# AdwCleaner 7.0.8.0 - Logfile created on Fri Mar 09 15:57:57 2018 # Updated on 2018/08/02 by Malwarebytes # Database: 2018-03-08.1 # Running on Windows 7 Professional (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.WindowsProtectManager, C:\ProgramData\Tmp0x0x PUP.Optional.WindowsProtectManager, C:\ProgramData\Application Data\Tmp0x0x PUP.Optional.WindowsProtectManager, C:\Users\All Users\Tmp0x0x PUP.Optional.AuslogicsDriverUpdater, C:\ProgramData\Auslogics PUP.Optional.AuslogicsDriverUpdater, C:\ProgramData\Application Data\Auslogics PUP.Optional.AuslogicsDriverUpdater, C:\Users\All Users\Auslogics PUP.Adware.Heuristic, C:\ProgramData\2WdM2 ***** [ Files ] ***** PUP.Optional.Legacy, C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat PUP.Optional.Legacy, C:\ProgramData\Application Data\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat PUP.Optional.Legacy, C:\Users\All Users\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** PUP.Optional.Legacy, WarThunder sat PUP.Optional.Legacy, WarThunder sun PUP.Optional.Legacy, WarThunder24 ***** [ Registry ] ***** Adware.Elex, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Adware.Elex, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Search Page [http:\\yoursites123.com\web?type=ds&ts=1457964779&z=6111626130c5b9f8c08ce29g8z6wam2t0qdz6m2mdm&from=wpm0314&uid=ST9500325AS_6VE42YWVXXXX6VE42YWV&q={searchTerms}] PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Page_URL [http:\\www.yoursites123.com\?type=hp&ts=1452609464&z=0b2f228cecc2316c38a99c2gfz1w5oaqee4t5zawft&from=ient12253&uid=ST9500325AS_6VE42YWVXXXX6VE42YWV] PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Search_URL [http:\\yoursites123.com\web?type=ds&ts=1457964779&z=6111626130c5b9f8c08ce29g8z6wam2t0qdz6m2mdm&from=wpm0314&uid=ST9500325AS_6VE42YWVXXXX6VE42YWV&q={searchTerms}] PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Start Page_TIMESTAMP [밧搲냂Ǔ:\\yoursites123.com\web?type=ds&ts=1457964779&z=6111626130c5b9f8c08ce29g8z6wam2t0qdz6m2mdm&from=wpm0314&uid=ST9500325AS_6VE42YWVXXXX6VE42YWV&q={searchTerms}] PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms\browserpolicy [밧搲냂Ǔ:\\yoursites123.com\web?type=ds&ts=1457964779&z=6111626130c5b9f8c08ce29g8z6wam2t0qdz6m2mdm&from=wpm0314&uid=ST9500325AS_6VE42YWVXXXX6VE42YWV&q={searchTerms}] PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Search_URL [http:\\yoursites123.com\web?type=ds&ts=1452609464&z=0b2f228cecc2316c38a99c2gfz1w5oaqee4t5zawft&from=ient12253&uid=ST9500325AS_6VE42YWVXXXX6VE42YWV&q={searchTerms}] PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Page_URL [http:\\www.yoursites123.com\?type=hp&ts=1452609464&z=0b2f228cecc2316c38a99c2gfz1w5oaqee4t5zawft&from=ient12253&uid=ST9500325AS_6VE42YWVXXXX6VE42YWV] PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Search Page [http:\\yoursites123.com\web?type=ds&ts=1452609464&z=0b2f228cecc2316c38a99c2gfz1w5oaqee4t5zawft&from=ient12253&uid=ST9500325AS_6VE42YWVXXXX6VE42YWV&q={searchTerms}] PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command | PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\dt soft\daemon tools toolbar PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-170041769-2645518904-2340773898-1001\Software\dt soft\daemon tools toolbar PUP.Optional.Legacy, [Key] - HKCU\Software\dt soft\daemon tools toolbar PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\hdcode PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\torch PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-170041769-2645518904-2340773898-1001\Software\torch PUP.Optional.Legacy, [Key] - HKCU\Software\torch PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{08337871-0E50-4031-9110-3BD21CA3C065} PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Clients\StartMenuInternet\Torch PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\MozillaPlugins\@pandonetworks.com\PandoWebPlugin PUP.Optional.SofTonicAssistant, [Key] - HKU\S-1-5-21-170041769-2645518904-2340773898-1001\Software\Softonic PUP.Optional.SofTonicAssistant, [Key] - HKCU\Software\Softonic PUP.Optional.YourSites123.ShrtCln, [Key] - HKLM\SOFTWARE\yoursites123Software PUP.Optional.Elex, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application PUP.Optional.Elex, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application PUP.Optional.BProtect, [Value] - HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing | bProtectShowTabsWelcome PUP.Optional.AuslogicsDriverUpdater, [Key] - HKLM\SOFTWARE\Auslogics PUP.Optional.IStartPageing.ChrPRST, [Key] - HKLM\SOFTWARE\istartpageingSoftware PUP.Optional.ProductSetup.A, [Key] - HKU\S-1-5-21-170041769-2645518904-2340773898-1001\Software\PRODUCTSETUP PUP.Optional.ProductSetup.A, [Key] - HKCU\Software\PRODUCTSETUP PUP.Optional.WPM, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application PUP.Optional.WPM, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########