# AdwCleaner v6.030 - Logfile created 26/10/2016 at 12:26:52 # Updated on 19/10/2016 by Malwarebytes # Database : 2016-10-25.1 [Server] # Operating System : Windows 7 Professional Service Pack 1 (X64) # Username : Marek - ICORE7 # Running from : C:\Users\Marek\Desktop\adwcleaner_6.030.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** Data Found: HKU\S-1-5-21-244903110-2082757558-103457356-1000\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPO Data Found: HKU\S-1-5-21-244903110-2082757558-103457356-1000\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuP Data Found: HKU\S-1-5-21-244903110-2082757558-103457356-1000\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPO Data Found: HKU\S-1-5-21-244903110-2082757558-103457356-1000\Software\Microsoft\Internet Explorer\Main [SearchAssistant] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947 Data Found: HKU\S-1-5-21-244903110-2082757558-103457356-1000\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mam Data Found: HKU\S-1-5-21-244903110-2082757558-103457356-1000\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyu Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUSMpj6gR12fOiWhnUNox7yrFxHUOLkZr Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUSMpj6gR12fOiWhnUNox7yrFxHUOLkZrcL Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUSMpj6gR12fOiWhnUNox7yrFxHUOLkZrc Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUSMpj6gR12fOiWhnUNox7yrFxHUOLkZrcL Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [SearchAssistant] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUSMpj6gR12fOiWhnUNox7yrFxHUOL Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.hao123.com/?tn=92552456_hao_pg Data Found: HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUSMpj6gR12fOiWhnUNox7yrF Data Found: HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUSMpj6gR12fOiWhnUNox7yrFxHUOLkZr Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUSMpj6gR12fOiWhnUNox7yrFxHUOLkZr Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUSMpj6gR12fOiWhnUNox7yrFxHUOLkZ Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUSMpj6gR12fOiWhnUNox7yrFxHUOLkZr Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [SearchAssistant] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUSMpj6gR12fOiWhnUNox7yrFxHU Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUSMpj6gR12fOiWhnUNox7y Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUSMpj6gR12fOiWhnUNox7yrFxHUOLk Value Found: HKU\S-1-5-21-244903110-2082757558-103457356-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] Value Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] Value Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] Value Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com ***** [ Web browsers ] ***** No malicious Firefox based browser items found. Chrome pref Found: [C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Web data] - feed.sonic-search.com Chrome pref Found: [C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Web data] - google Chrome pref Found: [C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.yessearches.com/?mode=nnnb&ptid=sqr&uid=A048E9D96C06A49B4D3C66F58EFE26A3&v=20160501&ts=AHEqAX4sC3EpB0.. Chrome pref Found: [C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://www.yessearches.com/?mode=nnnb&ptid=sqr&uid=A048E9D96C06A49B4D3C66F58EFE26A3&v=20160501&ts=AHEqAX4sC3EpB0.. ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [27435 Bytes] - [13/01/2016 15:39:23] C:\AdwCleaner\AdwCleaner[C2].txt - [11148 Bytes] - [13/01/2016 17:57:52] C:\AdwCleaner\AdwCleaner[C3].txt - [8030 Bytes] - [14/01/2016 14:26:56] C:\AdwCleaner\AdwCleaner[C4].txt - [3344 Bytes] - [15/01/2016 17:22:00] C:\AdwCleaner\AdwCleaner[C5].txt - [3774 Bytes] - [16/01/2016 11:22:47] C:\AdwCleaner\AdwCleaner[C6].txt - [640 Bytes] - [22/01/2016 15:39:01] C:\AdwCleaner\AdwCleaner[C7].txt - [9091 Bytes] - [26/10/2016 12:18:32] C:\AdwCleaner\AdwCleaner[S10].txt - [7026 Bytes] - [26/10/2016 12:26:52] C:\AdwCleaner\AdwCleaner[S1].txt - [30469 Bytes] - [13/01/2016 15:38:30] C:\AdwCleaner\AdwCleaner[S2].txt - [14814 Bytes] - [13/01/2016 17:57:01] C:\AdwCleaner\AdwCleaner[S3].txt - [16635 Bytes] - [14/01/2016 14:26:00] C:\AdwCleaner\AdwCleaner[S4].txt - [11902 Bytes] - [15/01/2016 17:19:10] C:\AdwCleaner\AdwCleaner[S5].txt - [7245 Bytes] - [16/01/2016 11:19:33] C:\AdwCleaner\AdwCleaner[S6].txt - [812 Bytes] - [16/01/2016 11:35:14] C:\AdwCleaner\AdwCleaner[S7].txt - [1703 Bytes] - [22/01/2016 15:38:11] C:\AdwCleaner\AdwCleaner[S8].txt - [8484 Bytes] - [26/10/2016 12:14:28] C:\AdwCleaner\AdwCleaner[S9].txt - [7801 Bytes] - [26/10/2016 12:25:29] ########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt - [7760 Bytes] ##########