# AdwCleaner 7.0.5.0 - Logfile created on Sat Dec 09 18:30:06 2017 # Updated on 2017/29/11 by Malwarebytes # Database: 12-08-2017.1 # Running on Windows 7 Professional (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.Legacy, C:\Windows\System32\SSL PUP.Optional.Legacy, C:\Windows\SysWOW64\SSL PUP.Optional.Legacy, C:\Users\C-3PO\AppData\Roaming\Event Monitor PUP.Optional.Legacy, C:\Program Files\Common Files\Noobzo PUP.Optional.Legacy, C:\Users\C-3PO\AppData\Local\AdvinstAnalytics Adware.Linkury, C:\ProgramData\Logic Cramble Adware.Linkury, C:\ProgramData\Application Data\Logic Cramble Adware.Linkury, C:\Users\All Users\Logic Cramble PUP.Optional.AppTrailers, C:\Users\C-3PO\AppData\Local\AppTrailers PUP.Optional.BitCoinMiner, C:\Users\C-3PO\AppData\Roaming\gplyra PUP.Optional.UpService, C:\Users\C-3PO\AppData\Local\AdService PUP.Optional.SearchModule, C:\ProgramData\SearchModule PUP.Optional.SearchModule, C:\ProgramData\Application Data\SearchModule PUP.Optional.SearchModule, C:\Users\All Users\SearchModule PUP.Optional.ProxyGate, C:\Program Files (x86)\ProxyGate PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex PUP.Optional.Linkury.ACMB1, C:\ProgramData\Application Data\Quoteex PUP.Optional.Linkury.ACMB1, C:\Users\All Users\Quoteex Adware.OnlineIO, C:\ProgramData\Microleaves Adware.OnlineIO, C:\ProgramData\Application Data\Microleaves Adware.OnlineIO, C:\Program Files (x86)\Microleaves Adware.OnlineIO, C:\Users\All Users\Microleaves Adware.OnlineIO, C:\Users\C-3PO\AppData\Roaming\Microleaves Trojan.Agent, C:\Windows\rss Adware.NeoBar, C:\Program Files (x86)\thzXuJvjU Adware.NeoBar, C:\Program Files (x86)\QYERbvxRHIE Adware.NeoBar, C:\Program Files (x86)\GXZiGyYLSHyU2 Adware.NeoBar, C:\Program Files (x86)\dCHHaxjOpqUn PUP.Optional.SoftUpgrade, C:\Program Files (x86)\SoftUpgrade PUP.Optional.InterStat, C:\Users\C-3PO\AppData\Roaming\Interstatnogui PUP.Optional.Linkury, C:\ProgramData\Quoteexs PUP.Optional.Linkury, C:\ProgramData\Application Data\Quoteexs PUP.Optional.Linkury, C:\Users\All Users\Quoteexs PUP.Optional.Linkury, C:\ProgramData\Quoteex PUP.Optional.Linkury, C:\ProgramData\Application Data\Quoteex PUP.Optional.Linkury, C:\Users\All Users\Quoteex PUP.Optional.PCCleanPlus, C:\Program Files (x86)\pccleanplus PUP.Optional.BeansPlayer, C:\Program Files (x86)\bnsplayer PUP.Optional.SpeedingUpMyPC, C:\Users\C-3PO\AppData\Roaming\NETCTL PUP.Optional.Glupteba, C:\Users\C-3PO\AppData\Roaming\EpicNet Inc PUP.Optional.Glupteba, C:\Users\C-3PO\AppData\Roaming\EpicNet Inc. PUP.Adware.Heuristic, C:\Program Files\8c023e14d62cc32fcaee500b3f1fb4dd PUP.Adware.Heuristic, C:\Program Files\02680e8d0cce57b8df28f1837c040670 PUP.Adware.Heuristic, C:\Program Files\1c18ce34ae7044639b6f5760fa2e9576 PUP.Adware.Heuristic, C:\Program Files\cdcce8892ce1e0817ee80313066dd4e8 PUP.Adware.Heuristic, C:\ProgramData\65157148-1c93-1 PUP.Adware.Heuristic, C:\ProgramData\65157148-2ae1-1 PUP.Adware.Heuristic, C:\ProgramData\65157148-6247-0 PUP.Adware.Heuristic, C:\ProgramData\db0cab8c-19c5-1 PUP.Adware.Heuristic, C:\ProgramData\db0cab8c-3067-0 PUP.Adware.Heuristic, C:\ProgramData\db0cab8c-3dd7-1 ***** [ Files ] ***** PUP.Optional.Legacy, C:\Users\C-3PO\AppData\Local\Main.dat PUP.Optional.Legacy, C:\END PUP.Optional.Legacy, C:\Windows\SysNative\drivers\Lace_wpf_x64.sys PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\appdata\local\installationconfiguration.xml PUP.Optional.Legacy, C:\Users\C-3PO\appdata\local\installationconfiguration.xml Adware.Linkury, C:\Windows\System32\config\systemprofile\AppData\Local\PO.DB Adware.Linkury, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\PO.DB Adware.Linkury, C:\Users\C-3PO\AppData\Local\PO.DB PUP.Optional.FakeIELaunch, C:\Users\C-3PO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk PUP.Optional.YesSearches, C:\Windows\System32\findit.xml PUP.Optional.YesSearches, C:\Windows\SysWOW64\findit.xml Adware.PCOptimizer, C:\Users\C-3PO\AppData\Local\uninstallce.exe ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** PUP.Optional.FastDataX, FastDataX Task PUP.Optional.SystemHealer, SystemHealer Run Delay PUP.Optional.PCCleanPlus, PC Clean Plus ***** [ Registry ] ***** PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pccleanplus.com PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\plarium.com PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\utop.it PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.pccleanplus.com PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d22j4fzzszoii2.cloudfront.net PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\CoinisRevShare PUP.Optional.Legacy, [Key] - HKCU\Software\CoinisRevShare PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\PC PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\PC PUP.Optional.Legacy, [Key] - HKCU\Software\PC PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154} PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154} PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Event Monitor PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Event Monitor PUP.Optional.Legacy, [Key] - HKCU\Software\Event Monitor PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2} PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2} PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Speedownloader0099 PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Speedownloader0099 PUP.Optional.Legacy, [Key] - HKCU\Software\Speedownloader0099 PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\NetCtl PUP.Optional.Legacy, [Key] - HKCU\Software\NetCtl PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC} PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1} PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2} PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Applications\interstatnogui.exe PUP.Optional.Wajam, [Key] - HKU\.DEFAULT\Software\WajIEnhance PUP.Optional.Wajam, [Key] - HKU\S-1-5-18\Software\WajIEnhance PUP.Optional.Wajam, [Key] - HKLM\SOFTWARE\SrcAAAesom Browser Enhancer PUP.Optional.Wajam, [Key] - HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 PUP.Optional.AppTrailers, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\AppDataLow\Software\AppTrailers PUP.Optional.AppTrailers, [Key] - HKCU\Software\AppDataLow\Software\AppTrailers PUP.Optional.BitCoinMiner, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gplyra PUP.Optional.ByteFence, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bytefence.com PUP.Optional.ByteFence, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\fr.bytefence.com PUP.Optional.ByteFence, [Key] - HKU\.DEFAULT\Software\ByteFence PUP.Optional.ByteFence, [Key] - HKU\S-1-5-18\Software\ByteFence PUP.Optional.ByteFence, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence PUP.Optional.MoneyFriend, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\msaver PUP.Optional.MoneyFriend, [Key] - HKCU\Software\msaver PUP.Optional.FastDataX, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\FastDataX PUP.Optional.FastDataX, [Key] - HKCU\Software\FastDataX PUP.Optional.DiskPower, [Key] - HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb} PUP.Optional.DiskPower, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb} PUP.Optional.DiskPower, [Key] - HKCU\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb} Adware.Amonetize, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Adware.Amonetize, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application PUP.Optional.UpService, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | AdsServiceGroup PUP.Optional.SystemHealer, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\System Healer PUP.Optional.SystemHealer, [Key] - HKCU\Software\System Healer PUP.Optional.WizzWifiHotspot, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Hotspot PUP.Optional.WizzWifiHotspot, [Key] - HKCU\Software\Hotspot PUP.Optional.SearchModule, [Key] - HKLM\SOFTWARE\SearchModule PUP.Optional.Yontoo, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Amigo PUP.Optional.Yontoo, [Key] - HKCU\Software\Amigo PUP.Optional.Linkury.ACMB1, [Key] - HKLM\SOFTWARE\mtQuoteex PUP.Optional.Linkury.ACMB1, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\mtQuoteex PUP.Optional.Linkury.ACMB1, [Key] - HKCU\Software\mtQuoteex PUP.Optional.Linkury.ACMB1, [Key] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe Adware.OnlineIO, [Key] - HKLM\SOFTWARE\Microleaves PUP.Optional.OtherSearch, [Key] - HKLM\SOFTWARE\OtherSearch Adware.NeoBar, [Key] - HKLM\SOFTWARE\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Adware.NeoBar, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} Adware.NeoBar, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} PUP.Optional.InterStat, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Interstatnogui PUP.Optional.InterStat, [Key] - HKCU\Software\Interstatnogui PUP.Optional.Jawego, [Key] - HKLM\SOFTWARE\Jawego PUP.Optional.Linkury, [Key] - HKLM\SOFTWARE\mtQuoteex PUP.Optional.Linkury, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\mtQuoteex PUP.Optional.Linkury, [Key] - HKCU\Software\mtQuoteex PUP.Optional.Linkury, [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe Adware.DNSUnlocker, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 PUP.Optional.DragonBranch, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\119 PUP.Optional.DragonBranch, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\119 PUP.Optional.WeatherAlerts, [Key] - HKLM\SOFTWARE\Microsoft\PrAmNP PUP.Optional.WeatherAlerts, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Microsoft\PrAmNP PUP.Optional.WeatherAlerts, [Key] - HKCU\Software\Microsoft\PrAmNP PUP.Optional.WeatherAlerts, [Key] - HKLM\SOFTWARE\Microsoft\PrIncub PUP.Optional.WeatherAlerts, [Key] - HKLM\SOFTWARE\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} PUP.Optional.WeatherAlerts, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} PUP.Optional.WeatherAlerts, [Key] - HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} PUP.Optional.InstallCore, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\csastats PUP.Optional.InstallCore, [Key] - HKCU\Software\csastats PUP.Optional.OnlineIO, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} PUP.Optional.ProductSetup.A, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\PRODUCTSETUP PUP.Optional.ProductSetup.A, [Key] - HKCU\Software\PRODUCTSETUP PUP.Optional.DNSUnlocker, [Key] - HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E PUP.Optional.Glupteba, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\EpicNet Inc. PUP.Optional.Glupteba, [Key] - HKCU\Software\EpicNet Inc. PUP.Optional.AdService, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | AdsServiceGroup PUP.Optional.PowerHandler, [Key] - HKLM\SOFTWARE\Microsoft\Etsy PUP.Optional.PowerHandler, [Key] - HKU\S-1-5-21-1342067083-540354075-4242860494-1000\Software\Microsoft\Etsy PUP.Optional.PowerHandler, [Key] - HKCU\Software\Microsoft\Etsy PUP.Optional.Microleaves, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} PUP.Optional.Microleaves, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A PUP.Optional.Microleaves, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A PUP.Optional.Microleaves, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A PUP.Optional.Microleaves, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\Program Files (x86)\Microleaves\Online Application\ PUP.Optional.Microleaves, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\Program Files (x86)\Microleaves\ PUP.Optional.Microleaves, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\ ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########