# AdwCleaner v6.045 - Logfile created 14/04/2017 at 18:47:29 # Updated on 28/03/2017 by Malwarebytes # Database : 2017-04-13.1 [Server] # Operating System : Windows 8.1 (X64) # Username : Sunny - PC-LINA # Running from : C:\Users\Sunny\Desktop\adwcleaner_6.045.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** Service Found: WinSAPSvc ***** [ Folders ] ***** Folder Found: C:\Users\Sunny\AppData\Roaming\WinSAPSvc ***** [ Files ] ***** File Found: C:\Users\Public\Documents\temp.dat ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ( hxxp://www.ourluckysites.com/?type=sc&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0obedbbm3gdt2q&from=che0812&uid=HGSTXHTS54101 Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.ourluckysites.com/?type=sc&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0obedbbm3gdt2q&from=che0812&uid=HGSTXHTS541 Shortcut infected: C:\Users\Sunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.ourluckysites.com/?type=sc&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0obedbbm3gdt2q&from=che08 Shortcut infected: C:\Users\Sunny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www.ourluckysites.com/?type=sc&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0obedbbm3gdt2q&from=che081 Shortcut infected: C:\Users\Sunny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.ourluckysites.com/?type=sc&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0obedbb Shortcut infected: C:\Users\Sunny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://www.ourluckysites.com/?type=sc&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0obedb Shortcut infected: C:\Users\Sunny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://www.ourluckysites.com/?type=sc&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0obe Shortcut infected: C:\Users\Sunny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\edca3ae562907f37\Google Chrome.lnk ( hxxp://www.ourluckysites.com/?type=sc&ts=1492087222&z=9b96 Shortcut infected: C:\Users\Sunny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk ( hxxp://www.ourluckysites.com/?type=sc&ts=1492087222&z=9b96 ***** [ Scheduled Tasks ] ***** Task Found: Samsung Update Task Found: Milimili Task Found: Windows-PG ***** [ Registry ] ***** Key Found: HKLM\SOFTWARE\ScreenShot Key Found: [x64] HKLM\SOFTWARE\InterSect Alliance Data Found: HKU\S-1-5-21-2801463933-1240604186-4036074090-1001\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0o Data Found: HKU\S-1-5-21-2801463933-1240604186-4036074090-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.ourluckysites.com/?type=hp&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0obedbbm3g Data Found: HKU\S-1-5-21-2801463933-1240604186-4036074090-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.ourluckysites.com/?type=hp&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0obe Data Found: HKU\S-1-5-21-2801463933-1240604186-4036074090-1001\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1492087222&z=9b9649fc2f9d0ab7a244627 Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0obedbbm3gdt2q&from=che0812&uid=HGSTXHTS541010A7 Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.ourluckysites.com/?type=hp&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0obedbbm3gdt2q&from=che0812&uid=HGSTXHTS541010A7E630_S00 Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.ourluckysites.com/?type=hp&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0obedbbm3gdt2q&from=che0812&uid=HGSTXHTS541010A7E6 Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0obedbbm3gdt2q&from=che0812&uid=HGSTXHTS5 Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0obedbbm3gdt2q&from=che0812&uid=HGSTXHTS5 Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.ourluckysites.com/?type=hp&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0obedbbm3gdt2q&from=che0812&uid=HGSTXHTS541010A7E6 Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.ourluckysites.com/?type=hp&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0obedbbm3gdt2q&from=che0812&uid=HGSTXHTS541010A7E630_S00 Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0obedbbm3gdt2q&from=che0812&uid=HGSTXHTS541010A7 Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0obedbbm3gdt2q&from=che0812&uid=HGSTXHTS541010 Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.ourluckysites.com/?type=hp&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0obedbbm3gdt2q&from=che0812&uid=HGSTXHTS541010A7E630_S Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.ourluckysites.com/?type=hp&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0obedbbm3gdt2q&from=che0812&uid=HGSTXHTS541010A7 Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.ourluckysites.com/search/?type=ds&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0obedbbm3gdt2q&from=che0812&uid=HGSTXHT Data Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.ourluckysites.com/?type=hp&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0obedbbm3gdt2q&from=che0812&uid=HGSTXHTS541010A7 Data Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.ourluckysites.com/?type=hp&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0obedbbm3gdt2q&from=che0812&uid=HGSTXHTS541010A7E630_S Data Found: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.ourluckysites.com/?type=sc&ts=1492087222&z=9b9649fc2f9d0ab7a2446 Data Found: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.ourluckysites.com/?type=sc&ts=1492087222&z=9b9649 Data Found: [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.ourluckysites.com/?type=sc&ts=1492087222&z=9b96 Data Found: HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [] - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.ourluckysites.com/?type=sc&ts=1492087222&z=9b9649fc2f9d0ab7a Value Found: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc] ***** [ Web browsers ] ***** Firefox pref Found: [C:\Users\Sunny\AppData\Roaming\Mozilla\Firefox\Profiles\tlyv3kga.default\prefs.js] - "browser.startup.homepage" - "hxxp://www.ourluckysites.com/?type=hp&ts=1492087222&z=9b9649fc2f9d0ab7a244627g0z1t0o No malicious Chromium based browser items found. ************************* C:\AdwCleaner\AdwCleaner[C10].txt - [2924 Bytes] - [02/03/2017 17:30:42] C:\AdwCleaner\AdwCleaner[C11].txt - [2851 Bytes] - [02/03/2017 23:32:26] C:\AdwCleaner\AdwCleaner[C12].txt - [2998 Bytes] - [03/03/2017 16:15:21] C:\AdwCleaner\AdwCleaner[C13].txt - [3438 Bytes] - [05/03/2017 15:04:19] C:\AdwCleaner\AdwCleaner[C14].txt - [3402 Bytes] - [06/03/2017 18:19:24] C:\AdwCleaner\AdwCleaner[C15].txt - [3443 Bytes] - [06/03/2017 18:24:33] C:\AdwCleaner\AdwCleaner[C16].txt - [3929 Bytes] - [07/03/2017 18:47:50] C:\AdwCleaner\AdwCleaner[C17].txt - [3866 Bytes] - [08/03/2017 00:34:35] C:\AdwCleaner\AdwCleaner[C18].txt - [4212 Bytes] - [15/03/2017 18:54:32] C:\AdwCleaner\AdwCleaner[C19].txt - [4746 Bytes] - [17/03/2017 22:22:59] C:\AdwCleaner\AdwCleaner[C1].txt - [1286 Bytes] - [23/07/2016 21:42:47] C:\AdwCleaner\AdwCleaner[C20].txt - [6649 Bytes] - [01/04/2017 13:52:40] C:\AdwCleaner\AdwCleaner[C21].txt - [4712 Bytes] - [01/04/2017 14:08:33] C:\AdwCleaner\AdwCleaner[C22].txt - [4860 Bytes] - [01/04/2017 15:22:15] C:\AdwCleaner\AdwCleaner[C23].txt - [5330 Bytes] - [06/04/2017 13:34:44] C:\AdwCleaner\AdwCleaner[C24].txt - [5434 Bytes] - [06/04/2017 14:13:05] C:\AdwCleaner\AdwCleaner[C25].txt - [5889 Bytes] - [09/04/2017 17:56:36] C:\AdwCleaner\AdwCleaner[C2].txt - [1176 Bytes] - [17/09/2016 20:43:03] C:\AdwCleaner\AdwCleaner[C3].txt - [11573 Bytes] - [19/02/2017 13:54:01] C:\AdwCleaner\AdwCleaner[C4].txt - [2187 Bytes] - [19/02/2017 14:09:09] C:\AdwCleaner\AdwCleaner[C5].txt - [2101 Bytes] - [23/02/2017 14:33:55] C:\AdwCleaner\AdwCleaner[C6].txt - [4463 Bytes] - [01/03/2017 19:05:58] C:\AdwCleaner\AdwCleaner[C7].txt - [2515 Bytes] - [01/03/2017 19:52:17] C:\AdwCleaner\AdwCleaner[C8].txt - [2556 Bytes] - [02/03/2017 17:30:24] C:\AdwCleaner\AdwCleaner[C9].txt - [2739 Bytes] - [02/03/2017 17:30:33] C:\AdwCleaner\AdwCleaner[S10].txt - [11176 Bytes] - [19/02/2017 13:52:51] C:\AdwCleaner\AdwCleaner[S11].txt - [2282 Bytes] - [19/02/2017 14:08:10] C:\AdwCleaner\AdwCleaner[S12].txt - [2235 Bytes] - [23/02/2017 14:32:42] C:\AdwCleaner\AdwCleaner[S13].txt - [4216 Bytes] - [01/03/2017 19:03:11] C:\AdwCleaner\AdwCleaner[S14].txt - [2612 Bytes] - [01/03/2017 19:52:06] C:\AdwCleaner\AdwCleaner[S15].txt - [2692 Bytes] - [02/03/2017 13:53:50] C:\AdwCleaner\AdwCleaner[S16].txt - [2986 Bytes] - [02/03/2017 23:30:55] C:\AdwCleaner\AdwCleaner[S17].txt - [3133 Bytes] - [03/03/2017 16:13:57] C:\AdwCleaner\AdwCleaner[S18].txt - [3562 Bytes] - [05/03/2017 14:48:23] C:\AdwCleaner\AdwCleaner[S19].txt - [3497 Bytes] - [06/03/2017 18:18:53] C:\AdwCleaner\AdwCleaner[S1].txt - [1094 Bytes] - [23/07/2016 21:36:43] C:\AdwCleaner\AdwCleaner[S20].txt - [3577 Bytes] - [06/03/2017 18:24:22] C:\AdwCleaner\AdwCleaner[S21].txt - [3892 Bytes] - [07/03/2017 18:33:29] C:\AdwCleaner\AdwCleaner[S22].txt - [3965 Bytes] - [07/03/2017 18:47:39] C:\AdwCleaner\AdwCleaner[S23].txt - [3966 Bytes] - [08/03/2017 00:34:21] C:\AdwCleaner\AdwCleaner[S24].txt - [4073 Bytes] - [08/03/2017 00:38:23] C:\AdwCleaner\AdwCleaner[S25].txt - [4147 Bytes] - [08/03/2017 18:15:24] C:\AdwCleaner\AdwCleaner[S26].txt - [4330 Bytes] - [15/03/2017 18:04:15] C:\AdwCleaner\AdwCleaner[S27].txt - [4370 Bytes] - [15/03/2017 19:02:36] C:\AdwCleaner\AdwCleaner[S28].txt - [4817 Bytes] - [17/03/2017 22:02:45] C:\AdwCleaner\AdwCleaner[S29].txt - [4842 Bytes] - [18/03/2017 21:28:19] C:\AdwCleaner\AdwCleaner[S2].txt - [1271 Bytes] - [06/09/2016 17:52:50] C:\AdwCleaner\AdwCleaner[S30].txt - [6425 Bytes] - [01/04/2017 13:47:24] C:\AdwCleaner\AdwCleaner[S31].txt - [4846 Bytes] - [01/04/2017 14:04:05] C:\AdwCleaner\AdwCleaner[S32].txt - [4994 Bytes] - [01/04/2017 15:22:02] C:\AdwCleaner\AdwCleaner[S33].txt - [5142 Bytes] - [01/04/2017 15:32:37] C:\AdwCleaner\AdwCleaner[S34].txt - [5401 Bytes] - [06/04/2017 13:34:14] C:\AdwCleaner\AdwCleaner[S35].txt - [5362 Bytes] - [06/04/2017 13:40:17] C:\AdwCleaner\AdwCleaner[S36].txt - [5509 Bytes] - [06/04/2017 14:12:25] C:\AdwCleaner\AdwCleaner[S37].txt - [5848 Bytes] - [09/04/2017 17:53:51] C:\AdwCleaner\AdwCleaner[S38].txt - [12151 Bytes] - [14/04/2017 18:47:29] C:\AdwCleaner\AdwCleaner[S3].txt - [1344 Bytes] - [17/09/2016 20:42:20] C:\AdwCleaner\AdwCleaner[S4].txt - [1493 Bytes] - [10/12/2016 14:10:38] C:\AdwCleaner\AdwCleaner[S5].txt - [1566 Bytes] - [20/12/2016 18:29:40] C:\AdwCleaner\AdwCleaner[S6].txt - [1650 Bytes] - [06/01/2017 13:25:19] C:\AdwCleaner\AdwCleaner[S7].txt - [1721 Bytes] - [12/01/2017 16:07:28] C:\AdwCleaner\AdwCleaner[S8].txt - [1794 Bytes] - [27/01/2017 16:11:22] C:\AdwCleaner\AdwCleaner[S9].txt - [1869 Bytes] - [15/02/2017 15:35:13] ########## EOF - C:\AdwCleaner\AdwCleaner[S38].txt - [12737 Bytes] ##########