 by Malwarebytes # Database: 10-04-2017.1 # Running on Windows 7 Home Premium (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** PUP.Optional.UpService, AdsService ***** [ Folders ] ***** PUP.Optional.Legacy, C:\Program Files (x86)\DAEMON Tools Toolbar PUP.Optional.Legacy, C:\Program Files\RunBooster PUP.Optional.Legacy, C:\Users\wiczi\AppData\Local\AdvinstAnalytics PUP.Optional.Legacy, C:\Users\All Users\Documents\XMUpdate PUP.Optional.Legacy, C:\Users\Public\Documents\XMUpdate Adware.Tuto4PC, C:\Program Files (x86)\ShutdownTime PUP.Optional.YeaDesktop, C:\Program Files (x86)\YeaDesktop Adware.OnlineIO, C:\ProgramData\Microleaves Adware.OnlineIO, C:\ProgramData\Application Data\Microleaves Adware.OnlineIO, C:\Users\All Users\Microleaves Adware.OnlineIO, C:\Users\wiczi\AppData\Roaming\Microleaves Adware.Zusy, C:\Users\wiczi\AppData\Roaming\DreamScreen Adware.Zusy, C:\ProgramData\DreamCompress Adware.Zusy, C:\ProgramData\Application Data\DreamCompress Adware.Zusy, C:\Users\All Users\DreamCompress PUP.Optional.UpService, C:\Users\wiczi\AppData\Local\AdService PUP.Optional.Linkury, C:\ProgramData\Quoteexs PUP.Optional.Linkury, C:\ProgramData\Application Data\Quoteexs PUP.Optional.Linkury, C:\Users\All Users\Quoteexs PUP.Adware.Heuristic, C:\ProgramData\0226e74a-0ac3-0 PUP.Adware.Heuristic, C:\ProgramData\0226e74a-75c1-1 PUP.Adware.Heuristic, C:\ProgramData\3b81ec62-1b63-1 PUP.Adware.Heuristic, C:\ProgramData\3b81ec62-3283-0 PUP.Adware.Heuristic, C:\ProgramData\3b81ec62-37a7-0 PUP.Adware.Heuristic, C:\ProgramData\3b81ec62-52e7-1 PUP.Adware.Heuristic, C:\ProgramData\bc3f3d8e-27a1-1 PUP.Adware.Heuristic, C:\ProgramData\bc3f3d8e-2d13-0 PUP.Adware.Heuristic, C:\ProgramData\{392f7f5f-012c-0} PUP.Adware.Heuristic, C:\ProgramData\{6d261e0a-012c-1} PUP.Adware.Heuristic, C:\ProgramData\{710b224b-412c-0} ***** [ Files ] ***** PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\appdata\local\installationconfiguration.xml PUP.Optional.ChinAd, C:\Windows\SysNative\drivers\wfcre.sys PUP.Optional.YesSearches, C:\Windows\System32\findit.xml PUP.Optional.YesSearches, C:\Windows\SysWOW64\findit.xml ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\qq.com PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\safefinder.com PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\search.safefinder.com PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\v.qq.com PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\cpuminer PUP.Optional.Legacy, [Key] - HKCU\Software\cpuminer PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\PopWnd PUP.Optional.Legacy, [Key] - HKCU\Software\PopWnd PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\dobreprogramy PUP.Optional.Legacy, [Key] - HKCU\Software\dobreprogramy PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I PUP.Optional.Legacy, [Key] - HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchy PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24F5E422-6A70-4FAA-8CAD-E23D5DC1DAE6} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD0688A5-FC8B-4E93-A485-CBF606A56D49} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\DMunversion PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {32099AAC-C132-4136-9E9A-4E364A424E17} PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} Adware.ChinAd, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pop.yeawindows.com PUP.Optional.SafeFinder, [Value] - HKCU\Environment | SNF PUP.Optional.SafeFinder, [Value] - HKCU\Environment | SNP PUP.Optional.YeaDesktop, [Key] - HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\YeaDesktop PUP.Optional.YeaDesktop, [Key] - HKCU\Software\YeaDesktop PUP.Optional.YeaDesktop, [Value] - HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION | YeaDesktop.exe PUP.Optional.YeaDesktop, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | YeaDesktop.exe Adware.DNSUnlocker, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 Adware.NeoBar, [Key] - HKLM\SOFTWARE\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Adware.NeoBar, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Adware.NeoBar, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Adware.RunBooster, [Key] - HKLM\SOFTWARE\RunBooster Adware.Zusy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DreamCompress PUP.Optional.FastDataX, [Key] - HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\FastDataX PUP.Optional.FastDataX, [Key] - HKCU\Software\FastDataX PUP.Optional.UpService, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | AdsServiceGroup PUP.Optional.SystemHealer, [Key] - HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\System Healer PUP.Optional.SystemHealer, [Key] - HKCU\Software\System Healer PUP.Optional.Tuto4PC, [Key] - HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\MICROSOFT\wewewe PUP.Optional.Tuto4PC, [Key] - HKCU\Software\MICROSOFT\wewewe PUP.Optional.Linkury.ACMB1, [Key] - HKLM\SOFTWARE\mtQuoteex PUP.Optional.Linkury.ACMB1, [Key] - HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\mtQuoteex PUP.Optional.Linkury.ACMB1, [Key] - HKCU\Software\mtQuoteex PUP.Optional.Linkury.ACMB1, [Value] - HKCU\Environment | SNF PUP.Optional.Linkury.ACMB1, [Value] - HKCU\Environment | SNP PUP.Optional.Linkury.ACMB1, [Key] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe PUP.Optional.Linkury, [Key] - HKLM\SOFTWARE\mtQuoteex PUP.Optional.Linkury, [Key] - HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\mtQuoteex PUP.Optional.Linkury, [Key] - HKCU\Software\mtQuoteex PUP.Optional.Linkury, [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe PUP.Optional.WeatherAlerts, [Key] - HKLM\SOFTWARE\Microsoft\APreSam PUP.Optional.WeatherAlerts, [Key] - HKLM\SOFTWARE\Microsoft\NSaveA PUP.Optional.WeatherAlerts, [Key] - HKLM\SOFTWARE\Microsoft\PrAmNP PUP.Optional.WeatherAlerts, [Key] - HKLM\SOFTWARE\Microsoft\MPrForShutT PUP.Optional.WeatherAlerts, [Key] - HKLM\SOFTWARE\Microsoft\PrIncub PUP.Optional.WeatherAlerts, [Key] - HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} PUP.Optional.WeatherAlerts, [Key] - HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} PUP.Optional.InstallCore, [Key] - HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\csastats PUP.Optional.InstallCore, [Key] - HKCU\Software\csastats PUP.Optional.MindSpark, [Key] - HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\Spark PUP.Optional.MindSpark, [Key] - HKCU\Software\Spark PUP.Optional.ProductSetup.A, [Key] - HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\PRODUCTSETUP PUP.Optional.ProductSetup.A, [Key] - HKCU\Software\PRODUCTSETUP PUP.Optional.DNSUnlocker, [Key] - HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E PUP.Optional.AdService, [Key] - HKU\S-1-5-21-319334698-2115631649-3299897735-1000\Software\SetupCompany PUP.Optional.AdService, [Key] - HKCU\Software\SetupCompany PUP.Optional.AdService, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | AdsServiceGroup ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########