2017-04-26 09:57:19 : [main] - Saving current options to the configuration file 2017-04-26 09:57:23 : [main.gui] - Scan requested 2017-04-26 09:57:23 : [scan] - Running from: C:\AdwCleaner 2017-04-26 09:57:23 : [scan] - Progress: 0% 2017-04-26 09:57:23 : [database] - Using local database 2017-04-26 09:57:23 : [scan] - Progress: 5% 2017-04-26 09:57:23 : [database] - Initialize the database 2017-04-26 09:57:23 : [database] - Loading sqlite3.dll 2017-04-26 09:57:23 : [database] - Opening the database 2017-04-26 09:57:23 : [database] - Querying database's version 2017-04-26 09:57:23 : [database] - Loading internal data 2017-04-26 09:57:23 : [database] - Loading detections 2017-04-26 09:57:27 : [database] - Loading generics 2017-04-26 09:57:27 : [database] - Closing the database 2017-04-26 09:57:27 : [database] - Closing database 2017-04-26 09:57:27 : [database] - Unloading sqlite3.dll 2017-04-26 09:57:27 : [scan] - Progress: 15% 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [1] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [2] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [3] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [4] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [5] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [6] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [7] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [8] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [9] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [10] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [11] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [12] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [13] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [14] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [15] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [16] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [17] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [18] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [19] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [20] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [21] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [22] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [23] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [24] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [25] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [26] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [27] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [28] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [29] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [30] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [31] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [32] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [33] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [34] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [35] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [36] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [37] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [38] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [39] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [40] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [41] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [42] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [43] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [44] 2017-04-26 09:57:27 : [scan.generic] - Generating generic detections [45] 2017-04-26 09:57:27 : [scan.generic] - Generic detections generated 2017-04-26 09:57:27 : [scan] - Progress: 20% 2017-04-26 09:57:27 : [scan.generic] - Starting generic analysis 2017-04-26 09:57:27 : [scan.generic] - Found e2903e0f6f7551838556f4481716e1e5.sys 2017-04-26 09:57:28 : [scan.generic] - Found Browser Updater Task(Core) 2017-04-26 09:57:28 : [scan] - Progress: 30% 2017-04-26 09:57:28 : [scan.services] - Starting services scan [1] 2017-04-26 09:57:28 : [scan.registry] - Found winzipersvc 2017-04-26 09:57:28 : [scan.registry] - Found winzipersvc 2017-04-26 09:57:28 : [scan.registry] - Found qkseeService 2017-04-26 09:57:28 : [scan.registry] - Found qkseeService 2017-04-26 09:57:28 : [scan.registry] - Found ByteFenceService 2017-04-26 09:57:28 : [scan.registry] - Found ByteFenceService 2017-04-26 09:57:28 : [scan.registry] - Found WinSnare 2017-04-26 09:57:28 : [scan.registry] - Found WinSnare 2017-04-26 09:57:28 : [scan.registry] - Found SNARER 2017-04-26 09:57:28 : [scan.registry] - Found SNARER 2017-04-26 09:57:28 : [scan.registry] - Found SNARE 2017-04-26 09:57:28 : [scan.registry] - Found SNARE 2017-04-26 09:57:28 : [scan.services] - Stopping services scan [1] 2017-04-26 09:57:28 : [scan.services] - Starting services scan [2] 2017-04-26 09:57:28 : [scan.services] - Stopping services scan [2] 2017-04-26 09:57:28 : [scan.services] - 0 malicious services found 2017-04-26 09:57:28 : [scan] - Progress: 40% 2017-04-26 09:57:28 : [scan.folders] - Starting folders scan 2017-04-26 09:57:29 : [scan.folders] - Found C:\USERs\USER\AppData\Local\Coldmay 2017-04-26 09:57:29 : [scan.folders] - Found C:\USERs\USER\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD} 2017-04-26 09:57:29 : [scan.folders] - Found C:\USERs\USER\AppData\Local\SNARER 2017-04-26 09:57:30 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\cpuminer 2017-04-26 09:57:30 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\ImageCropResize 2017-04-26 09:57:30 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\WinZiper 2017-04-26 09:57:30 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\gplyra 2017-04-26 09:57:30 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Tencent 2017-04-26 09:57:30 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\WinSAPSvc 2017-04-26 09:57:30 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\WinSnare 2017-04-26 09:57:30 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Kyubey 2017-04-26 09:57:31 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YSPackage 2017-04-26 09:57:31 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2017-04-26 09:57:32 : [scan.folders] - Found C:\Program Files\ByteFence 2017-04-26 09:57:32 : [scan.folders] - Found C:\Program Files\Plumbytes Software 2017-04-26 09:57:32 : [scan.folders] - Found C:\Program Files\Common Files\Tencent 2017-04-26 09:57:33 : [scan.folders] - Found C:\ProgramData\TXQMPC 2017-04-26 09:57:33 : [scan.folders] - Found C:\ProgramData\QQBrowser 2017-04-26 09:57:33 : [scan.folders] - Found C:\ProgramData\Tencent 2017-04-26 09:57:33 : [scan.folders] - Found C:\ProgramData\ChelfNotify 2017-04-26 09:57:33 : [scan.folders] - Found C:\ProgramData\Allhair 2017-04-26 09:57:33 : [scan.folders] - Found C:\ProgramData\ytd video downloader 2017-04-26 09:57:33 : [scan.folders] - Found C:\ProgramData\WinSAPSvc 2017-04-26 09:57:33 : [scan.folders] - Found C:\ProgramData\BaofengUpdate_U 2017-04-26 09:57:33 : [scan.folders] - Found C:\ProgramData\Redjane 2017-04-26 09:57:33 : [scan.folders] - Found C:\ProgramData\chelfnotify 2017-04-26 09:57:33 : [scan.folders] - Found C:\ProgramData\gjcfj 2017-04-26 09:57:34 : [scan.folders] - Found C:\ProgramData\jcfjc 2017-04-26 09:57:34 : [scan.folders] - Found C:\ProgramData\Application Data\TXQMPC 2017-04-26 09:57:34 : [scan.folders] - Found C:\ProgramData\Application Data\QQBrowser 2017-04-26 09:57:34 : [scan.folders] - Found C:\ProgramData\Application Data\Tencent 2017-04-26 09:57:34 : [scan.folders] - Found C:\ProgramData\Application Data\ChelfNotify 2017-04-26 09:57:34 : [scan.folders] - Found C:\ProgramData\Application Data\Allhair 2017-04-26 09:57:34 : [scan.folders] - Found C:\ProgramData\Application Data\ytd video downloader 2017-04-26 09:57:34 : [scan.folders] - Found C:\ProgramData\Application Data\WinSAPSvc 2017-04-26 09:57:34 : [scan.folders] - Found C:\ProgramData\Application Data\BaofengUpdate_U 2017-04-26 09:57:34 : [scan.folders] - Found C:\ProgramData\Application Data\Redjane 2017-04-26 09:57:34 : [scan.folders] - Found C:\ProgramData\Application Data\chelfnotify 2017-04-26 09:57:34 : [scan.folders] - Found C:\ProgramData\Application Data\gjcfj 2017-04-26 09:57:34 : [scan.folders] - Found C:\ProgramData\Application Data\jcfjc 2017-04-26 09:57:34 : [scan.folders] - Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sear 2017-04-26 09:57:34 : [scan.folders] - Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader 2017-04-26 09:57:34 : [scan.folders] - Found C:\Program Files (x86)\GreenTree Applications 2017-04-26 09:57:35 : [scan.folders] - Found C:\Program Files (x86)\WinZipper 2017-04-26 09:57:35 : [scan.folders] - Found C:\Program Files (x86)\TData 2017-04-26 09:57:35 : [scan.folders] - Found C:\Program Files (x86)\CleanBrowser 2017-04-26 09:57:35 : [scan.folders] - Found C:\Program Files (x86)\QQBrowser 2017-04-26 09:57:35 : [scan.folders] - Found C:\Program Files (x86)\HomePageDefender 2017-04-26 09:57:35 : [scan.folders] - Found C:\Program Files (x86)\yesbnd 2017-04-26 09:57:35 : [scan.folders] - Found C:\Program Files (x86)\TXQQBrowser 2017-04-26 09:57:35 : [scan.folders] - Found C:\Program Files (x86)\Tencent 2017-04-26 09:57:35 : [scan.folders] - Found C:\Program Files (x86)\WinSaber 2017-04-26 09:57:35 : [scan.folders] - Found C:\Program Files (x86)\winsaber 2017-04-26 09:57:35 : [scan.folders] - Found C:\Program Files (x86)\Allhair 2017-04-26 09:57:35 : [scan.folders] - Found C:\Program Files (x86)\InterHop 2017-04-26 09:57:35 : [scan.folders] - Found C:\Program Files (x86)\WinArcher 2017-04-26 09:57:35 : [scan.folders] - Found C:\Program Files (x86)\UvConverter 2017-04-26 09:57:35 : [scan.folders] - Found C:\Program Files (x86)\winarcher 2017-04-26 09:57:35 : [scan.folders] - Found C:\Program Files (x86)\Gubed 2017-04-26 09:57:35 : [scan.folders] - Found C:\Program Files (x86)\Gub 2017-04-26 09:57:35 : [scan.folders] - Found C:\Program Files (x86)\BikaQRssReader 2017-04-26 09:57:35 : [scan.folders] - Found C:\Program Files (x86)\Skusenzecult 2017-04-26 09:57:35 : [scan.folders] - Found C:\Program Files (x86)\bilibili 2017-04-26 09:57:35 : [scan.folders] - Found C:\Program Files (x86)\BikaQRss 2017-04-26 09:57:35 : [scan.folders] - Found C:\Program Files (x86)\Coldmay 2017-04-26 09:57:35 : [scan.folders] - Found C:\Program Files (x86)\Common Files\Tencent 2017-04-26 09:57:37 : [scan.folders] - Found C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent 2017-04-26 09:57:37 : [scan.folders] - Found C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\aMule 2017-04-26 09:57:38 : [scan.folders] - Found C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC 2017-04-26 09:57:38 : [scan.folders] - Found C:\Users\Public\Documents\dmp 2017-04-26 09:57:38 : [scan.folders] - Found C:\Program Files (x86)\Firefox 2017-04-26 09:57:38 : [scan.folders] - Found C:\ProgramData\WinTools 2017-04-26 09:57:38 : [scan.folders] - Found C:\Users\USER\AppData\Roaming\WinSnare 2017-04-26 09:57:38 : [scan.folders] - Found C:\Program Files (x86)\reports 2017-04-26 09:57:38 : [scan.folders] - Found C:\Users\USER\AppData\Roaming\Firefox 2017-04-26 09:57:38 : [scan.folders] - Found C:\Users\USER\AppData\Local\Firefox 2017-04-26 09:57:38 : [scan.folders] - Found C:\Users\USER\AppData\Roaming\clean 2017-04-26 09:57:38 : [scan.folders] - Found C:\UPDATE\PSGO 2017-04-26 09:57:38 : [scan.folders] - Found C:\Users\USER\AppData\Local\SNARE 2017-04-26 09:57:38 : [scan.folders] - Found C:\Users\USER\AppData\Local\Kitty 2017-04-26 09:57:38 : [scan.folders] - Found C:\Windows\Update\psgo 2017-04-26 09:57:38 : [scan.folders] - Stopping folders scan 2017-04-26 09:57:38 : [scan.folders] - 81 malicious folders found 2017-04-26 09:57:38 : [scan] - Progress: 50% 2017-04-26 09:57:38 : [scan.files] - Starting files scan 2017-04-26 09:57:39 : [scan.files] - Found C:\Windows\SysNative\log\iSafeKrnlCall.log 2017-04-26 09:57:40 : [scan.files] - Found C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys 2017-04-26 09:57:40 : [scan.files] - Found C:\Windows\SysNative\drivers\iSafeNetFilter.sys 2017-04-26 09:57:40 : [scan.files] - Found C:\Windows\SysNative\drivers\TFsFltX64.sys 2017-04-26 09:57:40 : [scan.files] - Found C:\Windows\SysNative\drivers\TAOKernelEx64.sys 2017-04-26 09:57:40 : [scan.files] - Found C:\Users\Public\Desktop\YTD Video Downloader.lnk 2017-04-26 09:57:41 : [scan.files] - Found C:\Program Files (x86)\Common Files\SERVICES\ITHEMES.DLL 2017-04-26 09:57:41 : [scan.files] - Found C:\Program Files (x86)\settings.dat 2017-04-26 09:57:41 : [scan.files] - Found C:\Users\Public\Documents\cfg.ini 2017-04-26 09:57:41 : [scan.files] - Found C:\Users\Public\Documents\cc.ini 2017-04-26 09:57:41 : [scan.files] - Found C:\Users\Public\Documents\temp.dat 2017-04-26 09:57:41 : [scan.files] - Found C:\Users\Public\Documents\report.dat 2017-04-26 09:57:41 : [scan.files] - Found C:\Users\Public\Desktop\FLV Player.lnk 2017-04-26 09:57:41 : [scan.files] - Found C:\Users\USER\AppData\Local\AMD\amd.exe 2017-04-26 09:57:41 : [scan.files] - Stopping files scan 2017-04-26 09:57:41 : [scan.files] - 15 malicious files found 2017-04-26 09:57:41 : [scan] - Progress: 55% 2017-04-26 09:57:41 : [scan.dll] - Starting DLL scan 2017-04-26 09:57:41 : [scan.dll] - Stopping DLL scan 2017-04-26 09:57:41 : [scan.dll] - 0 malicious DLL found 2017-04-26 09:57:41 : [scan] - Progress: 60% 2017-04-26 09:57:41 : [scan.wmi] - Starting WMI scan 2017-04-26 09:57:41 : [scan.wmi] - Stopping WMI scan 2017-04-26 09:57:41 : [scan.wmi] - 0 malicious WMI found 2017-04-26 09:57:41 : [scan] - Progress: 65% 2017-04-26 09:57:41 : [scan.shortcuts] - Starting shortcuts scan 2017-04-26 09:57:41 : [scan.shortcuts] - Found C:\USERs\USER\Desktop\chrome.exe - Shortcut (2).lnk [http://www.ourluckysites.com/?type=sc&ts=1493101566&z=6cfc98e90f4a9d90c8b9b77gaz7t6c4gfeegbw5w0c&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT] 2017-04-26 09:57:41 : [scan.shortcuts] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [http://www.mylucky123.com/?type=sc&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT] 2017-04-26 09:57:41 : [scan.shortcuts] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\chrome.exe - Shortcut (2).lnk [http://www.ourluckysites.com/?type=sc&ts=1493101566&z=6cfc98e90f4a9d90c8b9b77gaz7t6c4gfeegbw5w0c&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT] 2017-04-26 09:57:41 : [scan.shortcuts] - Stopping shortcuts scan 2017-04-26 09:57:41 : [scan.shortcuts] - 3 malicious shortcuts found 2017-04-26 09:57:41 : [scan] - Progress: 70% 2017-04-26 09:57:41 : [scan.tasks] - Starting tasks scan 2017-04-26 09:57:41 : [scan.tasks] - Found ByteFence 2017-04-26 09:57:41 : [scan.tasks] - Found Browser Updater Task(Core) 2017-04-26 09:57:42 : [scan.tasks] - Found WinTOOL 2017-04-26 09:57:42 : [scan.tasks] - Found Milimili 2017-04-26 09:57:42 : [scan.tasks] - Found RedjaneUpdateTaskMachineUA 2017-04-26 09:57:42 : [scan.tasks] - Found RedjaneUpdateTaskMachineCore 2017-04-26 09:57:42 : [scan.tasks] - Found Windows-PG 2017-04-26 09:57:42 : [scan.tasks] - Stopping tasks scan 2017-04-26 09:57:42 : [scan.tasks] - 8 malicious tasks found 2017-04-26 09:57:42 : [scan] - Progress: 75% 2017-04-26 09:57:42 : [scan.registry] - Starting registry scan [1] 2017-04-26 09:57:47 : [scan.registry] - Stopping registry scan [1] 2017-04-26 09:57:47 : [scan.registry] - Starting registry scan [2] 2017-04-26 09:57:48 : [scan.registry] - Found {51BEE30D-EEC8-4BA3-930B-298B8E759EB1} 2017-04-26 09:57:48 : [scan.registry] - Found 3045035B-3C14-4698-8AC4-ADB18CC42C1E 2017-04-26 09:57:48 : [scan.registry] - Found {70DE12EA-79F4-46BC-9812-86DB50A2FD64} 2017-04-26 09:57:48 : [scan.registry] - Found {03AE1B7B-A9E7-4D5A-9D34-89999C31B659} 2017-04-26 09:57:48 : [scan.registry] - Found {E7270EC6-0113-4A78-B610-E501D0A9E48E} 2017-04-26 09:57:48 : [scan.registry] - Found {357D32FC-F0AE-4B37-B36F-D44AA31496F5} 2017-04-26 09:57:48 : [scan.registry] - Found {80B3B43F-7508-4627-BE66-00FB9AE5EE72} 2017-04-26 09:57:48 : [scan.registry] - Found {5A83D7C9-4A14-4000-BC05-389268238753} 2017-04-26 09:57:49 : [scan.registry] - Found {29B6CFD5-0064-411A-8C42-9890C83F9921} 2017-04-26 09:57:55 : [scan.registry] - Stopping registry scan [2] 2017-04-26 09:57:55 : [scan.registry] - Starting registry scan [3] 2017-04-26 09:57:55 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-04-26 09:57:55 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-04-26 09:57:56 : [scan.registry] - Found PRODUCTSETUP 2017-04-26 09:57:56 : [scan.registry] - Found WajIEnhance 2017-04-26 09:57:56 : [scan.registry] - Found csastats 2017-04-26 09:57:56 : [scan.registry] - Found WinSnare 2017-04-26 09:57:56 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-04-26 09:57:56 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-04-26 09:57:57 : [scan.registry] - Found PRODUCTSETUP 2017-04-26 09:57:57 : [scan.registry] - Found WajIEnhance 2017-04-26 09:57:57 : [scan.registry] - Found csastats 2017-04-26 09:57:57 : [scan.registry] - Found WinSnare 2017-04-26 09:57:57 : [scan.registry] - Found ByteFence 2017-04-26 09:57:57 : [scan.registry] - Found hdcode 2017-04-26 09:57:57 : [scan.registry] - Found yessearchesSoftware 2017-04-26 09:57:57 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-04-26 09:57:57 : [scan.registry] - Found Social2Sear 2017-04-26 09:57:57 : [scan.registry] - Found {E6276374-DE18-4AA5-A365-9016A2F98A2D} 2017-04-26 09:57:57 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-04-26 09:57:57 : [scan.registry] - Found ScreenShot 2017-04-26 09:57:57 : [scan.registry] - Found WinZiper 2017-04-26 09:57:57 : [scan.registry] - Found WinSaberSvc 2017-04-26 09:57:57 : [scan.registry] - Found InterHop 2017-04-26 09:57:57 : [scan.registry] - Found WinArcher 2017-04-26 09:57:57 : [scan.registry] - Found amule-custom 2017-04-26 09:57:57 : [scan.registry] - Found mylucky123Software 2017-04-26 09:57:57 : [scan.registry] - Found UvConverter 2017-04-26 09:57:57 : [scan.registry] - Found UvConv 2017-04-26 09:57:57 : [scan.registry] - Found ourluckysitesSoftware 2017-04-26 09:57:57 : [scan.registry] - Found ByteFence 2017-04-26 09:57:57 : [scan.registry] - Found {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} 2017-04-26 09:57:57 : [scan.registry] - Found {A0275D4F-FFAB-4A42-9874-B871B1C4CA3D} 2017-04-26 09:57:57 : [scan.registry] - Found {19539992-061C-4E8B-9053-07B175303AF4} 2017-04-26 09:57:57 : [scan.registry] - Found Corner Sunshine 2017-04-26 09:57:58 : [scan.registry] - Found PRODUCTSETUP 2017-04-26 09:57:58 : [scan.registry] - Found WajIEnhance 2017-04-26 09:57:58 : [scan.registry] - Found csastats 2017-04-26 09:57:58 : [scan.registry] - Found WinSnare 2017-04-26 09:57:58 : [scan.registry] - Found ByteFence 2017-04-26 09:57:58 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-04-26 09:57:58 : [scan.registry] - Found Social2Sear 2017-04-26 09:57:58 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-04-26 09:57:58 : [scan.registry] - Found InterSect Alliance 2017-04-26 09:57:58 : [scan.registry] - Found Corner Sunshine 2017-04-26 09:57:58 : [scan.registry] - Stopping registry scan [3] 2017-04-26 09:57:58 : [scan] - Progress: 80% 2017-04-26 09:57:58 : [scan.registry] - Starting registry scan [4] 2017-04-26 09:57:58 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-26 09:57:58 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-26 09:57:58 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-26 09:57:58 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-26 09:57:58 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-26 09:57:58 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-26 09:57:58 : [scan.registry] - Found 29993591C160B8E40935701B5703A34F 2017-04-26 09:57:58 : [scan.registry] - Found B68CE107A2DED706DC47D6BC4BF3C4C1 2017-04-26 09:57:58 : [scan.registry] - Found 9C767D9D7BB3F9C4B839FF09B6C80DCF 2017-04-26 09:57:58 : [scan.registry] - Found 4EE2F0310EBEC29A0C48C035C43786AA 2017-04-26 09:57:58 : [scan.registry] - Found 4B2A47D6F1D42DD81A292C027724D291 2017-04-26 09:57:58 : [scan.registry] - Found 02C076B2283AB74D88D5E4D34BC497FF 2017-04-26 09:57:58 : [scan.registry] - Found 29993591C160B8E40935701B5703A34F 2017-04-26 09:57:58 : [scan.registry] - Found FFA0118CE95AE0D70F14E7E8A72452C8 2017-04-26 09:57:58 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-26 09:57:58 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-26 09:57:58 : [scan.registry] - Found 29993591C160B8E40935701B5703A34F 2017-04-26 09:57:58 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-26 09:57:58 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-26 09:57:58 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-26 09:57:58 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-26 09:57:58 : [scan.registry] - Stopping registry scan [4] 2017-04-26 09:57:58 : [scan.registry] - Starting registry scan [5] 2017-04-26 09:57:58 : [scan.registry] - Found HKU\S-1-5-21-164198420-4263444884-1301349549-1001\Software\Microsoft\Internet Explorer\Main Start Page https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro 2017-04-26 09:57:58 : [scan.registry] - Found HKU\S-1-5-21-164198420-4263444884-1301349549-1001\Software\Microsoft\Internet Explorer\Main Default_Page_URL http://www.mylucky123.com/?type=hp&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT 2017-04-26 09:57:58 : [scan.registry] - Found HKCU\Software\Microsoft\Internet Explorer\Main Start Page https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro 2017-04-26 09:57:58 : [scan.registry] - Found HKCU\Software\Microsoft\Internet Explorer\Main Default_Page_URL http://www.mylucky123.com/?type=hp&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT 2017-04-26 09:57:58 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Internet Explorer\Main Default_Search_URL http://www.mylucky123.com/search/?type=ds&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT&q={searchTerms} 2017-04-26 09:57:58 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Internet Explorer\Main Default_Page_URL http://www.mylucky123.com/?type=hp&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT 2017-04-26 09:57:58 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Internet Explorer\Main Start Page https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro 2017-04-26 09:57:58 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Internet Explorer\Main Search Page http://www.mylucky123.com/search/?type=ds&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT&q={searchTerms} 2017-04-26 09:57:59 : [scan.registry] - Found HKCU64\Software\Microsoft\Internet Explorer\Main Start Page https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro 2017-04-26 09:57:59 : [scan.registry] - Found HKCU64\Software\Microsoft\Internet Explorer\Main Default_Page_URL http://www.mylucky123.com/?type=hp&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT 2017-04-26 09:57:59 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Default_Search_URL http://www.mylucky123.com/search/?type=ds&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT&q={searchTerms} 2017-04-26 09:57:59 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Default_Page_URL http://www.mylucky123.com/?type=hp&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT 2017-04-26 09:57:59 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Start Page https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro 2017-04-26 09:57:59 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Search Page http://www.mylucky123.com/search/?type=ds&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT&q={searchTerms} 2017-04-26 09:57:59 : [scan.registry] - Stopping registry scan [5] 2017-04-26 09:57:59 : [scan] - Progress: 82% 2017-04-26 09:57:59 : [scan.registry] - Starting registry scan [6] 2017-04-26 09:57:59 : [scan.registry] - Stopping registry scan [6] 2017-04-26 09:57:59 : [scan.registry] - Starting registry scan [7] 2017-04-26 09:57:59 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-04-26 09:57:59 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-04-26 09:57:59 : [scan.registry] - Found HKU\S-1-5-21-164198420-4263444884-1301349549-1001\Software\Microsoft\Internet Explorer\SearchScopes\ 2017-04-26 09:57:59 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-04-26 09:57:59 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-04-26 09:57:59 : [scan.registry] - Found HKCU\Software\Microsoft\Internet Explorer\SearchScopes\ 2017-04-26 09:57:59 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-04-26 09:57:59 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-04-26 09:57:59 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ 2017-04-26 09:57:59 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-04-26 09:57:59 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-04-26 09:57:59 : [scan.registry] - Found HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\ 2017-04-26 09:57:59 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-04-26 09:57:59 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-04-26 09:57:59 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ 2017-04-26 09:57:59 : [scan.registry] - Stopping registry scan [7] 2017-04-26 09:57:59 : [scan.registry] - Starting registry scan [8] 2017-04-26 09:57:59 : [scan.registry] - Stopping registry scan [8] 2017-04-26 09:57:59 : [scan] - Progress: 84% 2017-04-26 09:57:59 : [scan.registry] - Starting registry scan [9] 2017-04-26 09:57:59 : [scan.registry] - Found HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 2017-04-26 09:57:59 : [scan.registry] - Found HKLM64\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 2017-04-26 09:57:59 : [scan.registry] - Stopping registry scan [9] 2017-04-26 09:57:59 : [scan.registry] - Starting registry scan [10] 2017-04-26 09:57:59 : [scan.registry] - Stopping registry scan [10] 2017-04-26 09:57:59 : [scan.registry] - Starting registry scan [11] 2017-04-26 09:57:59 : [scan.registry] - Stopping registry scan [11] 2017-04-26 09:57:59 : [scan.registry] - Starting registry scan [12] 2017-04-26 09:57:59 : [scan.registry] - Stopping registry scan [12] 2017-04-26 09:57:59 : [scan.registry] - Starting registry scan [13] 2017-04-26 09:57:59 : [scan.registry] - Stopping registry scan [13] 2017-04-26 09:57:59 : [scan.registry] - Starting registry scan [14] 2017-04-26 09:57:59 : [scan.registry] - Stopping registry scan [14] 2017-04-26 09:57:59 : [scan.registry] - Starting registry scan [15] 2017-04-26 09:57:59 : [scan.registry] - Stopping registry scan [15] 2017-04-26 09:57:59 : [scan.registry] - Starting registry scan [16] 2017-04-26 09:57:59 : [scan.registry] - Stopping registry scan [16] 2017-04-26 09:57:59 : [scan.registry] - Starting registry scan [17] 2017-04-26 09:57:59 : [scan.registry] - Stopping registry scan [17] 2017-04-26 09:57:59 : [scan.registry] - Starting registry scan [18] 2017-04-26 09:57:59 : [scan.registry] - Found gplyra 2017-04-26 09:57:59 : [scan.registry] - Found gplyra 2017-04-26 09:57:59 : [scan.registry] - Found gplyra 2017-04-26 09:57:59 : [scan.registry] - Stopping registry scan [18] 2017-04-26 09:57:59 : [scan] - Progress: 86% 2017-04-26 09:57:59 : [scan.registry] - Starting registry scan [19] 2017-04-26 09:57:59 : [scan.registry] - Found HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE 2017-04-26 09:57:59 : [scan.registry] - Found HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper 2017-04-26 09:57:59 : [scan.registry] - Found HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper 2017-04-26 09:57:59 : [scan.registry] - Found HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper 2017-04-26 09:57:59 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP 2017-04-26 09:57:59 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP 2017-04-26 09:57:59 : [scan.registry] - Found HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-04-26 09:57:59 : [scan.registry] - Found HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-04-26 09:57:59 : [scan.registry] - Found HKEY_CLASSES_ROOT\.qmgc 2017-04-26 09:57:59 : [scan.registry] - Found HKLM\SOFTWARE\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E 2017-04-26 09:57:59 : [scan.registry] - Found HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-04-26 09:57:59 : [scan.registry] - Found HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-04-26 09:57:59 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost WinSAPSvc 2017-04-26 09:57:59 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost ArcherGroupEx 2017-04-26 09:57:59 : [scan.registry] - Found HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper 2017-04-26 09:57:59 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Services\Themes DependOnService 2017-04-26 09:57:59 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost GubedZLGroupEx 2017-04-26 09:57:59 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost GubZLGroEx 2017-04-26 09:57:59 : [scan.registry] - Found HKCU\SOFTWARE\Classes\ChromeHTML 2017-04-26 09:57:59 : [scan.registry] - Found HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML 2017-04-26 09:57:59 : [scan.registry] - Stopping registry scan [19] 2017-04-26 09:57:59 : [scan] - Progress: 88% 2017-04-26 09:57:59 : [scan.registry] - 140 malicious registry element found 2017-04-26 09:57:59 : [scan] - Progress: 90% 2017-04-26 09:57:59 : [main] - Firefox is installed: True 2017-04-26 09:57:59 : [scan.firefox] - Starting Firefox based browsers scan [1] 2017-04-26 09:58:01 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\Extensions\arthurj8283@gmail.com 2017-04-26 09:58:01 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com] 2017-04-26 09:58:02 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com] 2017-04-26 09:58:03 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com] 2017-04-26 09:58:04 : [scan.firefox] - Stopping Firefox based browsers scan [1] 2017-04-26 09:58:04 : [scan.firefox] - Starting Firefox based browsers scan [2] 2017-04-26 09:58:04 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\nice.xml 2017-04-26 09:58:04 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\mylucky123.xml 2017-04-26 09:58:04 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\yahoo! powered search.xml 2017-04-26 09:58:04 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\amisites.xml 2017-04-26 09:58:04 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\startpageing123.xml 2017-04-26 09:58:04 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\luck.xml 2017-04-26 09:58:04 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\ourluckysites.xml 2017-04-26 09:58:04 : [scan.firefox] - Stopping Firefox based browsers scan [2] 2017-04-26 09:58:04 : [scan] - Progress: 92% 2017-04-26 09:58:04 : [scan.firefox] - Starting Firefox based browsers scan [3] 2017-04-26 09:58:04 : [scan.firefox] - Reading C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\prefs.js 2017-04-26 09:58:04 : [scan.firefox] - Found "browser.search.selectedEngine" - "Yahoo! Powered Search" 2017-04-26 09:58:04 : [scan.firefox] - Found "browser.search.searchengine.url" - "http://www.luckysearch123.com/search.php?type=ds&ts=1489036179&from=5fdc0308&uid=toshibaxmq01abd100_35ilpkumtxx35ilpkumt&z=089d55749609940b66ce91dgfz3b3t8eac6qegfqam&q={searchTerms}" 2017-04-26 09:58:04 : [scan.firefox] - Found "browser.search.defaultenginename" - "Yahoo! Powered Search" 2017-04-26 09:58:04 : [scan.firefox] - Found "browser.newtab.url" - "http://www.nicesearches.com?type=hp&ts=1478740517&from=ead80003&uid=toshibaxmq01abd100_35ilpkumtxx35ilpkumt&z=4bfed39884d9632aea37899gcz0m0b7mez5edw5gaz" 2017-04-26 09:58:04 : [scan.firefox] - Found "browser.search.order.1" - "nice" 2017-04-26 09:58:04 : [scan.firefox] - Found "browser.search.searchengine.iconURL" - "http://www.luckysearch123.com/favicon.ico?t=1" 2017-04-26 09:58:04 : [scan.firefox] - Found "browser.startup.homepage" - "https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro" 2017-04-26 09:58:04 : [scan.firefox] - Reading C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\user.js 2017-04-26 09:58:04 : [scan.firefox] - No profile to scan, skipping 2017-04-26 09:58:04 : [scan.firefox] - No profile to scan, skipping 2017-04-26 09:58:04 : [scan.firefox] - No profile to scan, skipping 2017-04-26 09:58:04 : [scan] - Progress: 94% 2017-04-26 09:58:04 : [scan.firefox] - Stopping Firefox based browsers scan [3] 2017-04-26 09:58:04 : [scan.firefox] - 7 malicious Firefox preferences found 2017-04-26 09:58:04 : [scan] - Progress: 95% 2017-04-26 09:58:04 : [main] - Chrome is installed: True 2017-04-26 09:58:04 : [scan.chromium] - Starting Chromium based browsers scan [1] 2017-04-26 09:58:05 : [scan.chromium] - Found HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-04-26 09:58:05 : [scan.chromium] - Found HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-04-26 09:58:05 : [scan.chromium] - Found HKCU64\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-04-26 09:58:05 : [scan.chromium] - Found HKLM64\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-04-26 09:58:05 : [scan.chromium] - Stopping Chromium based browsers scan [1] 2017-04-26 09:58:05 : [scan] - Progress: 97% 2017-04-26 09:58:05 : [scan.chromium] - Starting Chromium based browsers scan [2] 2017-04-26 09:58:05 : [scan.chromium] - No profile to scan, skipping 2017-04-26 09:58:05 : [scan.chromium] - Opening C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Data 2017-04-26 09:58:05 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] uk.ask.com 2017-04-26 09:58:05 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] yessearches 2017-04-26 09:58:05 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] mylucky123 2017-04-26 09:58:05 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] nice 2017-04-26 09:58:05 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] ourluckysites 2017-04-26 09:58:05 : [scan.chromium] - Closing C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Data 2017-04-26 09:58:05 : [scan.chromium] - Opening C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences 2017-04-26 09:58:07 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [startup_urls] http://www.nicesearches.com?type=hp&ts=1478740517&from=ead80003&uid=toshibaxmq01abd100_35ilpkumtxx35ilpkumt&z=4bfed39884d9632aea37899gcz0m0b7mez5edw5gaz 2017-04-26 09:58:07 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [favicon_url] http://www.mylucky123.com/searchfavicon.ico 2017-04-26 09:58:07 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [Extensions] pilplloabdedfmialnfchjomjmpjcoej 2017-04-26 09:58:07 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [Homepage] http://www.nicesearches.com?type=hp&ts=1478740517&from=ead80003&uid=toshibaxmq01abd100_35ilpkumtxx35ilpkumt&z=4bfed39884d9632aea37899gcz0m0b7mez5edw5gaz 2017-04-26 09:58:07 : [scan.chromium] - No profile to scan, skipping 2017-04-26 09:58:07 : [scan.chromium] - No profile to scan, skipping 2017-04-26 09:58:07 : [scan.chromium] - No profile to scan, skipping 2017-04-26 09:58:07 : [scan.chromium] - No profile to scan, skipping 2017-04-26 09:58:07 : [scan.chromium] - No profile to scan, skipping 2017-04-26 09:58:07 : [scan.chromium] - Stopping Chromium based browsers scan [2] 2017-04-26 09:58:07 : [scan] - Progress: 99% 2017-04-26 09:58:07 : [scan.chromium] - Starting Chromium based browsers scan [3] 2017-04-26 09:58:07 : [scan.chromium] - Stopping Chromium based browsers scan [3] 2017-04-26 09:58:07 : [scan.chromium] - 9 malicious Chromium preferences elements found 2017-04-26 09:58:07 : [scan] - Progress: 100% 2017-04-26 09:58:07 : [scan] - Stopping scan 2017-04-26 09:58:41 : [main.gui] - Clean requested 2017-04-26 09:58:43 : [main.gui] - Killing all processes 2017-04-26 09:58:43 : [main] - Killing [System Process](0) 2017-04-26 09:58:43 : [main] - Killing System(4) 2017-04-26 09:58:43 : [main] - smss.exe - (4) not killed - whitelisted 2017-04-26 09:58:43 : [main] - csrss.exe - (4) not killed - whitelisted 2017-04-26 09:58:43 : [main] - wininit.exe - (4) not killed - whitelisted 2017-04-26 09:58:43 : [main] - csrss.exe - (4) not killed - whitelisted 2017-04-26 09:58:43 : [main] - winlogon.exe - (4) not killed - whitelisted 2017-04-26 09:58:43 : [main] - services.exe - (4) not killed - whitelisted 2017-04-26 09:58:43 : [main] - lsass.exe - (4) not killed - whitelisted 2017-04-26 09:58:43 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-26 09:58:43 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-26 09:58:43 : [main] - dwm.exe - (4) not killed - whitelisted 2017-04-26 09:58:43 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-26 09:58:43 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-26 09:58:43 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-26 09:58:43 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-26 09:58:43 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-26 09:58:43 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-26 09:58:43 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-26 09:58:43 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-26 09:58:44 : [main] - dasHost.exe - (4) not killed - whitelisted 2017-04-26 09:58:44 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-26 09:58:44 : [main] - explorer.exe - (4) not killed - whitelisted 2017-04-26 09:58:44 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-26 09:58:44 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-26 09:58:44 : [main] - WmiPrvSE.exe - (4) not killed - whitelisted 2017-04-26 09:58:44 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-26 09:58:44 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-26 09:58:44 : [main] - LMS.exe - (4) not killed - whitelisted 2017-04-26 09:58:44 : [main] - Killing HPSIsvc.exe(3172) 2017-04-26 09:58:44 : [main] - Killing Allhair.exe(848) 2017-04-26 09:58:44 : [main] - Killing UvConverter.exe(1856) 2017-04-26 09:58:44 : [main] - Killing SearchIndexer.exe(3888) 2017-04-26 09:58:44 : [main] - Killing WMIC.exe(4800) 2017-04-26 09:58:44 : [main] - conhost.exe - (4800) not killed - whitelisted 2017-04-26 09:58:44 : [main] - Killing sppsvc.exe(3760) 2017-04-26 09:58:44 : [main] - SppExtComObj.Exe - (3760) not killed - whitelisted 2017-04-26 09:58:44 : [main] - svchost.exe - (3760) not killed - whitelisted 2017-04-26 09:58:44 : [main] - adwcleaner_6.046.exe - (3760) not killed - whitelisted 2017-04-26 09:58:44 : [main] - Killing dllhost.exe(2364) 2017-04-26 09:58:44 : [quarantine] - Quarantine database successfully opened 2017-04-26 09:58:44 : [clean] - Progress: 0% 2017-04-26 09:58:44 : [clean.services] - Starting services clean 2017-04-26 09:58:44 : [clean.services] - Nothing to clean. 2017-04-26 09:58:44 : [clean.services] - Stopping services clean 2017-04-26 09:58:44 : [clean] - Progress: 10% 2017-04-26 09:58:44 : [clean.folders] - Starting folders clean 2017-04-28 08:03:27 : INFO [main] - >>>> STARTING <<<< 2017-04-28 08:03:27 : INFO [main] - Version: 6.046 2017-04-28 08:03:27 : INFO [main] - RAM Usage: 32 2017-04-28 08:03:27 : INFO [main] - OS: WIN_81 X64 2017-04-28 08:03:27 : [main.language] - Checking the language 2017-04-28 08:03:27 : [main.language] - Language found: en 2017-04-28 08:03:27 : [main.network] - Checking the network connectivity 2017-04-28 08:03:27 : [main.network] - Network connectivity status: True 2017-04-28 08:03:27 : [main.eula] - Checking for EULA agreement 2017-04-28 08:03:27 : [main.network] - Check for updates 2017-04-28 08:03:27 : [main.network] - Requesting the last release number 2017-04-28 08:03:29 : [main.network] - The current version is up-to-date 2017-04-28 08:03:29 : [main.gui] - GUI setup 2017-04-28 08:03:29 : [main.gui] - Languages setup 2017-04-28 08:03:29 : [main] - Chrome is installed: True 2017-04-28 08:03:29 : [main] - Firefox is installed: True 2017-04-28 08:03:29 : [main.gui] - Showing the gui 2017-04-28 08:03:32 : [main.gui] - Showing Options window 2017-04-28 08:03:56 : [main] - Saving current options to the configuration file 2017-04-28 08:03:58 : [main.gui] - Scan requested 2017-04-28 08:03:58 : [scan] - Running from: C:\AdwCleaner 2017-04-28 08:03:58 : [scan] - Progress: 0% 2017-04-28 08:03:58 : [database] - Using local database 2017-04-28 08:03:58 : [scan] - Progress: 5% 2017-04-28 08:03:58 : [database] - Initialize the database 2017-04-28 08:03:58 : [database] - Loading sqlite3.dll 2017-04-28 08:03:58 : [database] - Opening the database 2017-04-28 08:03:58 : [database] - Querying database's version 2017-04-28 08:03:58 : [database] - Loading internal data 2017-04-28 08:03:58 : [database] - Loading detections 2017-04-28 08:04:01 : [database] - Loading generics 2017-04-28 08:04:01 : [database] - Closing the database 2017-04-28 08:04:01 : [database] - Closing database 2017-04-28 08:04:01 : [database] - Unloading sqlite3.dll 2017-04-28 08:04:02 : [scan] - Progress: 15% 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [1] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [2] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [3] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [4] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [5] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [6] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [7] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [8] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [9] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [10] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [11] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [12] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [13] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [14] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [15] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [16] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [17] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [18] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [19] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [20] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [21] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [22] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [23] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [24] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [25] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [26] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [27] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [28] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [29] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [30] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [31] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [32] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [33] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [34] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [35] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [36] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [37] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [38] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [39] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [40] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [41] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [42] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [43] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [44] 2017-04-28 08:04:02 : [scan.generic] - Generating generic detections [45] 2017-04-28 08:04:02 : [scan.generic] - Generic detections generated 2017-04-28 08:04:02 : [scan] - Progress: 20% 2017-04-28 08:04:02 : [scan.generic] - Starting generic analysis 2017-04-28 08:04:11 : [scan.generic] - Found e2903e0f6f7551838556f4481716e1e5.sys 2017-04-28 08:04:12 : [scan.generic] - Found Browser Updater Task(Core) 2017-04-28 08:04:13 : [scan] - Progress: 30% 2017-04-28 08:04:13 : [scan.services] - Starting services scan [1] 2017-04-28 08:04:13 : [scan.registry] - Found winzipersvc 2017-04-28 08:04:13 : [scan.registry] - Found winzipersvc 2017-04-28 08:04:13 : [scan.registry] - Found qkseeService 2017-04-28 08:04:13 : [scan.registry] - Found qkseeService 2017-04-28 08:04:13 : [scan.registry] - Found ByteFenceService 2017-04-28 08:04:13 : [scan.registry] - Found ByteFenceService 2017-04-28 08:04:13 : [scan.registry] - Found WinSnare 2017-04-28 08:04:13 : [scan.registry] - Found WinSnare 2017-04-28 08:04:13 : [scan.registry] - Found SNARER 2017-04-28 08:04:13 : [scan.registry] - Found SNARER 2017-04-28 08:04:13 : [scan.registry] - Found SNARE 2017-04-28 08:04:13 : [scan.registry] - Found SNARE 2017-04-28 08:04:13 : [scan.services] - Stopping services scan [1] 2017-04-28 08:04:13 : [scan.services] - Starting services scan [2] 2017-04-28 08:04:14 : [scan.services] - Stopping services scan [2] 2017-04-28 08:04:14 : [scan.services] - 0 malicious services found 2017-04-28 08:04:14 : [scan] - Progress: 40% 2017-04-28 08:04:14 : [scan.folders] - Starting folders scan 2017-04-28 08:04:14 : [scan.folders] - Found C:\USERs\USER\AppData\Local\Coldmay 2017-04-28 08:04:14 : [scan.folders] - Found C:\USERs\USER\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD} 2017-04-28 08:04:14 : [scan.folders] - Found C:\USERs\USER\AppData\Local\SNARER 2017-04-28 08:04:15 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\cpuminer 2017-04-28 08:04:15 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\ImageCropResize 2017-04-28 08:04:15 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\WinZiper 2017-04-28 08:04:15 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\gplyra 2017-04-28 08:04:15 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Tencent 2017-04-28 08:04:15 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\WinSAPSvc 2017-04-28 08:04:15 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\WinSnare 2017-04-28 08:04:15 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Kyubey 2017-04-28 08:04:17 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YSPackage 2017-04-28 08:04:17 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2017-04-28 08:04:18 : [scan.folders] - Found C:\Program Files\ByteFence 2017-04-28 08:04:18 : [scan.folders] - Found C:\Program Files\Plumbytes Software 2017-04-28 08:04:18 : [scan.folders] - Found C:\Program Files\Common Files\Tencent 2017-04-28 08:04:19 : [scan.folders] - Found C:\ProgramData\TXQMPC 2017-04-28 08:04:19 : [scan.folders] - Found C:\ProgramData\QQBrowser 2017-04-28 08:04:19 : [scan.folders] - Found C:\ProgramData\Tencent 2017-04-28 08:04:19 : [scan.folders] - Found C:\ProgramData\ChelfNotify 2017-04-28 08:04:19 : [scan.folders] - Found C:\ProgramData\Allhair 2017-04-28 08:04:19 : [scan.folders] - Found C:\ProgramData\ytd video downloader 2017-04-28 08:04:19 : [scan.folders] - Found C:\ProgramData\WinSAPSvc 2017-04-28 08:04:19 : [scan.folders] - Found C:\ProgramData\BaofengUpdate_U 2017-04-28 08:04:19 : [scan.folders] - Found C:\ProgramData\Redjane 2017-04-28 08:04:19 : [scan.folders] - Found C:\ProgramData\chelfnotify 2017-04-28 08:04:19 : [scan.folders] - Found C:\ProgramData\gjcfj 2017-04-28 08:04:19 : [scan.folders] - Found C:\ProgramData\jcfjc 2017-04-28 08:04:19 : [scan.folders] - Found C:\ProgramData\Application Data\TXQMPC 2017-04-28 08:04:19 : [scan.folders] - Found C:\ProgramData\Application Data\QQBrowser 2017-04-28 08:04:19 : [scan.folders] - Found C:\ProgramData\Application Data\Tencent 2017-04-28 08:04:19 : [scan.folders] - Found C:\ProgramData\Application Data\ChelfNotify 2017-04-28 08:04:19 : [scan.folders] - Found C:\ProgramData\Application Data\Allhair 2017-04-28 08:04:19 : [scan.folders] - Found C:\ProgramData\Application Data\ytd video downloader 2017-04-28 08:04:19 : [scan.folders] - Found C:\ProgramData\Application Data\WinSAPSvc 2017-04-28 08:04:19 : [scan.folders] - Found C:\ProgramData\Application Data\BaofengUpdate_U 2017-04-28 08:04:19 : [scan.folders] - Found C:\ProgramData\Application Data\Redjane 2017-04-28 08:04:19 : [scan.folders] - Found C:\ProgramData\Application Data\chelfnotify 2017-04-28 08:04:19 : [scan.folders] - Found C:\ProgramData\Application Data\gjcfj 2017-04-28 08:04:20 : [scan.folders] - Found C:\ProgramData\Application Data\jcfjc 2017-04-28 08:04:20 : [scan.folders] - Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sear 2017-04-28 08:04:20 : [scan.folders] - Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader 2017-04-28 08:04:20 : [scan.folders] - Found C:\Program Files (x86)\GreenTree Applications 2017-04-28 08:04:20 : [scan.folders] - Found C:\Program Files (x86)\WinZipper 2017-04-28 08:04:20 : [scan.folders] - Found C:\Program Files (x86)\TData 2017-04-28 08:04:20 : [scan.folders] - Found C:\Program Files (x86)\CleanBrowser 2017-04-28 08:04:20 : [scan.folders] - Found C:\Program Files (x86)\QQBrowser 2017-04-28 08:04:20 : [scan.folders] - Found C:\Program Files (x86)\HomePageDefender 2017-04-28 08:04:20 : [scan.folders] - Found C:\Program Files (x86)\yesbnd 2017-04-28 08:04:20 : [scan.folders] - Found C:\Program Files (x86)\TXQQBrowser 2017-04-28 08:04:20 : [scan.folders] - Found C:\Program Files (x86)\Tencent 2017-04-28 08:04:20 : [scan.folders] - Found C:\Program Files (x86)\WinSaber 2017-04-28 08:04:20 : [scan.folders] - Found C:\Program Files (x86)\winsaber 2017-04-28 08:04:20 : [scan.folders] - Found C:\Program Files (x86)\Allhair 2017-04-28 08:04:20 : [scan.folders] - Found C:\Program Files (x86)\InterHop 2017-04-28 08:04:20 : [scan.folders] - Found C:\Program Files (x86)\WinArcher 2017-04-28 08:04:20 : [scan.folders] - Found C:\Program Files (x86)\UvConverter 2017-04-28 08:04:20 : [scan.folders] - Found C:\Program Files (x86)\winarcher 2017-04-28 08:04:20 : [scan.folders] - Found C:\Program Files (x86)\Gubed 2017-04-28 08:04:20 : [scan.folders] - Found C:\Program Files (x86)\Gub 2017-04-28 08:04:21 : [scan.folders] - Found C:\Program Files (x86)\BikaQRssReader 2017-04-28 08:04:21 : [scan.folders] - Found C:\Program Files (x86)\Skusenzecult 2017-04-28 08:04:21 : [scan.folders] - Found C:\Program Files (x86)\bilibili 2017-04-28 08:04:21 : [scan.folders] - Found C:\Program Files (x86)\BikaQRss 2017-04-28 08:04:21 : [scan.folders] - Found C:\Program Files (x86)\Coldmay 2017-04-28 08:04:21 : [scan.folders] - Found C:\Program Files (x86)\Common Files\Tencent 2017-04-28 08:04:22 : [scan.folders] - Found C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent 2017-04-28 08:04:22 : [scan.folders] - Found C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\aMule 2017-04-28 08:04:23 : [scan.folders] - Found C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC 2017-04-28 08:04:23 : [scan.folders] - Found C:\Users\Public\Documents\dmp 2017-04-28 08:04:23 : [scan.folders] - Found C:\Program Files (x86)\Firefox 2017-04-28 08:04:23 : [scan.folders] - Found C:\ProgramData\WinTools 2017-04-28 08:04:23 : [scan.folders] - Found C:\Users\USER\AppData\Roaming\WinSnare 2017-04-28 08:04:23 : [scan.folders] - Found C:\Program Files (x86)\reports 2017-04-28 08:04:23 : [scan.folders] - Found C:\Users\USER\AppData\Roaming\Firefox 2017-04-28 08:04:23 : [scan.folders] - Found C:\Users\USER\AppData\Local\Firefox 2017-04-28 08:04:23 : [scan.folders] - Found C:\Users\USER\AppData\Roaming\clean 2017-04-28 08:04:23 : [scan.folders] - Found C:\UPDATE\PSGO 2017-04-28 08:04:23 : [scan.folders] - Found C:\Users\USER\AppData\Local\SNARE 2017-04-28 08:04:23 : [scan.folders] - Found C:\Users\USER\AppData\Local\Kitty 2017-04-28 08:04:23 : [scan.folders] - Found C:\Windows\Update\psgo 2017-04-28 08:04:23 : [scan.folders] - Stopping folders scan 2017-04-28 08:04:23 : [scan.folders] - 81 malicious folders found 2017-04-28 08:04:23 : [scan] - Progress: 50% 2017-04-28 08:04:23 : [scan.files] - Starting files scan 2017-04-28 08:04:24 : [scan.files] - Found C:\Windows\SysNative\log\iSafeKrnlCall.log 2017-04-28 08:04:24 : [scan.files] - Found C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys 2017-04-28 08:04:24 : [scan.files] - Found C:\Windows\SysNative\drivers\iSafeNetFilter.sys 2017-04-28 08:04:24 : [scan.files] - Found C:\Windows\SysNative\drivers\TFsFltX64.sys 2017-04-28 08:04:24 : [scan.files] - Found C:\Windows\SysNative\drivers\TAOKernelEx64.sys 2017-04-28 08:04:25 : [scan.files] - Found C:\Users\Public\Desktop\YTD Video Downloader.lnk 2017-04-28 08:04:26 : [scan.files] - Found C:\Program Files (x86)\Common Files\SERVICES\ITHEMES.DLL 2017-04-28 08:04:26 : [scan.files] - Found C:\Program Files (x86)\settings.dat 2017-04-28 08:04:26 : [scan.files] - Found C:\Users\Public\Documents\cfg.ini 2017-04-28 08:04:26 : [scan.files] - Found C:\Users\Public\Documents\cc.ini 2017-04-28 08:04:26 : [scan.files] - Found C:\Users\Public\Documents\temp.dat 2017-04-28 08:04:26 : [scan.files] - Found C:\Users\Public\Documents\report.dat 2017-04-28 08:04:26 : [scan.files] - Found C:\Users\Public\Desktop\FLV Player.lnk 2017-04-28 08:04:26 : [scan.files] - Found C:\Users\USER\AppData\Local\AMD\amd.exe 2017-04-28 08:04:26 : [scan.files] - Stopping files scan 2017-04-28 08:04:26 : [scan.files] - 15 malicious files found 2017-04-28 08:04:26 : [scan] - Progress: 55% 2017-04-28 08:04:26 : [scan.dll] - Starting DLL scan 2017-04-28 08:04:26 : [scan.dll] - Stopping DLL scan 2017-04-28 08:04:26 : [scan.dll] - 0 malicious DLL found 2017-04-28 08:04:26 : [scan] - Progress: 60% 2017-04-28 08:04:26 : [scan.wmi] - Starting WMI scan 2017-04-28 08:04:27 : [scan.wmi] - Stopping WMI scan 2017-04-28 08:04:27 : [scan.wmi] - 0 malicious WMI found 2017-04-28 08:04:27 : [scan] - Progress: 65% 2017-04-28 08:04:27 : [scan.shortcuts] - Starting shortcuts scan 2017-04-28 08:04:29 : [scan.shortcuts] - Found C:\USERs\USER\Desktop\chrome.exe - Shortcut (2).lnk [http://www.ourluckysites.com/?type=sc&ts=1493101566&z=6cfc98e90f4a9d90c8b9b77gaz7t6c4gfeegbw5w0c&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT] 2017-04-28 08:04:29 : [scan.shortcuts] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [http://www.mylucky123.com/?type=sc&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT] 2017-04-28 08:04:29 : [scan.shortcuts] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\chrome.exe - Shortcut (2).lnk [http://www.ourluckysites.com/?type=sc&ts=1493101566&z=6cfc98e90f4a9d90c8b9b77gaz7t6c4gfeegbw5w0c&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT] 2017-04-28 08:04:30 : [scan.shortcuts] - Stopping shortcuts scan 2017-04-28 08:04:30 : [scan.shortcuts] - 3 malicious shortcuts found 2017-04-28 08:04:30 : [scan] - Progress: 70% 2017-04-28 08:04:30 : [scan.tasks] - Starting tasks scan 2017-04-28 08:04:30 : [scan.tasks] - Found ByteFence 2017-04-28 08:04:30 : [scan.tasks] - Found Browser Updater Task(Core) 2017-04-28 08:04:30 : [scan.tasks] - Found WinTOOL 2017-04-28 08:04:30 : [scan.tasks] - Found Milimili 2017-04-28 08:04:30 : [scan.tasks] - Found RedjaneUpdateTaskMachineUA 2017-04-28 08:04:30 : [scan.tasks] - Found RedjaneUpdateTaskMachineCore 2017-04-28 08:04:30 : [scan.tasks] - Found Windows-PG 2017-04-28 08:04:30 : [scan.tasks] - Stopping tasks scan 2017-04-28 08:04:30 : [scan.tasks] - 8 malicious tasks found 2017-04-28 08:04:30 : [scan] - Progress: 75% 2017-04-28 08:04:30 : [scan.registry] - Starting registry scan [1] 2017-04-28 08:04:36 : [scan.registry] - Stopping registry scan [1] 2017-04-28 08:04:36 : [scan.registry] - Starting registry scan [2] 2017-04-28 08:04:37 : [scan.registry] - Found {51BEE30D-EEC8-4BA3-930B-298B8E759EB1} 2017-04-28 08:04:37 : [scan.registry] - Found 3045035B-3C14-4698-8AC4-ADB18CC42C1E 2017-04-28 08:04:37 : [scan.registry] - Found {70DE12EA-79F4-46BC-9812-86DB50A2FD64} 2017-04-28 08:04:37 : [scan.registry] - Found {03AE1B7B-A9E7-4D5A-9D34-89999C31B659} 2017-04-28 08:04:38 : [scan.registry] - Found {E7270EC6-0113-4A78-B610-E501D0A9E48E} 2017-04-28 08:04:38 : [scan.registry] - Found {357D32FC-F0AE-4B37-B36F-D44AA31496F5} 2017-04-28 08:04:38 : [scan.registry] - Found {80B3B43F-7508-4627-BE66-00FB9AE5EE72} 2017-04-28 08:04:38 : [scan.registry] - Found {5A83D7C9-4A14-4000-BC05-389268238753} 2017-04-28 08:04:39 : [scan.registry] - Found {29B6CFD5-0064-411A-8C42-9890C83F9921} 2017-04-28 08:04:45 : [scan.registry] - Stopping registry scan [2] 2017-04-28 08:04:45 : [scan.registry] - Starting registry scan [3] 2017-04-28 08:04:45 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-04-28 08:04:45 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-04-28 08:04:46 : [scan.registry] - Found PRODUCTSETUP 2017-04-28 08:04:46 : [scan.registry] - Found WajIEnhance 2017-04-28 08:04:46 : [scan.registry] - Found csastats 2017-04-28 08:04:46 : [scan.registry] - Found WinSnare 2017-04-28 08:04:46 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-04-28 08:04:46 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-04-28 08:04:47 : [scan.registry] - Found PRODUCTSETUP 2017-04-28 08:04:47 : [scan.registry] - Found WajIEnhance 2017-04-28 08:04:47 : [scan.registry] - Found csastats 2017-04-28 08:04:47 : [scan.registry] - Found WinSnare 2017-04-28 08:04:47 : [scan.registry] - Found ByteFence 2017-04-28 08:04:47 : [scan.registry] - Found hdcode 2017-04-28 08:04:47 : [scan.registry] - Found yessearchesSoftware 2017-04-28 08:04:47 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-04-28 08:04:47 : [scan.registry] - Found Social2Sear 2017-04-28 08:04:47 : [scan.registry] - Found {E6276374-DE18-4AA5-A365-9016A2F98A2D} 2017-04-28 08:04:47 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-04-28 08:04:47 : [scan.registry] - Found ScreenShot 2017-04-28 08:04:47 : [scan.registry] - Found WinZiper 2017-04-28 08:04:47 : [scan.registry] - Found WinSaberSvc 2017-04-28 08:04:47 : [scan.registry] - Found InterHop 2017-04-28 08:04:47 : [scan.registry] - Found WinArcher 2017-04-28 08:04:47 : [scan.registry] - Found amule-custom 2017-04-28 08:04:47 : [scan.registry] - Found mylucky123Software 2017-04-28 08:04:47 : [scan.registry] - Found UvConverter 2017-04-28 08:04:47 : [scan.registry] - Found UvConv 2017-04-28 08:04:47 : [scan.registry] - Found ourluckysitesSoftware 2017-04-28 08:04:47 : [scan.registry] - Found ByteFence 2017-04-28 08:04:47 : [scan.registry] - Found {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} 2017-04-28 08:04:47 : [scan.registry] - Found {A0275D4F-FFAB-4A42-9874-B871B1C4CA3D} 2017-04-28 08:04:47 : [scan.registry] - Found {19539992-061C-4E8B-9053-07B175303AF4} 2017-04-28 08:04:47 : [scan.registry] - Found Corner Sunshine 2017-04-28 08:04:48 : [scan.registry] - Found PRODUCTSETUP 2017-04-28 08:04:48 : [scan.registry] - Found WajIEnhance 2017-04-28 08:04:48 : [scan.registry] - Found csastats 2017-04-28 08:04:48 : [scan.registry] - Found WinSnare 2017-04-28 08:04:48 : [scan.registry] - Found ByteFence 2017-04-28 08:04:48 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-04-28 08:04:48 : [scan.registry] - Found Social2Sear 2017-04-28 08:04:48 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-04-28 08:04:48 : [scan.registry] - Found InterSect Alliance 2017-04-28 08:04:48 : [scan.registry] - Found Corner Sunshine 2017-04-28 08:04:48 : [scan.registry] - Stopping registry scan [3] 2017-04-28 08:04:48 : [scan] - Progress: 80% 2017-04-28 08:04:48 : [scan.registry] - Starting registry scan [4] 2017-04-28 08:04:49 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-28 08:04:49 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-28 08:04:49 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-28 08:04:49 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-28 08:04:49 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-28 08:04:49 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-28 08:04:49 : [scan.registry] - Found 29993591C160B8E40935701B5703A34F 2017-04-28 08:04:49 : [scan.registry] - Found B68CE107A2DED706DC47D6BC4BF3C4C1 2017-04-28 08:04:49 : [scan.registry] - Found 9C767D9D7BB3F9C4B839FF09B6C80DCF 2017-04-28 08:04:49 : [scan.registry] - Found 4EE2F0310EBEC29A0C48C035C43786AA 2017-04-28 08:04:49 : [scan.registry] - Found 4B2A47D6F1D42DD81A292C027724D291 2017-04-28 08:04:49 : [scan.registry] - Found 02C076B2283AB74D88D5E4D34BC497FF 2017-04-28 08:04:49 : [scan.registry] - Found 29993591C160B8E40935701B5703A34F 2017-04-28 08:04:49 : [scan.registry] - Found FFA0118CE95AE0D70F14E7E8A72452C8 2017-04-28 08:04:49 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-28 08:04:49 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-28 08:04:49 : [scan.registry] - Found 29993591C160B8E40935701B5703A34F 2017-04-28 08:04:49 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-28 08:04:49 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-28 08:04:49 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-28 08:04:49 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-28 08:04:49 : [scan.registry] - Stopping registry scan [4] 2017-04-28 08:04:49 : [scan.registry] - Starting registry scan [5] 2017-04-28 08:04:49 : [scan.registry] - Found HKU\S-1-5-21-164198420-4263444884-1301349549-1001\Software\Microsoft\Internet Explorer\Main Start Page https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro 2017-04-28 08:04:49 : [scan.registry] - Found HKU\S-1-5-21-164198420-4263444884-1301349549-1001\Software\Microsoft\Internet Explorer\Main Default_Page_URL http://www.mylucky123.com/?type=hp&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT 2017-04-28 08:04:49 : [scan.registry] - Found HKCU\Software\Microsoft\Internet Explorer\Main Start Page https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro 2017-04-28 08:04:49 : [scan.registry] - Found HKCU\Software\Microsoft\Internet Explorer\Main Default_Page_URL http://www.mylucky123.com/?type=hp&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT 2017-04-28 08:04:49 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Internet Explorer\Main Default_Search_URL http://www.mylucky123.com/search/?type=ds&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT&q={searchTerms} 2017-04-28 08:04:49 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Internet Explorer\Main Default_Page_URL http://www.mylucky123.com/?type=hp&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT 2017-04-28 08:04:49 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Internet Explorer\Main Start Page https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro 2017-04-28 08:04:49 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Internet Explorer\Main Search Page http://www.mylucky123.com/search/?type=ds&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT&q={searchTerms} 2017-04-28 08:04:49 : [scan.registry] - Found HKCU64\Software\Microsoft\Internet Explorer\Main Start Page https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro 2017-04-28 08:04:49 : [scan.registry] - Found HKCU64\Software\Microsoft\Internet Explorer\Main Default_Page_URL http://www.mylucky123.com/?type=hp&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT 2017-04-28 08:04:49 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Default_Search_URL http://www.mylucky123.com/search/?type=ds&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT&q={searchTerms} 2017-04-28 08:04:49 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Default_Page_URL http://www.mylucky123.com/?type=hp&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT 2017-04-28 08:04:49 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Start Page https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro 2017-04-28 08:04:49 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Search Page http://www.mylucky123.com/search/?type=ds&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT&q={searchTerms} 2017-04-28 08:04:49 : [scan.registry] - Stopping registry scan [5] 2017-04-28 08:04:49 : [scan] - Progress: 82% 2017-04-28 08:04:49 : [scan.registry] - Starting registry scan [6] 2017-04-28 08:04:49 : [scan.registry] - Stopping registry scan [6] 2017-04-28 08:04:49 : [scan.registry] - Starting registry scan [7] 2017-04-28 08:04:49 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-04-28 08:04:49 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-04-28 08:04:49 : [scan.registry] - Found HKU\S-1-5-21-164198420-4263444884-1301349549-1001\Software\Microsoft\Internet Explorer\SearchScopes\ 2017-04-28 08:04:49 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-04-28 08:04:49 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-04-28 08:04:49 : [scan.registry] - Found HKCU\Software\Microsoft\Internet Explorer\SearchScopes\ 2017-04-28 08:04:49 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-04-28 08:04:49 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-04-28 08:04:49 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ 2017-04-28 08:04:49 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-04-28 08:04:49 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-04-28 08:04:49 : [scan.registry] - Found HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\ 2017-04-28 08:04:49 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-04-28 08:04:49 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-04-28 08:04:49 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ 2017-04-28 08:04:49 : [scan.registry] - Stopping registry scan [7] 2017-04-28 08:04:49 : [scan.registry] - Starting registry scan [8] 2017-04-28 08:04:49 : [scan.registry] - Stopping registry scan [8] 2017-04-28 08:04:49 : [scan] - Progress: 84% 2017-04-28 08:04:49 : [scan.registry] - Starting registry scan [9] 2017-04-28 08:04:49 : [scan.registry] - Found HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 2017-04-28 08:04:49 : [scan.registry] - Found HKLM64\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 2017-04-28 08:04:49 : [scan.registry] - Stopping registry scan [9] 2017-04-28 08:04:49 : [scan.registry] - Starting registry scan [10] 2017-04-28 08:04:49 : [scan.registry] - Stopping registry scan [10] 2017-04-28 08:04:49 : [scan.registry] - Starting registry scan [11] 2017-04-28 08:04:49 : [scan.registry] - Stopping registry scan [11] 2017-04-28 08:04:49 : [scan.registry] - Starting registry scan [12] 2017-04-28 08:04:49 : [scan.registry] - Stopping registry scan [12] 2017-04-28 08:04:49 : [scan.registry] - Starting registry scan [13] 2017-04-28 08:04:49 : [scan.registry] - Stopping registry scan [13] 2017-04-28 08:04:49 : [scan.registry] - Starting registry scan [14] 2017-04-28 08:04:49 : [scan.registry] - Stopping registry scan [14] 2017-04-28 08:04:49 : [scan.registry] - Starting registry scan [15] 2017-04-28 08:04:49 : [scan.registry] - Stopping registry scan [15] 2017-04-28 08:04:49 : [scan.registry] - Starting registry scan [16] 2017-04-28 08:04:49 : [scan.registry] - Stopping registry scan [16] 2017-04-28 08:04:49 : [scan.registry] - Starting registry scan [17] 2017-04-28 08:04:49 : [scan.registry] - Stopping registry scan [17] 2017-04-28 08:04:49 : [scan.registry] - Starting registry scan [18] 2017-04-28 08:04:49 : [scan.registry] - Found gplyra 2017-04-28 08:04:49 : [scan.registry] - Found gplyra 2017-04-28 08:04:49 : [scan.registry] - Found gplyra 2017-04-28 08:04:49 : [scan.registry] - Stopping registry scan [18] 2017-04-28 08:04:49 : [scan] - Progress: 86% 2017-04-28 08:04:49 : [scan.registry] - Starting registry scan [19] 2017-04-28 08:04:49 : [scan.registry] - Found HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE 2017-04-28 08:04:49 : [scan.registry] - Found HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper 2017-04-28 08:04:49 : [scan.registry] - Found HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper 2017-04-28 08:04:49 : [scan.registry] - Found HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper 2017-04-28 08:04:49 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP 2017-04-28 08:04:49 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP 2017-04-28 08:04:49 : [scan.registry] - Found HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-04-28 08:04:49 : [scan.registry] - Found HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-04-28 08:04:49 : [scan.registry] - Found HKEY_CLASSES_ROOT\.qmgc 2017-04-28 08:04:49 : [scan.registry] - Found HKLM\SOFTWARE\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E 2017-04-28 08:04:49 : [scan.registry] - Found HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-04-28 08:04:49 : [scan.registry] - Found HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-04-28 08:04:49 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost WinSAPSvc 2017-04-28 08:04:49 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost ArcherGroupEx 2017-04-28 08:04:49 : [scan.registry] - Found HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper 2017-04-28 08:04:49 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Services\Themes DependOnService 2017-04-28 08:04:49 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost GubedZLGroupEx 2017-04-28 08:04:49 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost GubZLGroEx 2017-04-28 08:04:49 : [scan.registry] - Found HKCU\SOFTWARE\Classes\ChromeHTML 2017-04-28 08:04:49 : [scan.registry] - Found HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML 2017-04-28 08:04:49 : [scan.registry] - Stopping registry scan [19] 2017-04-28 08:04:49 : [scan] - Progress: 88% 2017-04-28 08:04:49 : [scan.registry] - 140 malicious registry element found 2017-04-28 08:04:49 : [scan] - Progress: 90% 2017-04-28 08:04:49 : [main] - Firefox is installed: True 2017-04-28 08:04:49 : [scan.firefox] - Starting Firefox based browsers scan [1] 2017-04-28 08:04:51 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\Extensions\arthurj8283@gmail.com 2017-04-28 08:04:51 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com] 2017-04-28 08:04:53 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com] 2017-04-28 08:04:54 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com] 2017-04-28 08:04:54 : [scan.firefox] - Stopping Firefox based browsers scan [1] 2017-04-28 08:04:54 : [scan.firefox] - Starting Firefox based browsers scan [2] 2017-04-28 08:04:54 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\nice.xml 2017-04-28 08:04:54 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\mylucky123.xml 2017-04-28 08:04:54 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\yahoo! powered search.xml 2017-04-28 08:04:54 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\amisites.xml 2017-04-28 08:04:54 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\startpageing123.xml 2017-04-28 08:04:54 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\luck.xml 2017-04-28 08:04:54 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\ourluckysites.xml 2017-04-28 08:04:55 : [scan.firefox] - Stopping Firefox based browsers scan [2] 2017-04-28 08:04:55 : [scan] - Progress: 92% 2017-04-28 08:04:55 : [scan.firefox] - Starting Firefox based browsers scan [3] 2017-04-28 08:04:55 : [scan.firefox] - Reading C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\prefs.js 2017-04-28 08:04:55 : [scan.firefox] - Found "browser.search.selectedEngine" - "Yahoo! Powered Search" 2017-04-28 08:04:55 : [scan.firefox] - Found "browser.search.searchengine.url" - "http://www.luckysearch123.com/search.php?type=ds&ts=1489036179&from=5fdc0308&uid=toshibaxmq01abd100_35ilpkumtxx35ilpkumt&z=089d55749609940b66ce91dgfz3b3t8eac6qegfqam&q={searchTerms}" 2017-04-28 08:04:55 : [scan.firefox] - Found "browser.search.defaultenginename" - "Yahoo! Powered Search" 2017-04-28 08:04:55 : [scan.firefox] - Found "browser.newtab.url" - "http://www.nicesearches.com?type=hp&ts=1478740517&from=ead80003&uid=toshibaxmq01abd100_35ilpkumtxx35ilpkumt&z=4bfed39884d9632aea37899gcz0m0b7mez5edw5gaz" 2017-04-28 08:04:55 : [scan.firefox] - Found "browser.search.order.1" - "nice" 2017-04-28 08:04:55 : [scan.firefox] - Found "browser.search.searchengine.iconURL" - "http://www.luckysearch123.com/favicon.ico?t=1" 2017-04-28 08:04:55 : [scan.firefox] - Found "browser.startup.homepage" - "https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro" 2017-04-28 08:04:55 : [scan.firefox] - Reading C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\user.js 2017-04-28 08:04:55 : [scan.firefox] - No profile to scan, skipping 2017-04-28 08:04:55 : [scan.firefox] - No profile to scan, skipping 2017-04-28 08:04:55 : [scan.firefox] - No profile to scan, skipping 2017-04-28 08:04:55 : [scan] - Progress: 94% 2017-04-28 08:04:55 : [scan.firefox] - Stopping Firefox based browsers scan [3] 2017-04-28 08:04:55 : [scan.firefox] - 7 malicious Firefox preferences found 2017-04-28 08:04:55 : [scan] - Progress: 95% 2017-04-28 08:04:55 : [main] - Chrome is installed: True 2017-04-28 08:04:55 : [scan.chromium] - Starting Chromium based browsers scan [1] 2017-04-28 08:04:56 : [scan.chromium] - Found HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-04-28 08:04:56 : [scan.chromium] - Found HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-04-28 08:04:56 : [scan.chromium] - Found HKCU64\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-04-28 08:04:56 : [scan.chromium] - Found HKLM64\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-04-28 08:04:56 : [scan.chromium] - Stopping Chromium based browsers scan [1] 2017-04-28 08:04:56 : [scan] - Progress: 97% 2017-04-28 08:04:56 : [scan.chromium] - Starting Chromium based browsers scan [2] 2017-04-28 08:04:56 : [scan.chromium] - No profile to scan, skipping 2017-04-28 08:04:56 : [scan.chromium] - Opening C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Data 2017-04-28 08:04:56 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] uk.ask.com 2017-04-28 08:04:56 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] yessearches 2017-04-28 08:04:56 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] mylucky123 2017-04-28 08:04:56 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] nice 2017-04-28 08:04:56 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] ourluckysites 2017-04-28 08:04:56 : [scan.chromium] - Closing C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Data 2017-04-28 08:04:56 : [scan.chromium] - Opening C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences 2017-04-28 08:04:58 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [startup_urls] http://www.nicesearches.com?type=hp&ts=1478740517&from=ead80003&uid=toshibaxmq01abd100_35ilpkumtxx35ilpkumt&z=4bfed39884d9632aea37899gcz0m0b7mez5edw5gaz 2017-04-28 08:04:58 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [favicon_url] http://www.mylucky123.com/searchfavicon.ico 2017-04-28 08:04:58 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [Extensions] pilplloabdedfmialnfchjomjmpjcoej 2017-04-28 08:04:58 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [Homepage] http://www.nicesearches.com?type=hp&ts=1478740517&from=ead80003&uid=toshibaxmq01abd100_35ilpkumtxx35ilpkumt&z=4bfed39884d9632aea37899gcz0m0b7mez5edw5gaz 2017-04-28 08:04:58 : [scan.chromium] - No profile to scan, skipping 2017-04-28 08:04:58 : [scan.chromium] - No profile to scan, skipping 2017-04-28 08:04:58 : [scan.chromium] - No profile to scan, skipping 2017-04-28 08:04:58 : [scan.chromium] - No profile to scan, skipping 2017-04-28 08:04:58 : [scan.chromium] - No profile to scan, skipping 2017-04-28 08:04:58 : [scan.chromium] - Stopping Chromium based browsers scan [2] 2017-04-28 08:04:58 : [scan] - Progress: 99% 2017-04-28 08:04:58 : [scan.chromium] - Starting Chromium based browsers scan [3] 2017-04-28 08:04:58 : [scan.chromium] - Stopping Chromium based browsers scan [3] 2017-04-28 08:04:58 : [scan.chromium] - 9 malicious Chromium preferences elements found 2017-04-28 08:04:58 : [scan] - Progress: 100% 2017-04-28 08:04:58 : [scan] - Stopping scan 2017-04-28 08:05:11 : [main.com] - COM Error: 80020009 - Exception occurred. 2017-04-28 08:05:11 : [main.stats] - Error while sending stats 2017-04-28 08:05:46 : [main.gui] - Clean requested 2017-04-28 08:05:48 : [main.gui] - Killing all processes 2017-04-28 08:05:48 : [main] - Killing [System Process](0) 2017-04-28 08:05:48 : [main] - Killing System(4) 2017-04-28 08:05:48 : [main] - smss.exe - (4) not killed - whitelisted 2017-04-28 08:05:48 : [main] - csrss.exe - (4) not killed - whitelisted 2017-04-28 08:05:48 : [main] - wininit.exe - (4) not killed - whitelisted 2017-04-28 08:05:48 : [main] - services.exe - (4) not killed - whitelisted 2017-04-28 08:05:48 : [main] - lsass.exe - (4) not killed - whitelisted 2017-04-28 08:05:48 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:05:48 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:05:48 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:05:48 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:05:48 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:05:48 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:05:48 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:05:48 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:05:48 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:05:48 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:05:48 : [main] - dasHost.exe - (4) not killed - whitelisted 2017-04-28 08:05:48 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:05:48 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:05:48 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:05:48 : [main] - WmiPrvSE.exe - (4) not killed - whitelisted 2017-04-28 08:05:48 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:05:48 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:05:48 : [main] - LMS.exe - (4) not killed - whitelisted 2017-04-28 08:05:48 : [main] - Killing HPSIsvc.exe(4468) 2017-04-28 08:05:48 : [main] - Killing Allhair.exe(4052) 2017-04-28 08:05:48 : [main] - Killing UvConverter.exe(1180) 2017-04-28 08:05:48 : [main] - csrss.exe - (1180) not killed - whitelisted 2017-04-28 08:05:48 : [main] - winlogon.exe - (1180) not killed - whitelisted 2017-04-28 08:05:48 : [main] - dwm.exe - (1180) not killed - whitelisted 2017-04-28 08:05:48 : [main] - Killing SearchIndexer.exe(4208) 2017-04-28 08:05:48 : [main] - Killing taskhostex.exe(740) 2017-04-28 08:05:48 : [main] - explorer.exe - (740) not killed - whitelisted 2017-04-28 08:05:48 : [main] - Killing SMΔRTP.exe(4720) 2017-04-28 08:05:48 : [main] - Killing AsusTPLoader.exe(2228) 2017-04-28 08:05:48 : [main] - Killing GoogleCrashHandler.exe(2248) 2017-04-28 08:05:48 : [main] - Killing GoogleCrashHandler64.exe(4696) 2017-04-28 08:05:48 : [main] - Killing DptfPolicyLpmServiceHelper.exe(2332) 2017-04-28 08:05:48 : [main] - Killing reader_sl.exe(1592) 2017-04-28 08:05:48 : [main] - Killing avgas.exe(3240) 2017-04-28 08:05:48 : [main] - Killing audiodg.exe(3184) 2017-04-28 08:05:48 : [main] - Killing CCleaner64.exe(1532) 2017-04-28 08:05:48 : [main] - svchost.exe - (1532) not killed - whitelisted 2017-04-28 08:05:48 : [main] - Killing SmadavProtect64.exe(668) 2017-04-28 08:05:48 : [main] - Killing RAVCpl64.exe(604) 2017-04-28 08:05:48 : [main] - Killing nvvsvc.exe(4320) 2017-04-28 08:05:48 : [main] - Killing nvxdsync.exe(2060) 2017-04-28 08:05:49 : [main] - Killing nvvsvc.exe(2324) 2017-04-28 08:05:49 : [main] - WmiPrvSE.exe - (2324) not killed - whitelisted 2017-04-28 08:05:49 : [main] - Killing ByteFence.exe(4780) 2017-04-28 08:05:49 : [main] - adwcleaner_6.046.exe - (4780) not killed - whitelisted 2017-04-28 08:05:49 : [main] - Killing rsLggr.exe(4200) 2017-04-28 08:05:49 : [main] - Killing BrowserUpdate.exe(2028) 2017-04-28 08:05:49 : [main] - Killing CompatTelRunner.exe(4248) 2017-04-28 08:05:49 : [main] - conhost.exe - (4248) not killed - whitelisted 2017-04-28 08:05:49 : [main] - Killing CompatTelRunner.exe(2244) 2017-04-28 08:05:49 : [main] - Killing rundll32.exe(3760) 2017-04-28 08:05:49 : [main] - Killing WSHost.exe(3236) 2017-04-28 08:05:49 : [main] - svchost.exe - (3236) not killed - whitelisted 2017-04-28 08:05:49 : [main] - Killing SearchProtocolHost.exe(0) 2017-04-28 08:05:49 : [main] - Killing SearchFilterHost.exe(0) 2017-04-28 08:05:49 : [main] - Killing rsEngineHelper.exe(4480) 2017-04-28 08:05:49 : [main] - conhost.exe - (4480) not killed - whitelisted 2017-04-28 08:05:49 : [quarantine] - Quarantine database successfully opened 2017-04-28 08:05:49 : [clean] - Progress: 0% 2017-04-28 08:05:49 : [clean.services] - Starting services clean 2017-04-28 08:05:49 : [clean.services] - Nothing to clean. 2017-04-28 08:05:49 : [clean.services] - Stopping services clean 2017-04-28 08:05:49 : [clean] - Progress: 10% 2017-04-28 08:05:49 : [clean.folders] - Starting folders clean 2017-04-28 08:13:14 : INFO [main] - >>>> STARTING <<<< 2017-04-28 08:13:14 : INFO [main] - Version: 6.046 2017-04-28 08:13:14 : INFO [main] - RAM Usage: 37 2017-04-28 08:13:14 : INFO [main] - OS: WIN_81 X64 2017-04-28 08:13:14 : [main.language] - Checking the language 2017-04-28 08:13:14 : [main.language] - Language found: en 2017-04-28 08:13:14 : [main.network] - Checking the network connectivity 2017-04-28 08:13:14 : [main.network] - Network connectivity status: True 2017-04-28 08:13:14 : [main.eula] - Checking for EULA agreement 2017-04-28 08:13:14 : [main.network] - Check for updates 2017-04-28 08:13:14 : [main.network] - Requesting the last release number 2017-04-28 08:13:14 : [main.network] - Failure when requesting the release number (13) 2017-04-28 08:13:14 : [main.gui] - GUI setup 2017-04-28 08:13:15 : [main.gui] - Languages setup 2017-04-28 08:13:15 : [main] - Chrome is installed: True 2017-04-28 08:13:15 : [main] - Firefox is installed: True 2017-04-28 08:13:15 : [main.gui] - Showing the gui 2017-04-28 08:13:17 : [main.gui] - Showing Options window 2017-04-28 08:13:24 : [main] - Saving current options to the configuration file 2017-04-28 08:13:27 : [main.gui] - Scan requested 2017-04-28 08:13:27 : [scan] - Running from: C:\AdwCleaner 2017-04-28 08:13:27 : [scan] - Progress: 0% 2017-04-28 08:13:27 : [database] - Using local database 2017-04-28 08:13:27 : [scan] - Progress: 5% 2017-04-28 08:13:27 : [database] - Initialize the database 2017-04-28 08:13:27 : [database] - Loading sqlite3.dll 2017-04-28 08:13:27 : [database] - Opening the database 2017-04-28 08:13:27 : [database] - Querying database's version 2017-04-28 08:13:27 : [database] - Loading internal data 2017-04-28 08:13:27 : [database] - Loading detections 2017-04-28 08:13:30 : [database] - Loading generics 2017-04-28 08:13:30 : [database] - Closing the database 2017-04-28 08:13:30 : [database] - Closing database 2017-04-28 08:13:30 : [database] - Unloading sqlite3.dll 2017-04-28 08:13:30 : [scan] - Progress: 15% 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [1] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [2] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [3] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [4] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [5] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [6] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [7] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [8] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [9] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [10] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [11] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [12] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [13] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [14] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [15] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [16] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [17] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [18] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [19] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [20] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [21] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [22] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [23] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [24] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [25] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [26] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [27] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [28] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [29] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [30] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [31] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [32] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [33] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [34] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [35] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [36] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [37] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [38] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [39] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [40] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [41] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [42] 2017-04-28 08:13:30 : [scan.generic] - Generating generic detections [43] 2017-04-28 08:13:31 : [scan.generic] - Generating generic detections [44] 2017-04-28 08:13:31 : [scan.generic] - Generating generic detections [45] 2017-04-28 08:13:31 : [scan.generic] - Generic detections generated 2017-04-28 08:13:31 : [scan] - Progress: 20% 2017-04-28 08:13:31 : [scan.generic] - Starting generic analysis 2017-04-28 08:13:31 : [scan.generic] - Found e2903e0f6f7551838556f4481716e1e5.sys 2017-04-28 08:13:32 : [scan.generic] - Found Browser Updater Task(Core) 2017-04-28 08:13:32 : [scan] - Progress: 30% 2017-04-28 08:13:32 : [scan.services] - Starting services scan [1] 2017-04-28 08:13:32 : [scan.registry] - Found winzipersvc 2017-04-28 08:13:32 : [scan.registry] - Found winzipersvc 2017-04-28 08:13:32 : [scan.registry] - Found qkseeService 2017-04-28 08:13:32 : [scan.registry] - Found qkseeService 2017-04-28 08:13:32 : [scan.registry] - Found ByteFenceService 2017-04-28 08:13:32 : [scan.registry] - Found ByteFenceService 2017-04-28 08:13:32 : [scan.registry] - Found WinSnare 2017-04-28 08:13:32 : [scan.registry] - Found WinSnare 2017-04-28 08:13:32 : [scan.registry] - Found SNARER 2017-04-28 08:13:32 : [scan.registry] - Found SNARER 2017-04-28 08:13:32 : [scan.registry] - Found SNARE 2017-04-28 08:13:32 : [scan.registry] - Found SNARE 2017-04-28 08:13:32 : [scan.services] - Stopping services scan [1] 2017-04-28 08:13:32 : [scan.services] - Starting services scan [2] 2017-04-28 08:13:33 : [scan.services] - Stopping services scan [2] 2017-04-28 08:13:33 : [scan.services] - 0 malicious services found 2017-04-28 08:13:33 : [scan] - Progress: 40% 2017-04-28 08:13:33 : [scan.folders] - Starting folders scan 2017-04-28 08:13:33 : [scan.folders] - Found C:\USERs\USER\AppData\Local\Coldmay 2017-04-28 08:13:33 : [scan.folders] - Found C:\USERs\USER\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD} 2017-04-28 08:13:33 : [scan.folders] - Found C:\USERs\USER\AppData\Local\SNARER 2017-04-28 08:13:34 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\cpuminer 2017-04-28 08:13:34 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\ImageCropResize 2017-04-28 08:13:34 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\WinZiper 2017-04-28 08:13:34 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\gplyra 2017-04-28 08:13:34 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Tencent 2017-04-28 08:13:34 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\WinSAPSvc 2017-04-28 08:13:34 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\WinSnare 2017-04-28 08:13:34 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Kyubey 2017-04-28 08:13:35 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YSPackage 2017-04-28 08:13:35 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2017-04-28 08:13:36 : [scan.folders] - Found C:\Program Files\ByteFence 2017-04-28 08:13:36 : [scan.folders] - Found C:\Program Files\Plumbytes Software 2017-04-28 08:13:37 : [scan.folders] - Found C:\Program Files\Common Files\Tencent 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\TXQMPC 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\QQBrowser 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\Tencent 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\ChelfNotify 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\Allhair 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\ytd video downloader 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\WinSAPSvc 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\BaofengUpdate_U 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\Redjane 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\chelfnotify 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\gjcfj 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\jcfjc 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\Application Data\TXQMPC 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\Application Data\QQBrowser 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\Application Data\Tencent 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\Application Data\ChelfNotify 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\Application Data\Allhair 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\Application Data\ytd video downloader 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\Application Data\WinSAPSvc 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\Application Data\BaofengUpdate_U 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\Application Data\Redjane 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\Application Data\chelfnotify 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\Application Data\gjcfj 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\Application Data\jcfjc 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sear 2017-04-28 08:13:38 : [scan.folders] - Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\GreenTree Applications 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\WinZipper 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\TData 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\CleanBrowser 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\QQBrowser 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\HomePageDefender 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\yesbnd 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\TXQQBrowser 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\Tencent 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\WinSaber 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\winsaber 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\Allhair 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\InterHop 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\WinArcher 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\UvConverter 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\winarcher 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\Gubed 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\Gub 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\BikaQRssReader 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\Skusenzecult 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\bilibili 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\BikaQRss 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\Coldmay 2017-04-28 08:13:39 : [scan.folders] - Found C:\Program Files (x86)\Common Files\Tencent 2017-04-28 08:13:41 : [scan.folders] - Found C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent 2017-04-28 08:13:41 : [scan.folders] - Found C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\aMule 2017-04-28 08:13:41 : [scan.folders] - Found C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC 2017-04-28 08:13:42 : [scan.folders] - Found C:\Users\Public\Documents\dmp 2017-04-28 08:13:42 : [scan.folders] - Found C:\Program Files (x86)\Firefox 2017-04-28 08:13:42 : [scan.folders] - Found C:\ProgramData\WinTools 2017-04-28 08:13:42 : [scan.folders] - Found C:\Users\USER\AppData\Roaming\WinSnare 2017-04-28 08:13:42 : [scan.folders] - Found C:\Program Files (x86)\reports 2017-04-28 08:13:42 : [scan.folders] - Found C:\Users\USER\AppData\Roaming\Firefox 2017-04-28 08:13:42 : [scan.folders] - Found C:\Users\USER\AppData\Local\Firefox 2017-04-28 08:13:42 : [scan.folders] - Found C:\Users\USER\AppData\Roaming\clean 2017-04-28 08:13:42 : [scan.folders] - Found C:\UPDATE\PSGO 2017-04-28 08:13:42 : [scan.folders] - Found C:\Users\USER\AppData\Local\SNARE 2017-04-28 08:13:42 : [scan.folders] - Found C:\Users\USER\AppData\Local\Kitty 2017-04-28 08:13:42 : [scan.folders] - Found C:\Windows\Update\psgo 2017-04-28 08:13:42 : [scan.folders] - Stopping folders scan 2017-04-28 08:13:42 : [scan.folders] - 82 malicious folders found 2017-04-28 08:13:42 : [scan] - Progress: 50% 2017-04-28 08:13:42 : [scan.files] - Starting files scan 2017-04-28 08:13:43 : [scan.files] - Found C:\Windows\SysNative\log\iSafeKrnlCall.log 2017-04-28 08:13:43 : [scan.files] - Found C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys 2017-04-28 08:13:43 : [scan.files] - Found C:\Windows\SysNative\drivers\iSafeNetFilter.sys 2017-04-28 08:13:43 : [scan.files] - Found C:\Windows\SysNative\drivers\TFsFltX64.sys 2017-04-28 08:13:43 : [scan.files] - Found C:\Windows\SysNative\drivers\TAOKernelEx64.sys 2017-04-28 08:13:43 : [scan.files] - Found C:\Users\Public\Desktop\YTD Video Downloader.lnk 2017-04-28 08:13:44 : [scan.files] - Found C:\Program Files (x86)\Common Files\SERVICES\ITHEMES.DLL 2017-04-28 08:13:44 : [scan.files] - Found C:\Program Files (x86)\settings.dat 2017-04-28 08:13:44 : [scan.files] - Found C:\Users\Public\Documents\cfg.ini 2017-04-28 08:13:44 : [scan.files] - Found C:\Users\Public\Documents\cc.ini 2017-04-28 08:13:44 : [scan.files] - Found C:\Users\Public\Documents\temp.dat 2017-04-28 08:13:44 : [scan.files] - Found C:\Users\Public\Documents\report.dat 2017-04-28 08:13:44 : [scan.files] - Found C:\Users\Public\Desktop\FLV Player.lnk 2017-04-28 08:13:44 : [scan.files] - Found C:\Users\USER\AppData\Local\AMD\amd.exe 2017-04-28 08:13:44 : [scan.files] - Stopping files scan 2017-04-28 08:13:44 : [scan.files] - 15 malicious files found 2017-04-28 08:13:44 : [scan] - Progress: 55% 2017-04-28 08:13:44 : [scan.dll] - Starting DLL scan 2017-04-28 08:13:44 : [scan.dll] - Stopping DLL scan 2017-04-28 08:13:44 : [scan.dll] - 0 malicious DLL found 2017-04-28 08:13:44 : [scan] - Progress: 60% 2017-04-28 08:13:44 : [scan.wmi] - Starting WMI scan 2017-04-28 08:13:44 : [scan.wmi] - Stopping WMI scan 2017-04-28 08:13:44 : [scan.wmi] - 0 malicious WMI found 2017-04-28 08:13:44 : [scan] - Progress: 65% 2017-04-28 08:13:44 : [scan.shortcuts] - Starting shortcuts scan 2017-04-28 08:13:45 : [scan.shortcuts] - Found C:\USERs\USER\Desktop\chrome.exe - Shortcut (2).lnk [http://www.ourluckysites.com/?type=sc&ts=1493101566&z=6cfc98e90f4a9d90c8b9b77gaz7t6c4gfeegbw5w0c&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT] 2017-04-28 08:13:45 : [scan.shortcuts] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [http://www.mylucky123.com/?type=sc&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT] 2017-04-28 08:13:45 : [scan.shortcuts] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\chrome.exe - Shortcut (2).lnk [http://www.ourluckysites.com/?type=sc&ts=1493101566&z=6cfc98e90f4a9d90c8b9b77gaz7t6c4gfeegbw5w0c&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT] 2017-04-28 08:13:45 : [scan.shortcuts] - Stopping shortcuts scan 2017-04-28 08:13:45 : [scan.shortcuts] - 3 malicious shortcuts found 2017-04-28 08:13:45 : [scan] - Progress: 70% 2017-04-28 08:13:45 : [scan.tasks] - Starting tasks scan 2017-04-28 08:13:45 : [scan.tasks] - Found ByteFence 2017-04-28 08:13:45 : [scan.tasks] - Found ByteFence Scan 2017-04-28 08:13:45 : [scan.tasks] - Found Browser Updater Task(Core) 2017-04-28 08:13:45 : [scan.tasks] - Found WinTOOL 2017-04-28 08:13:45 : [scan.tasks] - Found Milimili 2017-04-28 08:13:45 : [scan.tasks] - Found RedjaneUpdateTaskMachineUA 2017-04-28 08:13:45 : [scan.tasks] - Found RedjaneUpdateTaskMachineCore 2017-04-28 08:13:45 : [scan.tasks] - Found Windows-PG 2017-04-28 08:13:45 : [scan.tasks] - Stopping tasks scan 2017-04-28 08:13:45 : [scan.tasks] - 9 malicious tasks found 2017-04-28 08:13:45 : [scan] - Progress: 75% 2017-04-28 08:13:45 : [scan.registry] - Starting registry scan [1] 2017-04-28 08:13:50 : [scan.registry] - Stopping registry scan [1] 2017-04-28 08:13:50 : [scan.registry] - Starting registry scan [2] 2017-04-28 08:13:51 : [scan.registry] - Found {51BEE30D-EEC8-4BA3-930B-298B8E759EB1} 2017-04-28 08:13:51 : [scan.registry] - Found 3045035B-3C14-4698-8AC4-ADB18CC42C1E 2017-04-28 08:13:52 : [scan.registry] - Found {70DE12EA-79F4-46BC-9812-86DB50A2FD64} 2017-04-28 08:13:52 : [scan.registry] - Found {03AE1B7B-A9E7-4D5A-9D34-89999C31B659} 2017-04-28 08:13:52 : [scan.registry] - Found {E7270EC6-0113-4A78-B610-E501D0A9E48E} 2017-04-28 08:13:52 : [scan.registry] - Found {357D32FC-F0AE-4B37-B36F-D44AA31496F5} 2017-04-28 08:13:52 : [scan.registry] - Found {80B3B43F-7508-4627-BE66-00FB9AE5EE72} 2017-04-28 08:13:52 : [scan.registry] - Found {5A83D7C9-4A14-4000-BC05-389268238753} 2017-04-28 08:13:53 : [scan.registry] - Found {29B6CFD5-0064-411A-8C42-9890C83F9921} 2017-04-28 08:13:58 : [scan.registry] - Stopping registry scan [2] 2017-04-28 08:13:58 : [scan.registry] - Starting registry scan [3] 2017-04-28 08:13:58 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-04-28 08:13:58 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-04-28 08:14:00 : [scan.registry] - Found PRODUCTSETUP 2017-04-28 08:14:00 : [scan.registry] - Found WajIEnhance 2017-04-28 08:14:00 : [scan.registry] - Found csastats 2017-04-28 08:14:00 : [scan.registry] - Found WinSnare 2017-04-28 08:14:00 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-04-28 08:14:00 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-04-28 08:14:01 : [scan.registry] - Found PRODUCTSETUP 2017-04-28 08:14:01 : [scan.registry] - Found WajIEnhance 2017-04-28 08:14:01 : [scan.registry] - Found csastats 2017-04-28 08:14:01 : [scan.registry] - Found WinSnare 2017-04-28 08:14:01 : [scan.registry] - Found ByteFence 2017-04-28 08:14:01 : [scan.registry] - Found hdcode 2017-04-28 08:14:01 : [scan.registry] - Found yessearchesSoftware 2017-04-28 08:14:01 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-04-28 08:14:01 : [scan.registry] - Found Social2Sear 2017-04-28 08:14:01 : [scan.registry] - Found {E6276374-DE18-4AA5-A365-9016A2F98A2D} 2017-04-28 08:14:01 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-04-28 08:14:01 : [scan.registry] - Found ScreenShot 2017-04-28 08:14:01 : [scan.registry] - Found WinZiper 2017-04-28 08:14:01 : [scan.registry] - Found WinSaberSvc 2017-04-28 08:14:01 : [scan.registry] - Found InterHop 2017-04-28 08:14:01 : [scan.registry] - Found WinArcher 2017-04-28 08:14:01 : [scan.registry] - Found amule-custom 2017-04-28 08:14:01 : [scan.registry] - Found mylucky123Software 2017-04-28 08:14:01 : [scan.registry] - Found UvConverter 2017-04-28 08:14:01 : [scan.registry] - Found UvConv 2017-04-28 08:14:01 : [scan.registry] - Found ourluckysitesSoftware 2017-04-28 08:14:01 : [scan.registry] - Found ByteFence 2017-04-28 08:14:01 : [scan.registry] - Found {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} 2017-04-28 08:14:01 : [scan.registry] - Found {A0275D4F-FFAB-4A42-9874-B871B1C4CA3D} 2017-04-28 08:14:01 : [scan.registry] - Found {19539992-061C-4E8B-9053-07B175303AF4} 2017-04-28 08:14:01 : [scan.registry] - Found Corner Sunshine 2017-04-28 08:14:02 : [scan.registry] - Found PRODUCTSETUP 2017-04-28 08:14:02 : [scan.registry] - Found WajIEnhance 2017-04-28 08:14:02 : [scan.registry] - Found csastats 2017-04-28 08:14:02 : [scan.registry] - Found WinSnare 2017-04-28 08:14:02 : [scan.registry] - Found ByteFence 2017-04-28 08:14:02 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-04-28 08:14:02 : [scan.registry] - Found Social2Sear 2017-04-28 08:14:02 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-04-28 08:14:02 : [scan.registry] - Found InterSect Alliance 2017-04-28 08:14:02 : [scan.registry] - Found Corner Sunshine 2017-04-28 08:14:02 : [scan.registry] - Stopping registry scan [3] 2017-04-28 08:14:02 : [scan] - Progress: 80% 2017-04-28 08:14:02 : [scan.registry] - Starting registry scan [4] 2017-04-28 08:14:02 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-28 08:14:02 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-28 08:14:02 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-28 08:14:02 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-28 08:14:02 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-28 08:14:02 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-28 08:14:02 : [scan.registry] - Found 29993591C160B8E40935701B5703A34F 2017-04-28 08:14:02 : [scan.registry] - Found B68CE107A2DED706DC47D6BC4BF3C4C1 2017-04-28 08:14:02 : [scan.registry] - Found 9C767D9D7BB3F9C4B839FF09B6C80DCF 2017-04-28 08:14:02 : [scan.registry] - Found 4EE2F0310EBEC29A0C48C035C43786AA 2017-04-28 08:14:02 : [scan.registry] - Found 4B2A47D6F1D42DD81A292C027724D291 2017-04-28 08:14:02 : [scan.registry] - Found 02C076B2283AB74D88D5E4D34BC497FF 2017-04-28 08:14:02 : [scan.registry] - Found 29993591C160B8E40935701B5703A34F 2017-04-28 08:14:02 : [scan.registry] - Found FFA0118CE95AE0D70F14E7E8A72452C8 2017-04-28 08:14:02 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-28 08:14:02 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-28 08:14:02 : [scan.registry] - Found 29993591C160B8E40935701B5703A34F 2017-04-28 08:14:02 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-28 08:14:02 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-28 08:14:02 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-28 08:14:02 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-28 08:14:03 : [scan.registry] - Stopping registry scan [4] 2017-04-28 08:14:03 : [scan.registry] - Starting registry scan [5] 2017-04-28 08:14:03 : [scan.registry] - Found HKU\S-1-5-21-164198420-4263444884-1301349549-1001\Software\Microsoft\Internet Explorer\Main Start Page https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro 2017-04-28 08:14:03 : [scan.registry] - Found HKU\S-1-5-21-164198420-4263444884-1301349549-1001\Software\Microsoft\Internet Explorer\Main Default_Page_URL http://www.mylucky123.com/?type=hp&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT 2017-04-28 08:14:03 : [scan.registry] - Found HKCU\Software\Microsoft\Internet Explorer\Main Start Page https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro 2017-04-28 08:14:03 : [scan.registry] - Found HKCU\Software\Microsoft\Internet Explorer\Main Default_Page_URL http://www.mylucky123.com/?type=hp&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT 2017-04-28 08:14:03 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Internet Explorer\Main Default_Search_URL http://www.mylucky123.com/search/?type=ds&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT&q={searchTerms} 2017-04-28 08:14:03 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Internet Explorer\Main Default_Page_URL http://www.mylucky123.com/?type=hp&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT 2017-04-28 08:14:03 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Internet Explorer\Main Start Page https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro 2017-04-28 08:14:03 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Internet Explorer\Main Search Page http://www.mylucky123.com/search/?type=ds&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT&q={searchTerms} 2017-04-28 08:14:03 : [scan.registry] - Found HKCU64\Software\Microsoft\Internet Explorer\Main Start Page https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro 2017-04-28 08:14:03 : [scan.registry] - Found HKCU64\Software\Microsoft\Internet Explorer\Main Default_Page_URL http://www.mylucky123.com/?type=hp&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT 2017-04-28 08:14:03 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Default_Search_URL http://www.mylucky123.com/search/?type=ds&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT&q={searchTerms} 2017-04-28 08:14:03 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Default_Page_URL http://www.mylucky123.com/?type=hp&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT 2017-04-28 08:14:03 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Start Page https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro 2017-04-28 08:14:03 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Search Page http://www.mylucky123.com/search/?type=ds&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT&q={searchTerms} 2017-04-28 08:14:03 : [scan.registry] - Stopping registry scan [5] 2017-04-28 08:14:03 : [scan] - Progress: 82% 2017-04-28 08:14:03 : [scan.registry] - Starting registry scan [6] 2017-04-28 08:14:03 : [scan.registry] - Stopping registry scan [6] 2017-04-28 08:14:03 : [scan.registry] - Starting registry scan [7] 2017-04-28 08:14:03 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-04-28 08:14:03 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-04-28 08:14:03 : [scan.registry] - Found HKU\S-1-5-21-164198420-4263444884-1301349549-1001\Software\Microsoft\Internet Explorer\SearchScopes\ 2017-04-28 08:14:03 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-04-28 08:14:03 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-04-28 08:14:03 : [scan.registry] - Found HKCU\Software\Microsoft\Internet Explorer\SearchScopes\ 2017-04-28 08:14:03 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-04-28 08:14:03 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-04-28 08:14:03 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ 2017-04-28 08:14:03 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-04-28 08:14:03 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-04-28 08:14:03 : [scan.registry] - Found HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\ 2017-04-28 08:14:03 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-04-28 08:14:03 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-04-28 08:14:03 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ 2017-04-28 08:14:03 : [scan.registry] - Stopping registry scan [7] 2017-04-28 08:14:03 : [scan.registry] - Starting registry scan [8] 2017-04-28 08:14:03 : [scan.registry] - Stopping registry scan [8] 2017-04-28 08:14:03 : [scan] - Progress: 84% 2017-04-28 08:14:03 : [scan.registry] - Starting registry scan [9] 2017-04-28 08:14:03 : [scan.registry] - Found HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 2017-04-28 08:14:03 : [scan.registry] - Found HKLM64\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 2017-04-28 08:14:03 : [scan.registry] - Stopping registry scan [9] 2017-04-28 08:14:03 : [scan.registry] - Starting registry scan [10] 2017-04-28 08:14:03 : [scan.registry] - Stopping registry scan [10] 2017-04-28 08:14:03 : [scan.registry] - Starting registry scan [11] 2017-04-28 08:14:03 : [scan.registry] - Stopping registry scan [11] 2017-04-28 08:14:03 : [scan.registry] - Starting registry scan [12] 2017-04-28 08:14:03 : [scan.registry] - Stopping registry scan [12] 2017-04-28 08:14:03 : [scan.registry] - Starting registry scan [13] 2017-04-28 08:14:03 : [scan.registry] - Stopping registry scan [13] 2017-04-28 08:14:03 : [scan.registry] - Starting registry scan [14] 2017-04-28 08:14:03 : [scan.registry] - Stopping registry scan [14] 2017-04-28 08:14:03 : [scan.registry] - Starting registry scan [15] 2017-04-28 08:14:03 : [scan.registry] - Stopping registry scan [15] 2017-04-28 08:14:03 : [scan.registry] - Starting registry scan [16] 2017-04-28 08:14:03 : [scan.registry] - Stopping registry scan [16] 2017-04-28 08:14:03 : [scan.registry] - Starting registry scan [17] 2017-04-28 08:14:03 : [scan.registry] - Stopping registry scan [17] 2017-04-28 08:14:03 : [scan.registry] - Starting registry scan [18] 2017-04-28 08:14:03 : [scan.registry] - Found gplyra 2017-04-28 08:14:03 : [scan.registry] - Found gplyra 2017-04-28 08:14:03 : [scan.registry] - Found gplyra 2017-04-28 08:14:03 : [scan.registry] - Stopping registry scan [18] 2017-04-28 08:14:03 : [scan] - Progress: 86% 2017-04-28 08:14:03 : [scan.registry] - Starting registry scan [19] 2017-04-28 08:14:03 : [scan.registry] - Found HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE 2017-04-28 08:14:03 : [scan.registry] - Found HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper 2017-04-28 08:14:03 : [scan.registry] - Found HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper 2017-04-28 08:14:03 : [scan.registry] - Found HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper 2017-04-28 08:14:03 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP 2017-04-28 08:14:03 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP 2017-04-28 08:14:03 : [scan.registry] - Found HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-04-28 08:14:03 : [scan.registry] - Found HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-04-28 08:14:03 : [scan.registry] - Found HKEY_CLASSES_ROOT\.qmgc 2017-04-28 08:14:03 : [scan.registry] - Found HKLM\SOFTWARE\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E 2017-04-28 08:14:03 : [scan.registry] - Found HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan 2017-04-28 08:14:03 : [scan.registry] - Found HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-04-28 08:14:03 : [scan.registry] - Found HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-04-28 08:14:03 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost WinSAPSvc 2017-04-28 08:14:03 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost ArcherGroupEx 2017-04-28 08:14:03 : [scan.registry] - Found HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan 2017-04-28 08:14:03 : [scan.registry] - Found HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper 2017-04-28 08:14:03 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Services\Themes DependOnService 2017-04-28 08:14:03 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost GubedZLGroupEx 2017-04-28 08:14:03 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost GubZLGroEx 2017-04-28 08:14:03 : [scan.registry] - Found HKCU\SOFTWARE\Classes\ChromeHTML 2017-04-28 08:14:03 : [scan.registry] - Found HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML 2017-04-28 08:14:03 : [scan.registry] - Stopping registry scan [19] 2017-04-28 08:14:03 : [scan] - Progress: 88% 2017-04-28 08:14:03 : [scan.registry] - 142 malicious registry element found 2017-04-28 08:14:03 : [scan] - Progress: 90% 2017-04-28 08:14:03 : [main] - Firefox is installed: True 2017-04-28 08:14:03 : [scan.firefox] - Starting Firefox based browsers scan [1] 2017-04-28 08:14:05 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\Extensions\arthurj8283@gmail.com 2017-04-28 08:14:05 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com] 2017-04-28 08:14:06 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com] 2017-04-28 08:14:08 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com] 2017-04-28 08:14:08 : [scan.firefox] - Stopping Firefox based browsers scan [1] 2017-04-28 08:14:08 : [scan.firefox] - Starting Firefox based browsers scan [2] 2017-04-28 08:14:08 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\nice.xml 2017-04-28 08:14:08 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\mylucky123.xml 2017-04-28 08:14:08 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\yahoo! powered search.xml 2017-04-28 08:14:08 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\amisites.xml 2017-04-28 08:14:08 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\startpageing123.xml 2017-04-28 08:14:08 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\luck.xml 2017-04-28 08:14:08 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\ourluckysites.xml 2017-04-28 08:14:09 : [scan.firefox] - Stopping Firefox based browsers scan [2] 2017-04-28 08:14:09 : [scan] - Progress: 92% 2017-04-28 08:14:09 : [scan.firefox] - Starting Firefox based browsers scan [3] 2017-04-28 08:14:09 : [scan.firefox] - Reading C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\prefs.js 2017-04-28 08:14:09 : [scan.firefox] - Found "browser.search.selectedEngine" - "Yahoo! Powered Search" 2017-04-28 08:14:09 : [scan.firefox] - Found "browser.search.searchengine.url" - "http://www.luckysearch123.com/search.php?type=ds&ts=1489036179&from=5fdc0308&uid=toshibaxmq01abd100_35ilpkumtxx35ilpkumt&z=089d55749609940b66ce91dgfz3b3t8eac6qegfqam&q={searchTerms}" 2017-04-28 08:14:09 : [scan.firefox] - Found "browser.search.defaultenginename" - "Yahoo! Powered Search" 2017-04-28 08:14:09 : [scan.firefox] - Found "browser.newtab.url" - "http://www.nicesearches.com?type=hp&ts=1478740517&from=ead80003&uid=toshibaxmq01abd100_35ilpkumtxx35ilpkumt&z=4bfed39884d9632aea37899gcz0m0b7mez5edw5gaz" 2017-04-28 08:14:09 : [scan.firefox] - Found "browser.search.order.1" - "nice" 2017-04-28 08:14:09 : [scan.firefox] - Found "browser.search.searchengine.iconURL" - "http://www.luckysearch123.com/favicon.ico?t=1" 2017-04-28 08:14:09 : [scan.firefox] - Found "browser.startup.homepage" - "https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro" 2017-04-28 08:14:09 : [scan.firefox] - Reading C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\user.js 2017-04-28 08:14:09 : [scan.firefox] - No profile to scan, skipping 2017-04-28 08:14:09 : [scan.firefox] - No profile to scan, skipping 2017-04-28 08:14:09 : [scan.firefox] - No profile to scan, skipping 2017-04-28 08:14:09 : [scan] - Progress: 94% 2017-04-28 08:14:09 : [scan.firefox] - Stopping Firefox based browsers scan [3] 2017-04-28 08:14:09 : [scan.firefox] - 7 malicious Firefox preferences found 2017-04-28 08:14:09 : [scan] - Progress: 95% 2017-04-28 08:14:09 : [main] - Chrome is installed: True 2017-04-28 08:14:09 : [scan.chromium] - Starting Chromium based browsers scan [1] 2017-04-28 08:14:10 : [scan.chromium] - Found HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-04-28 08:14:10 : [scan.chromium] - Found HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-04-28 08:14:10 : [scan.chromium] - Found HKCU64\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-04-28 08:14:10 : [scan.chromium] - Found HKLM64\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-04-28 08:14:10 : [scan.chromium] - Stopping Chromium based browsers scan [1] 2017-04-28 08:14:10 : [scan] - Progress: 97% 2017-04-28 08:14:10 : [scan.chromium] - Starting Chromium based browsers scan [2] 2017-04-28 08:14:10 : [scan.chromium] - No profile to scan, skipping 2017-04-28 08:14:10 : [scan.chromium] - Opening C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Data 2017-04-28 08:14:10 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] uk.ask.com 2017-04-28 08:14:10 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] yessearches 2017-04-28 08:14:10 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] mylucky123 2017-04-28 08:14:10 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] nice 2017-04-28 08:14:10 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] ourluckysites 2017-04-28 08:14:10 : [scan.chromium] - Closing C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Data 2017-04-28 08:14:10 : [scan.chromium] - Opening C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences 2017-04-28 08:14:12 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [startup_urls] http://www.nicesearches.com?type=hp&ts=1478740517&from=ead80003&uid=toshibaxmq01abd100_35ilpkumtxx35ilpkumt&z=4bfed39884d9632aea37899gcz0m0b7mez5edw5gaz 2017-04-28 08:14:12 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [favicon_url] http://www.mylucky123.com/searchfavicon.ico 2017-04-28 08:14:12 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [Extensions] pilplloabdedfmialnfchjomjmpjcoej 2017-04-28 08:14:12 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [Homepage] http://www.nicesearches.com?type=hp&ts=1478740517&from=ead80003&uid=toshibaxmq01abd100_35ilpkumtxx35ilpkumt&z=4bfed39884d9632aea37899gcz0m0b7mez5edw5gaz 2017-04-28 08:14:12 : [scan.chromium] - No profile to scan, skipping 2017-04-28 08:14:12 : [scan.chromium] - No profile to scan, skipping 2017-04-28 08:14:12 : [scan.chromium] - No profile to scan, skipping 2017-04-28 08:14:12 : [scan.chromium] - No profile to scan, skipping 2017-04-28 08:14:12 : [scan.chromium] - No profile to scan, skipping 2017-04-28 08:14:12 : [scan.chromium] - Stopping Chromium based browsers scan [2] 2017-04-28 08:14:12 : [scan] - Progress: 99% 2017-04-28 08:14:12 : [scan.chromium] - Starting Chromium based browsers scan [3] 2017-04-28 08:14:12 : [scan.chromium] - Stopping Chromium based browsers scan [3] 2017-04-28 08:14:12 : [scan.chromium] - 9 malicious Chromium preferences elements found 2017-04-28 08:14:12 : [scan] - Progress: 100% 2017-04-28 08:14:12 : [scan] - Stopping scan 2017-04-28 08:14:39 : [main.com] - COM Error: 80020009 - Exception occurred. 2017-04-28 08:14:39 : [main.stats] - Error while sending stats 2017-04-28 08:17:01 : [main.gui] - Showing Report window 2017-04-28 08:20:30 : [main.gui] - Showing Report window 2017-04-28 08:20:46 : [main.gui] - Showing Report window 2017-04-28 08:21:35 : [main.gui] - Clean requested 2017-04-28 08:21:37 : [main.gui] - Killing all processes 2017-04-28 08:21:37 : [main] - Killing [System Process](0) 2017-04-28 08:21:37 : [main] - Killing System(4) 2017-04-28 08:21:37 : [main] - smss.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - csrss.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - wininit.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - services.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - lsass.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - dasHost.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - WmiPrvSE.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - LMS.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - csrss.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - winlogon.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - dwm.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - explorer.exe - (4) not killed - whitelisted 2017-04-28 08:21:37 : [main] - Killing HPSIsvc.exe(4904) 2017-04-28 08:21:37 : [main] - Killing Allhair.exe(2788) 2017-04-28 08:21:37 : [main] - Killing UvConverter.exe(2800) 2017-04-28 08:21:37 : [main] - Killing SearchIndexer.exe(2728) 2017-04-28 08:21:37 : [main] - Killing sppsvc.exe(2372) 2017-04-28 08:21:37 : [main] - SppExtComObj.Exe - (2372) not killed - whitelisted 2017-04-28 08:21:37 : [main] - Killing slui.exe(2252) 2017-04-28 08:21:37 : [main] - Killing nvvsvc.exe(3968) 2017-04-28 08:21:37 : [main] - Killing nvxdsync.exe(1752) 2017-04-28 08:21:37 : [main] - Killing nvvsvc.exe(3588) 2017-04-28 08:21:37 : [main] - Killing chrome.exe(4472) 2017-04-28 08:21:37 : [main] - Killing chrome.exe(972) 2017-04-28 08:21:37 : [main] - Killing chrome.exe(1200) 2017-04-28 08:21:37 : [main] - Killing chrome.exe(0) 2017-04-28 08:21:37 : [main] - Killing chrome.exe(0) 2017-04-28 08:21:37 : [main] - Killing chrome.exe(0) 2017-04-28 08:21:37 : [main] - Killing chrome.exe(0) 2017-04-28 08:21:37 : [main] - Killing chrome.exe(0) 2017-04-28 08:21:37 : [main] - Killing chrome.exe(0) 2017-04-28 08:21:37 : [main] - adwcleaner_6.046.exe - (0) not killed - whitelisted 2017-04-28 08:21:37 : [main] - Killing dllhost.exe(4020) 2017-04-28 08:21:37 : [main] - Killing chrome.exe(0) 2017-04-28 08:21:37 : [main] - Killing slui.exe(4632) 2017-04-28 08:21:37 : [quarantine] - Quarantine database successfully opened 2017-04-28 08:21:37 : [clean] - Progress: 0% 2017-04-28 08:21:37 : [clean.services] - Starting services clean 2017-04-28 08:21:37 : [clean.services] - Nothing to clean. 2017-04-28 08:21:37 : [clean.services] - Stopping services clean 2017-04-28 08:21:37 : [clean] - Progress: 10% 2017-04-28 08:21:37 : [clean.folders] - Starting folders clean 2017-04-28 08:35:29 : INFO [main] - >>>> STARTING <<<< 2017-04-28 08:35:29 : INFO [main] - Version: 6.046 2017-04-28 08:35:29 : INFO [main] - RAM Usage: 41 2017-04-28 08:35:29 : INFO [main] - OS: WIN_81 X64 2017-04-28 08:35:29 : [main.language] - Checking the language 2017-04-28 08:35:29 : [main.language] - Language found: en 2017-04-28 08:35:29 : [main.network] - Checking the network connectivity 2017-04-28 08:35:29 : [main.network] - Network connectivity status: True 2017-04-28 08:35:29 : [main.eula] - Checking for EULA agreement 2017-04-28 08:35:29 : [main.network] - Check for updates 2017-04-28 08:35:29 : [main.network] - Requesting the last release number 2017-04-28 08:35:31 : [main.network] - The current version is up-to-date 2017-04-28 08:35:31 : [main.gui] - GUI setup 2017-04-28 08:35:31 : [main.gui] - Languages setup 2017-04-28 08:35:31 : [main] - Chrome is installed: True 2017-04-28 08:35:31 : [main] - Firefox is installed: True 2017-04-28 08:35:32 : [main.gui] - Showing the gui 2017-04-28 08:35:36 : [main.gui] - Showing Options window 2017-04-28 08:35:45 : [main] - Saving current options to the configuration file 2017-04-28 08:35:46 : [main.gui] - Scan requested 2017-04-28 08:35:46 : [scan] - Running from: C:\AdwCleaner 2017-04-28 08:35:46 : [scan] - Progress: 0% 2017-04-28 08:35:46 : [database] - Using local database 2017-04-28 08:35:46 : [scan] - Progress: 5% 2017-04-28 08:35:46 : [database] - Initialize the database 2017-04-28 08:35:46 : [database] - Loading sqlite3.dll 2017-04-28 08:35:46 : [database] - Opening the database 2017-04-28 08:35:46 : [database] - Querying database's version 2017-04-28 08:35:46 : [database] - Loading internal data 2017-04-28 08:35:46 : [database] - Loading detections 2017-04-28 08:35:49 : [database] - Loading generics 2017-04-28 08:35:49 : [database] - Closing the database 2017-04-28 08:35:49 : [database] - Closing database 2017-04-28 08:35:49 : [database] - Unloading sqlite3.dll 2017-04-28 08:35:49 : [scan] - Progress: 15% 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [1] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [2] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [3] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [4] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [5] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [6] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [7] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [8] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [9] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [10] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [11] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [12] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [13] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [14] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [15] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [16] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [17] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [18] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [19] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [20] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [21] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [22] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [23] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [24] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [25] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [26] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [27] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [28] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [29] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [30] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [31] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [32] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [33] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [34] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [35] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [36] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [37] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [38] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [39] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [40] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [41] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [42] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [43] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [44] 2017-04-28 08:35:49 : [scan.generic] - Generating generic detections [45] 2017-04-28 08:35:49 : [scan.generic] - Generic detections generated 2017-04-28 08:35:49 : [scan] - Progress: 20% 2017-04-28 08:35:49 : [scan.generic] - Starting generic analysis 2017-04-28 08:35:50 : [scan.generic] - Found e2903e0f6f7551838556f4481716e1e5.sys 2017-04-28 08:35:50 : [scan.generic] - Found Browser Updater Task(Core) 2017-04-28 08:35:50 : [scan] - Progress: 30% 2017-04-28 08:35:50 : [scan.services] - Starting services scan [1] 2017-04-28 08:35:50 : [scan.registry] - Found winzipersvc 2017-04-28 08:35:50 : [scan.registry] - Found winzipersvc 2017-04-28 08:35:50 : [scan.registry] - Found qkseeService 2017-04-28 08:35:50 : [scan.registry] - Found qkseeService 2017-04-28 08:35:50 : [scan.registry] - Found ByteFenceService 2017-04-28 08:35:50 : [scan.registry] - Found ByteFenceService 2017-04-28 08:35:51 : [scan.registry] - Found WinSnare 2017-04-28 08:35:51 : [scan.registry] - Found WinSnare 2017-04-28 08:35:51 : [scan.registry] - Found SNARER 2017-04-28 08:35:51 : [scan.registry] - Found SNARER 2017-04-28 08:35:51 : [scan.registry] - Found SNARE 2017-04-28 08:35:51 : [scan.registry] - Found SNARE 2017-04-28 08:35:51 : [scan.services] - Stopping services scan [1] 2017-04-28 08:35:51 : [scan.services] - Starting services scan [2] 2017-04-28 08:35:51 : [scan.services] - Stopping services scan [2] 2017-04-28 08:35:51 : [scan.services] - 0 malicious services found 2017-04-28 08:35:51 : [scan] - Progress: 40% 2017-04-28 08:35:51 : [scan.folders] - Starting folders scan 2017-04-28 08:35:51 : [scan.folders] - Found C:\USERs\USER\AppData\Local\Coldmay 2017-04-28 08:35:51 : [scan.folders] - Found C:\USERs\USER\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD} 2017-04-28 08:35:51 : [scan.folders] - Found C:\USERs\USER\AppData\Local\SNARER 2017-04-28 08:35:52 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\cpuminer 2017-04-28 08:35:52 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\ImageCropResize 2017-04-28 08:35:52 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\WinZiper 2017-04-28 08:35:52 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\gplyra 2017-04-28 08:35:52 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Tencent 2017-04-28 08:35:52 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\WinSAPSvc 2017-04-28 08:35:52 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\WinSnare 2017-04-28 08:35:52 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Kyubey 2017-04-28 08:35:54 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YSPackage 2017-04-28 08:35:54 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2017-04-28 08:35:54 : [scan.folders] - Found C:\Program Files\ByteFence 2017-04-28 08:35:55 : [scan.folders] - Found C:\Program Files\Plumbytes Software 2017-04-28 08:35:55 : [scan.folders] - Found C:\Program Files\Common Files\Tencent 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\TXQMPC 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\QQBrowser 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\Tencent 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\ChelfNotify 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\Allhair 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\ytd video downloader 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\WinSAPSvc 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\BaofengUpdate_U 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\Redjane 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\chelfnotify 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\gjcfj 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\jcfjc 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\Application Data\TXQMPC 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\Application Data\QQBrowser 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\Application Data\Tencent 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\Application Data\ChelfNotify 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\Application Data\Allhair 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\Application Data\ytd video downloader 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\Application Data\WinSAPSvc 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\Application Data\BaofengUpdate_U 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\Application Data\Redjane 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\Application Data\chelfnotify 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\Application Data\gjcfj 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\Application Data\jcfjc 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware 2017-04-28 08:35:56 : [scan.folders] - Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sear 2017-04-28 08:35:57 : [scan.folders] - Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\GreenTree Applications 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\WinZipper 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\TData 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\CleanBrowser 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\QQBrowser 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\HomePageDefender 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\yesbnd 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\TXQQBrowser 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\Tencent 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\WinSaber 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\winsaber 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\Allhair 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\InterHop 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\WinArcher 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\UvConverter 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\winarcher 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\Gubed 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\Gub 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\BikaQRssReader 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\Skusenzecult 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\bilibili 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\BikaQRss 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\Coldmay 2017-04-28 08:35:57 : [scan.folders] - Found C:\Program Files (x86)\Common Files\Tencent 2017-04-28 08:35:59 : [scan.folders] - Found C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent 2017-04-28 08:35:59 : [scan.folders] - Found C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\aMule 2017-04-28 08:35:59 : [scan.folders] - Found C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC 2017-04-28 08:36:00 : [scan.folders] - Found C:\Users\Public\Documents\dmp 2017-04-28 08:36:00 : [scan.folders] - Found C:\Program Files (x86)\Firefox 2017-04-28 08:36:00 : [scan.folders] - Found C:\ProgramData\WinTools 2017-04-28 08:36:00 : [scan.folders] - Found C:\Users\USER\AppData\Roaming\WinSnare 2017-04-28 08:36:00 : [scan.folders] - Found C:\Program Files (x86)\reports 2017-04-28 08:36:00 : [scan.folders] - Found C:\Users\USER\AppData\Roaming\Firefox 2017-04-28 08:36:00 : [scan.folders] - Found C:\Users\USER\AppData\Local\Firefox 2017-04-28 08:36:00 : [scan.folders] - Found C:\Users\USER\AppData\Roaming\clean 2017-04-28 08:36:00 : [scan.folders] - Found C:\UPDATE\PSGO 2017-04-28 08:36:00 : [scan.folders] - Found C:\Users\USER\AppData\Local\SNARE 2017-04-28 08:36:00 : [scan.folders] - Found C:\Users\USER\AppData\Local\Kitty 2017-04-28 08:36:00 : [scan.folders] - Found C:\Windows\Update\psgo 2017-04-28 08:36:00 : [scan.folders] - Stopping folders scan 2017-04-28 08:36:00 : [scan.folders] - 82 malicious folders found 2017-04-28 08:36:00 : [scan] - Progress: 50% 2017-04-28 08:36:00 : [scan.files] - Starting files scan 2017-04-28 08:36:01 : [scan.files] - Found C:\Windows\SysNative\log\iSafeKrnlCall.log 2017-04-28 08:36:01 : [scan.files] - Found C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys 2017-04-28 08:36:01 : [scan.files] - Found C:\Windows\SysNative\drivers\iSafeNetFilter.sys 2017-04-28 08:36:01 : [scan.files] - Found C:\Windows\SysNative\drivers\TFsFltX64.sys 2017-04-28 08:36:01 : [scan.files] - Found C:\Windows\SysNative\drivers\TAOKernelEx64.sys 2017-04-28 08:36:01 : [scan.files] - Found C:\Users\Public\Desktop\YTD Video Downloader.lnk 2017-04-28 08:36:02 : [scan.files] - Found C:\Program Files (x86)\Common Files\SERVICES\ITHEMES.DLL 2017-04-28 08:36:02 : [scan.files] - Found C:\Program Files (x86)\settings.dat 2017-04-28 08:36:02 : [scan.files] - Found C:\Users\Public\Documents\cfg.ini 2017-04-28 08:36:02 : [scan.files] - Found C:\Users\Public\Documents\cc.ini 2017-04-28 08:36:02 : [scan.files] - Found C:\Users\Public\Documents\temp.dat 2017-04-28 08:36:02 : [scan.files] - Found C:\Users\Public\Documents\report.dat 2017-04-28 08:36:02 : [scan.files] - Found C:\Users\Public\Desktop\FLV Player.lnk 2017-04-28 08:36:02 : [scan.files] - Found C:\Users\USER\AppData\Local\AMD\amd.exe 2017-04-28 08:36:02 : [scan.files] - Stopping files scan 2017-04-28 08:36:02 : [scan.files] - 15 malicious files found 2017-04-28 08:36:02 : [scan] - Progress: 55% 2017-04-28 08:36:02 : [scan.dll] - Starting DLL scan 2017-04-28 08:36:02 : [scan.dll] - Stopping DLL scan 2017-04-28 08:36:02 : [scan.dll] - 0 malicious DLL found 2017-04-28 08:36:02 : [scan] - Progress: 60% 2017-04-28 08:36:02 : [scan.wmi] - Starting WMI scan 2017-04-28 08:36:02 : [scan.wmi] - Stopping WMI scan 2017-04-28 08:36:02 : [scan.wmi] - 0 malicious WMI found 2017-04-28 08:36:02 : [scan] - Progress: 65% 2017-04-28 08:36:02 : [scan.shortcuts] - Starting shortcuts scan 2017-04-28 08:36:02 : [scan.shortcuts] - Found C:\USERs\USER\Desktop\chrome.exe - Shortcut (2).lnk [http://www.ourluckysites.com/?type=sc&ts=1493101566&z=6cfc98e90f4a9d90c8b9b77gaz7t6c4gfeegbw5w0c&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT] 2017-04-28 08:36:02 : [scan.shortcuts] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [http://www.mylucky123.com/?type=sc&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT] 2017-04-28 08:36:02 : [scan.shortcuts] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\chrome.exe - Shortcut (2).lnk [http://www.ourluckysites.com/?type=sc&ts=1493101566&z=6cfc98e90f4a9d90c8b9b77gaz7t6c4gfeegbw5w0c&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT] 2017-04-28 08:36:02 : [scan.shortcuts] - Stopping shortcuts scan 2017-04-28 08:36:02 : [scan.shortcuts] - 3 malicious shortcuts found 2017-04-28 08:36:02 : [scan] - Progress: 70% 2017-04-28 08:36:02 : [scan.tasks] - Starting tasks scan 2017-04-28 08:36:03 : [scan.tasks] - Found ByteFence 2017-04-28 08:36:03 : [scan.tasks] - Found ByteFence Scan 2017-04-28 08:36:03 : [scan.tasks] - Found Browser Updater Task(Core) 2017-04-28 08:36:03 : [scan.tasks] - Found WinTOOL 2017-04-28 08:36:03 : [scan.tasks] - Found Milimili 2017-04-28 08:36:03 : [scan.tasks] - Found RedjaneUpdateTaskMachineUA 2017-04-28 08:36:03 : [scan.tasks] - Found RedjaneUpdateTaskMachineCore 2017-04-28 08:36:03 : [scan.tasks] - Found Windows-PG 2017-04-28 08:36:03 : [scan.tasks] - Stopping tasks scan 2017-04-28 08:36:03 : [scan.tasks] - 9 malicious tasks found 2017-04-28 08:36:03 : [scan] - Progress: 75% 2017-04-28 08:36:03 : [scan.registry] - Starting registry scan [1] 2017-04-28 08:36:08 : [scan.registry] - Stopping registry scan [1] 2017-04-28 08:36:08 : [scan.registry] - Starting registry scan [2] 2017-04-28 08:36:09 : [scan.registry] - Found {51BEE30D-EEC8-4BA3-930B-298B8E759EB1} 2017-04-28 08:36:09 : [scan.registry] - Found 3045035B-3C14-4698-8AC4-ADB18CC42C1E 2017-04-28 08:36:09 : [scan.registry] - Found {70DE12EA-79F4-46BC-9812-86DB50A2FD64} 2017-04-28 08:36:09 : [scan.registry] - Found {03AE1B7B-A9E7-4D5A-9D34-89999C31B659} 2017-04-28 08:36:09 : [scan.registry] - Found {E7270EC6-0113-4A78-B610-E501D0A9E48E} 2017-04-28 08:36:09 : [scan.registry] - Found {357D32FC-F0AE-4B37-B36F-D44AA31496F5} 2017-04-28 08:36:09 : [scan.registry] - Found {80B3B43F-7508-4627-BE66-00FB9AE5EE72} 2017-04-28 08:36:10 : [scan.registry] - Found {5A83D7C9-4A14-4000-BC05-389268238753} 2017-04-28 08:36:10 : [scan.registry] - Found {29B6CFD5-0064-411A-8C42-9890C83F9921} 2017-04-28 08:36:16 : [scan.registry] - Stopping registry scan [2] 2017-04-28 08:36:16 : [scan.registry] - Starting registry scan [3] 2017-04-28 08:36:16 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-04-28 08:36:16 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-04-28 08:36:17 : [scan.registry] - Found PRODUCTSETUP 2017-04-28 08:36:17 : [scan.registry] - Found WajIEnhance 2017-04-28 08:36:17 : [scan.registry] - Found csastats 2017-04-28 08:36:17 : [scan.registry] - Found WinSnare 2017-04-28 08:36:17 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-04-28 08:36:17 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-04-28 08:36:18 : [scan.registry] - Found PRODUCTSETUP 2017-04-28 08:36:18 : [scan.registry] - Found WajIEnhance 2017-04-28 08:36:18 : [scan.registry] - Found csastats 2017-04-28 08:36:18 : [scan.registry] - Found WinSnare 2017-04-28 08:36:18 : [scan.registry] - Found ByteFence 2017-04-28 08:36:18 : [scan.registry] - Found hdcode 2017-04-28 08:36:18 : [scan.registry] - Found yessearchesSoftware 2017-04-28 08:36:18 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-04-28 08:36:18 : [scan.registry] - Found Social2Sear 2017-04-28 08:36:18 : [scan.registry] - Found {E6276374-DE18-4AA5-A365-9016A2F98A2D} 2017-04-28 08:36:18 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-04-28 08:36:18 : [scan.registry] - Found ScreenShot 2017-04-28 08:36:18 : [scan.registry] - Found WinZiper 2017-04-28 08:36:18 : [scan.registry] - Found WinSaberSvc 2017-04-28 08:36:18 : [scan.registry] - Found InterHop 2017-04-28 08:36:18 : [scan.registry] - Found WinArcher 2017-04-28 08:36:18 : [scan.registry] - Found amule-custom 2017-04-28 08:36:18 : [scan.registry] - Found mylucky123Software 2017-04-28 08:36:18 : [scan.registry] - Found UvConverter 2017-04-28 08:36:18 : [scan.registry] - Found UvConv 2017-04-28 08:36:18 : [scan.registry] - Found ourluckysitesSoftware 2017-04-28 08:36:18 : [scan.registry] - Found ByteFence 2017-04-28 08:36:18 : [scan.registry] - Found {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} 2017-04-28 08:36:18 : [scan.registry] - Found {A0275D4F-FFAB-4A42-9874-B871B1C4CA3D} 2017-04-28 08:36:18 : [scan.registry] - Found {19539992-061C-4E8B-9053-07B175303AF4} 2017-04-28 08:36:18 : [scan.registry] - Found Corner Sunshine 2017-04-28 08:36:19 : [scan.registry] - Found PRODUCTSETUP 2017-04-28 08:36:19 : [scan.registry] - Found WajIEnhance 2017-04-28 08:36:19 : [scan.registry] - Found csastats 2017-04-28 08:36:19 : [scan.registry] - Found WinSnare 2017-04-28 08:36:19 : [scan.registry] - Found ByteFence 2017-04-28 08:36:19 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-04-28 08:36:19 : [scan.registry] - Found Social2Sear 2017-04-28 08:36:19 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-04-28 08:36:19 : [scan.registry] - Found InterSect Alliance 2017-04-28 08:36:19 : [scan.registry] - Found Corner Sunshine 2017-04-28 08:36:19 : [scan.registry] - Stopping registry scan [3] 2017-04-28 08:36:19 : [scan] - Progress: 80% 2017-04-28 08:36:19 : [scan.registry] - Starting registry scan [4] 2017-04-28 08:36:19 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-28 08:36:19 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-28 08:36:19 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-28 08:36:19 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-28 08:36:19 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-28 08:36:19 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-28 08:36:19 : [scan.registry] - Found 29993591C160B8E40935701B5703A34F 2017-04-28 08:36:19 : [scan.registry] - Found B68CE107A2DED706DC47D6BC4BF3C4C1 2017-04-28 08:36:19 : [scan.registry] - Found 9C767D9D7BB3F9C4B839FF09B6C80DCF 2017-04-28 08:36:19 : [scan.registry] - Found 4EE2F0310EBEC29A0C48C035C43786AA 2017-04-28 08:36:19 : [scan.registry] - Found 4B2A47D6F1D42DD81A292C027724D291 2017-04-28 08:36:19 : [scan.registry] - Found 02C076B2283AB74D88D5E4D34BC497FF 2017-04-28 08:36:19 : [scan.registry] - Found 29993591C160B8E40935701B5703A34F 2017-04-28 08:36:19 : [scan.registry] - Found FFA0118CE95AE0D70F14E7E8A72452C8 2017-04-28 08:36:19 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-28 08:36:19 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-28 08:36:19 : [scan.registry] - Found 29993591C160B8E40935701B5703A34F 2017-04-28 08:36:19 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-28 08:36:19 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-28 08:36:19 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-04-28 08:36:19 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-04-28 08:36:19 : [scan.registry] - Stopping registry scan [4] 2017-04-28 08:36:19 : [scan.registry] - Starting registry scan [5] 2017-04-28 08:36:20 : [scan.registry] - Found HKU\S-1-5-21-164198420-4263444884-1301349549-1001\Software\Microsoft\Internet Explorer\Main Start Page https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro 2017-04-28 08:36:20 : [scan.registry] - Found HKU\S-1-5-21-164198420-4263444884-1301349549-1001\Software\Microsoft\Internet Explorer\Main Default_Page_URL http://www.mylucky123.com/?type=hp&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT 2017-04-28 08:36:20 : [scan.registry] - Found HKCU\Software\Microsoft\Internet Explorer\Main Start Page https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro 2017-04-28 08:36:20 : [scan.registry] - Found HKCU\Software\Microsoft\Internet Explorer\Main Default_Page_URL http://www.mylucky123.com/?type=hp&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT 2017-04-28 08:36:20 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Internet Explorer\Main Default_Search_URL http://www.mylucky123.com/search/?type=ds&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT&q={searchTerms} 2017-04-28 08:36:20 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Internet Explorer\Main Default_Page_URL http://www.mylucky123.com/?type=hp&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT 2017-04-28 08:36:20 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Internet Explorer\Main Start Page https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro 2017-04-28 08:36:20 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Internet Explorer\Main Search Page http://www.mylucky123.com/search/?type=ds&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT&q={searchTerms} 2017-04-28 08:36:20 : [scan.registry] - Found HKCU64\Software\Microsoft\Internet Explorer\Main Start Page https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro 2017-04-28 08:36:20 : [scan.registry] - Found HKCU64\Software\Microsoft\Internet Explorer\Main Default_Page_URL http://www.mylucky123.com/?type=hp&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT 2017-04-28 08:36:20 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Default_Search_URL http://www.mylucky123.com/search/?type=ds&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT&q={searchTerms} 2017-04-28 08:36:20 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Default_Page_URL http://www.mylucky123.com/?type=hp&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT 2017-04-28 08:36:20 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Start Page https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro 2017-04-28 08:36:20 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Search Page http://www.mylucky123.com/search/?type=ds&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT&q={searchTerms} 2017-04-28 08:36:20 : [scan.registry] - Stopping registry scan [5] 2017-04-28 08:36:20 : [scan] - Progress: 82% 2017-04-28 08:36:20 : [scan.registry] - Starting registry scan [6] 2017-04-28 08:36:20 : [scan.registry] - Stopping registry scan [6] 2017-04-28 08:36:20 : [scan.registry] - Starting registry scan [7] 2017-04-28 08:36:20 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-04-28 08:36:20 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-04-28 08:36:20 : [scan.registry] - Found HKU\S-1-5-21-164198420-4263444884-1301349549-1001\Software\Microsoft\Internet Explorer\SearchScopes\ 2017-04-28 08:36:20 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-04-28 08:36:20 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-04-28 08:36:20 : [scan.registry] - Found HKCU\Software\Microsoft\Internet Explorer\SearchScopes\ 2017-04-28 08:36:20 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-04-28 08:36:20 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-04-28 08:36:20 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ 2017-04-28 08:36:20 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-04-28 08:36:20 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-04-28 08:36:20 : [scan.registry] - Found HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\ 2017-04-28 08:36:20 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-04-28 08:36:20 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-04-28 08:36:20 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ 2017-04-28 08:36:20 : [scan.registry] - Stopping registry scan [7] 2017-04-28 08:36:20 : [scan.registry] - Starting registry scan [8] 2017-04-28 08:36:20 : [scan.registry] - Stopping registry scan [8] 2017-04-28 08:36:20 : [scan] - Progress: 84% 2017-04-28 08:36:20 : [scan.registry] - Starting registry scan [9] 2017-04-28 08:36:20 : [scan.registry] - Found HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 2017-04-28 08:36:20 : [scan.registry] - Found HKLM64\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 2017-04-28 08:36:20 : [scan.registry] - Stopping registry scan [9] 2017-04-28 08:36:20 : [scan.registry] - Starting registry scan [10] 2017-04-28 08:36:20 : [scan.registry] - Stopping registry scan [10] 2017-04-28 08:36:20 : [scan.registry] - Starting registry scan [11] 2017-04-28 08:36:20 : [scan.registry] - Stopping registry scan [11] 2017-04-28 08:36:20 : [scan.registry] - Starting registry scan [12] 2017-04-28 08:36:20 : [scan.registry] - Stopping registry scan [12] 2017-04-28 08:36:20 : [scan.registry] - Starting registry scan [13] 2017-04-28 08:36:20 : [scan.registry] - Stopping registry scan [13] 2017-04-28 08:36:20 : [scan.registry] - Starting registry scan [14] 2017-04-28 08:36:20 : [scan.registry] - Stopping registry scan [14] 2017-04-28 08:36:20 : [scan.registry] - Starting registry scan [15] 2017-04-28 08:36:20 : [scan.registry] - Stopping registry scan [15] 2017-04-28 08:36:20 : [scan.registry] - Starting registry scan [16] 2017-04-28 08:36:20 : [scan.registry] - Stopping registry scan [16] 2017-04-28 08:36:20 : [scan.registry] - Starting registry scan [17] 2017-04-28 08:36:20 : [scan.registry] - Stopping registry scan [17] 2017-04-28 08:36:20 : [scan.registry] - Starting registry scan [18] 2017-04-28 08:36:20 : [scan.registry] - Found gplyra 2017-04-28 08:36:20 : [scan.registry] - Found gplyra 2017-04-28 08:36:20 : [scan.registry] - Found gplyra 2017-04-28 08:36:20 : [scan.registry] - Stopping registry scan [18] 2017-04-28 08:36:20 : [scan] - Progress: 86% 2017-04-28 08:36:20 : [scan.registry] - Starting registry scan [19] 2017-04-28 08:36:20 : [scan.registry] - Found HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE 2017-04-28 08:36:20 : [scan.registry] - Found HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper 2017-04-28 08:36:20 : [scan.registry] - Found HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper 2017-04-28 08:36:20 : [scan.registry] - Found HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper 2017-04-28 08:36:20 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP 2017-04-28 08:36:20 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP 2017-04-28 08:36:20 : [scan.registry] - Found HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-04-28 08:36:20 : [scan.registry] - Found HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-04-28 08:36:20 : [scan.registry] - Found HKEY_CLASSES_ROOT\.qmgc 2017-04-28 08:36:20 : [scan.registry] - Found HKLM\SOFTWARE\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E 2017-04-28 08:36:20 : [scan.registry] - Found HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan 2017-04-28 08:36:20 : [scan.registry] - Found HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-04-28 08:36:20 : [scan.registry] - Found HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-04-28 08:36:20 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost WinSAPSvc 2017-04-28 08:36:20 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost ArcherGroupEx 2017-04-28 08:36:20 : [scan.registry] - Found HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan 2017-04-28 08:36:20 : [scan.registry] - Found HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper 2017-04-28 08:36:20 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Services\Themes DependOnService 2017-04-28 08:36:20 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost GubedZLGroupEx 2017-04-28 08:36:20 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost GubZLGroEx 2017-04-28 08:36:20 : [scan.registry] - Found HKCU\SOFTWARE\Classes\ChromeHTML 2017-04-28 08:36:20 : [scan.registry] - Found HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML 2017-04-28 08:36:20 : [scan.registry] - Stopping registry scan [19] 2017-04-28 08:36:20 : [scan] - Progress: 88% 2017-04-28 08:36:20 : [scan.registry] - 142 malicious registry element found 2017-04-28 08:36:20 : [scan] - Progress: 90% 2017-04-28 08:36:20 : [main] - Firefox is installed: True 2017-04-28 08:36:20 : [scan.firefox] - Starting Firefox based browsers scan [1] 2017-04-28 08:36:22 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\Extensions\arthurj8283@gmail.com 2017-04-28 08:36:22 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com] 2017-04-28 08:36:23 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com] 2017-04-28 08:36:25 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com] 2017-04-28 08:36:25 : [scan.firefox] - Stopping Firefox based browsers scan [1] 2017-04-28 08:36:25 : [scan.firefox] - Starting Firefox based browsers scan [2] 2017-04-28 08:36:25 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\nice.xml 2017-04-28 08:36:25 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\mylucky123.xml 2017-04-28 08:36:25 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\yahoo! powered search.xml 2017-04-28 08:36:25 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\amisites.xml 2017-04-28 08:36:25 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\startpageing123.xml 2017-04-28 08:36:25 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\luck.xml 2017-04-28 08:36:25 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\ourluckysites.xml 2017-04-28 08:36:25 : [scan.firefox] - Stopping Firefox based browsers scan [2] 2017-04-28 08:36:25 : [scan] - Progress: 92% 2017-04-28 08:36:25 : [scan.firefox] - Starting Firefox based browsers scan [3] 2017-04-28 08:36:25 : [scan.firefox] - Reading C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\prefs.js 2017-04-28 08:36:25 : [scan.firefox] - Found "browser.search.selectedEngine" - "Yahoo! Powered Search" 2017-04-28 08:36:25 : [scan.firefox] - Found "browser.search.searchengine.url" - "http://www.luckysearch123.com/search.php?type=ds&ts=1489036179&from=5fdc0308&uid=toshibaxmq01abd100_35ilpkumtxx35ilpkumt&z=089d55749609940b66ce91dgfz3b3t8eac6qegfqam&q={searchTerms}" 2017-04-28 08:36:25 : [scan.firefox] - Found "browser.search.defaultenginename" - "Yahoo! Powered Search" 2017-04-28 08:36:25 : [scan.firefox] - Found "browser.newtab.url" - "http://www.nicesearches.com?type=hp&ts=1478740517&from=ead80003&uid=toshibaxmq01abd100_35ilpkumtxx35ilpkumt&z=4bfed39884d9632aea37899gcz0m0b7mez5edw5gaz" 2017-04-28 08:36:25 : [scan.firefox] - Found "browser.search.order.1" - "nice" 2017-04-28 08:36:25 : [scan.firefox] - Found "browser.search.searchengine.iconURL" - "http://www.luckysearch123.com/favicon.ico?t=1" 2017-04-28 08:36:25 : [scan.firefox] - Found "browser.startup.homepage" - "https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro" 2017-04-28 08:36:25 : [scan.firefox] - Reading C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\user.js 2017-04-28 08:36:25 : [scan.firefox] - No profile to scan, skipping 2017-04-28 08:36:25 : [scan.firefox] - No profile to scan, skipping 2017-04-28 08:36:25 : [scan.firefox] - No profile to scan, skipping 2017-04-28 08:36:25 : [scan] - Progress: 94% 2017-04-28 08:36:25 : [scan.firefox] - Stopping Firefox based browsers scan [3] 2017-04-28 08:36:25 : [scan.firefox] - 7 malicious Firefox preferences found 2017-04-28 08:36:25 : [scan] - Progress: 95% 2017-04-28 08:36:25 : [main] - Chrome is installed: True 2017-04-28 08:36:25 : [scan.chromium] - Starting Chromium based browsers scan [1] 2017-04-28 08:36:26 : [scan.chromium] - Found HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-04-28 08:36:26 : [scan.chromium] - Found HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-04-28 08:36:26 : [scan.chromium] - Found HKCU64\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-04-28 08:36:26 : [scan.chromium] - Found HKLM64\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-04-28 08:36:27 : [scan.chromium] - Stopping Chromium based browsers scan [1] 2017-04-28 08:36:27 : [scan] - Progress: 97% 2017-04-28 08:36:27 : [scan.chromium] - Starting Chromium based browsers scan [2] 2017-04-28 08:36:27 : [scan.chromium] - No profile to scan, skipping 2017-04-28 08:36:27 : [scan.chromium] - Opening C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Data 2017-04-28 08:36:27 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] uk.ask.com 2017-04-28 08:36:27 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] yessearches 2017-04-28 08:36:27 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] mylucky123 2017-04-28 08:36:27 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] nice 2017-04-28 08:36:27 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] ourluckysites 2017-04-28 08:36:27 : [scan.chromium] - Closing C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Data 2017-04-28 08:36:27 : [scan.chromium] - Opening C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences 2017-04-28 08:36:28 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [startup_urls] http://www.nicesearches.com?type=hp&ts=1478740517&from=ead80003&uid=toshibaxmq01abd100_35ilpkumtxx35ilpkumt&z=4bfed39884d9632aea37899gcz0m0b7mez5edw5gaz 2017-04-28 08:36:28 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [favicon_url] http://www.mylucky123.com/searchfavicon.ico 2017-04-28 08:36:28 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [Extensions] pilplloabdedfmialnfchjomjmpjcoej 2017-04-28 08:36:28 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [Homepage] http://www.nicesearches.com?type=hp&ts=1478740517&from=ead80003&uid=toshibaxmq01abd100_35ilpkumtxx35ilpkumt&z=4bfed39884d9632aea37899gcz0m0b7mez5edw5gaz 2017-04-28 08:36:28 : [scan.chromium] - No profile to scan, skipping 2017-04-28 08:36:28 : [scan.chromium] - No profile to scan, skipping 2017-04-28 08:36:28 : [scan.chromium] - No profile to scan, skipping 2017-04-28 08:36:28 : [scan.chromium] - No profile to scan, skipping 2017-04-28 08:36:28 : [scan.chromium] - No profile to scan, skipping 2017-04-28 08:36:28 : [scan.chromium] - Stopping Chromium based browsers scan [2] 2017-04-28 08:36:28 : [scan] - Progress: 99% 2017-04-28 08:36:28 : [scan.chromium] - Starting Chromium based browsers scan [3] 2017-04-28 08:36:28 : [scan.chromium] - Stopping Chromium based browsers scan [3] 2017-04-28 08:36:28 : [scan.chromium] - 9 malicious Chromium preferences elements found 2017-04-28 08:36:28 : [scan] - Progress: 100% 2017-04-28 08:36:28 : [scan] - Stopping scan 2017-04-28 08:39:15 : [main.gui] - Clean requested 2017-04-28 08:39:16 : [main.gui] - Killing all processes 2017-04-28 08:39:16 : [main] - Killing [System Process](0) 2017-04-28 08:39:16 : [main] - Killing System(4) 2017-04-28 08:39:16 : [main] - smss.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - csrss.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - wininit.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - services.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - lsass.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - dasHost.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - WmiPrvSE.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - LMS.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - csrss.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - winlogon.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - dwm.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - explorer.exe - (4) not killed - whitelisted 2017-04-28 08:39:16 : [main] - Killing HPSIsvc.exe(4800) 2017-04-28 08:39:16 : [main] - Killing Allhair.exe(4568) 2017-04-28 08:39:16 : [main] - Killing UvConverter.exe(3776) 2017-04-28 08:39:16 : [main] - Killing SearchIndexer.exe(4816) 2017-04-28 08:39:16 : [main] - Killing nvvsvc.exe(3500) 2017-04-28 08:39:17 : [main] - Killing nvxdsync.exe(600) 2017-04-28 08:39:17 : [main] - Killing nvvsvc.exe(3656) 2017-04-28 08:39:17 : [main] - Killing chrome.exe(4180) 2017-04-28 08:39:17 : [main] - Killing chrome.exe(2236) 2017-04-28 08:39:17 : [main] - Killing chrome.exe(0) 2017-04-28 08:39:17 : [main] - Killing chrome.exe(0) 2017-04-28 08:39:17 : [main] - Killing chrome.exe(0) 2017-04-28 08:39:17 : [main] - Killing chrome.exe(0) 2017-04-28 08:39:17 : [main] - Killing chrome.exe(0) 2017-04-28 08:39:17 : [main] - Killing chrome.exe(0) 2017-04-28 08:39:17 : [main] - Killing chrome.exe(0) 2017-04-28 08:39:17 : [main] - Killing GoogleCrashHandler.exe(4508) 2017-04-28 08:39:17 : [main] - Killing GoogleCrashHandler64.exe(1280) 2017-04-28 08:39:17 : [main] - Killing taskeng.exe(1092) 2017-04-28 08:39:17 : [main] - adwcleaner_6.046.exe - (1092) not killed - whitelisted 2017-04-28 08:39:17 : [main] - Killing dllhost.exe(3284) 2017-04-28 08:39:17 : [quarantine] - Quarantine database successfully opened 2017-04-28 08:39:17 : [clean] - Progress: 0% 2017-04-28 08:39:17 : [clean.services] - Starting services clean 2017-04-28 08:39:17 : [clean.services] - Nothing to clean. 2017-04-28 08:39:17 : [clean.services] - Stopping services clean 2017-04-28 08:39:17 : [clean] - Progress: 10% 2017-04-28 08:39:17 : [clean.folders] - Starting folders clean 2017-05-04 08:24:14 : INFO [main] - >>>> STARTING <<<< 2017-05-04 08:24:14 : INFO [main] - Version: 6.046 2017-05-04 08:24:14 : INFO [main] - RAM Usage: 39 2017-05-04 08:24:14 : INFO [main] - OS: WIN_81 X64 2017-05-04 08:24:14 : [main.language] - Checking the language 2017-05-04 08:24:14 : [main.language] - Language found: en 2017-05-04 08:24:14 : [main.network] - Checking the network connectivity 2017-05-04 08:24:14 : [main.network] - Network connectivity status: True 2017-05-04 08:24:14 : [main.eula] - Checking for EULA agreement 2017-05-04 08:24:14 : [main.network] - Check for updates 2017-05-04 08:24:14 : [main.network] - Requesting the last release number 2017-05-04 08:24:18 : [main.network] - The current version is up-to-date 2017-05-04 08:24:18 : [main.gui] - GUI setup 2017-05-04 08:24:18 : [main.gui] - Languages setup 2017-05-04 08:24:18 : [main] - Chrome is installed: True 2017-05-04 08:24:18 : [main] - Firefox is installed: True 2017-05-04 08:24:18 : [main.gui] - Showing the gui 2017-05-04 08:24:20 : [main.gui] - Scan requested 2017-05-04 08:24:20 : [scan] - Running from: C:\AdwCleaner 2017-05-04 08:24:20 : [scan] - Progress: 0% 2017-05-04 08:24:20 : [database] - Using local database 2017-05-04 08:24:20 : [scan] - Progress: 5% 2017-05-04 08:24:20 : [database] - Initialize the database 2017-05-04 08:24:20 : [database] - Loading sqlite3.dll 2017-05-04 08:24:20 : [database] - Opening the database 2017-05-04 08:24:20 : [database] - Querying database's version 2017-05-04 08:24:20 : [database] - Loading internal data 2017-05-04 08:24:20 : [database] - Loading detections 2017-05-04 08:24:24 : [database] - Loading generics 2017-05-04 08:24:24 : [database] - Closing the database 2017-05-04 08:24:24 : [database] - Closing database 2017-05-04 08:24:24 : [database] - Unloading sqlite3.dll 2017-05-04 08:24:24 : [scan] - Progress: 15% 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [1] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [2] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [3] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [4] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [5] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [6] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [7] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [8] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [9] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [10] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [11] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [12] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [13] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [14] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [15] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [16] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [17] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [18] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [19] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [20] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [21] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [22] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [23] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [24] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [25] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [26] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [27] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [28] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [29] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [30] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [31] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [32] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [33] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [34] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [35] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [36] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [37] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [38] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [39] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [40] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [41] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [42] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [43] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [44] 2017-05-04 08:24:24 : [scan.generic] - Generating generic detections [45] 2017-05-04 08:24:24 : [scan.generic] - Generic detections generated 2017-05-04 08:24:24 : [scan] - Progress: 20% 2017-05-04 08:24:24 : [scan.generic] - Starting generic analysis 2017-05-04 08:24:34 : [scan.generic] - Found e2903e0f6f7551838556f4481716e1e5.sys 2017-05-04 08:24:34 : [scan.generic] - Found Browser Updater Task(Core) 2017-05-04 08:24:35 : [scan] - Progress: 30% 2017-05-04 08:24:35 : [scan.services] - Starting services scan [1] 2017-05-04 08:24:35 : [scan.registry] - Found winzipersvc 2017-05-04 08:24:35 : [scan.registry] - Found winzipersvc 2017-05-04 08:24:35 : [scan.registry] - Found qkseeService 2017-05-04 08:24:35 : [scan.registry] - Found qkseeService 2017-05-04 08:24:35 : [scan.registry] - Found ByteFenceService 2017-05-04 08:24:35 : [scan.registry] - Found ByteFenceService 2017-05-04 08:24:35 : [scan.registry] - Found WinSnare 2017-05-04 08:24:35 : [scan.registry] - Found WinSnare 2017-05-04 08:24:35 : [scan.registry] - Found SNARER 2017-05-04 08:24:35 : [scan.registry] - Found SNARER 2017-05-04 08:24:35 : [scan.registry] - Found SNARE 2017-05-04 08:24:35 : [scan.registry] - Found SNARE 2017-05-04 08:24:35 : [scan.services] - Stopping services scan [1] 2017-05-04 08:24:35 : [scan.services] - Starting services scan [2] 2017-05-04 08:24:36 : [scan.services] - Found SNARE 2017-05-04 08:24:36 : [scan.services] - Stopping services scan [2] 2017-05-04 08:24:36 : [scan.services] - 1 malicious services found 2017-05-04 08:24:36 : [scan] - Progress: 40% 2017-05-04 08:24:36 : [scan.folders] - Starting folders scan 2017-05-04 08:24:37 : [scan.folders] - Found C:\USERs\USER\AppData\Local\Coldmay 2017-05-04 08:24:37 : [scan.folders] - Found C:\USERs\USER\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD} 2017-05-04 08:24:37 : [scan.folders] - Found C:\USERs\USER\AppData\Local\SNARER 2017-05-04 08:24:39 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\cpuminer 2017-05-04 08:24:39 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\ImageCropResize 2017-05-04 08:24:39 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\WinZiper 2017-05-04 08:24:39 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\gplyra 2017-05-04 08:24:39 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Tencent 2017-05-04 08:24:39 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\WinSAPSvc 2017-05-04 08:24:39 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\WinSnare 2017-05-04 08:24:39 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Kyubey 2017-05-04 08:24:41 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YSPackage 2017-05-04 08:24:41 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2017-05-04 08:24:42 : [scan.folders] - Found C:\Program Files\ByteFence 2017-05-04 08:24:42 : [scan.folders] - Found C:\Program Files\Plumbytes Software 2017-05-04 08:24:43 : [scan.folders] - Found C:\Program Files\Common Files\Tencent 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\TXQMPC 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\QQBrowser 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\Tencent 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\ChelfNotify 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\Allhair 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\ytd video downloader 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\WinSAPSvc 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\BaofengUpdate_U 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\Redjane 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\chelfnotify 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\gjcfj 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\jcfjc 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\Application Data\TXQMPC 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\Application Data\QQBrowser 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\Application Data\Tencent 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\Application Data\ChelfNotify 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\Application Data\Allhair 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\Application Data\ytd video downloader 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\Application Data\WinSAPSvc 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\Application Data\BaofengUpdate_U 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\Application Data\Redjane 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\Application Data\chelfnotify 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\Application Data\gjcfj 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\Application Data\jcfjc 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sear 2017-05-04 08:24:45 : [scan.folders] - Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\GreenTree Applications 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\WinZipper 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\TData 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\CleanBrowser 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\QQBrowser 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\HomePageDefender 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\yesbnd 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\TXQQBrowser 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\Tencent 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\WinSaber 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\winsaber 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\Allhair 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\InterHop 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\WinArcher 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\UvConverter 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\winarcher 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\Gubed 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\Gub 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\BikaQRssReader 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\Skusenzecult 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\bilibili 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\BikaQRss 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\Coldmay 2017-05-04 08:24:47 : [scan.folders] - Found C:\Program Files (x86)\Common Files\Tencent 2017-05-04 08:24:49 : [scan.folders] - Found C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent 2017-05-04 08:24:49 : [scan.folders] - Found C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\aMule 2017-05-04 08:24:50 : [scan.folders] - Found C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC 2017-05-04 08:24:51 : [scan.folders] - Found C:\Users\Public\Documents\dmp 2017-05-04 08:24:51 : [scan.folders] - Found C:\Program Files (x86)\Firefox 2017-05-04 08:24:51 : [scan.folders] - Found C:\ProgramData\WinTools 2017-05-04 08:24:51 : [scan.folders] - Found C:\Users\USER\AppData\Roaming\WinSnare 2017-05-04 08:24:51 : [scan.folders] - Found C:\Program Files (x86)\reports 2017-05-04 08:24:51 : [scan.folders] - Found C:\Users\USER\AppData\Roaming\Firefox 2017-05-04 08:24:51 : [scan.folders] - Found C:\Users\USER\AppData\Local\Firefox 2017-05-04 08:24:51 : [scan.folders] - Found C:\Users\USER\AppData\Roaming\clean 2017-05-04 08:24:51 : [scan.folders] - Found C:\UPDATE\PSGO 2017-05-04 08:24:51 : [scan.folders] - Found C:\Users\USER\AppData\Local\SNARE 2017-05-04 08:24:51 : [scan.folders] - Found C:\Users\USER\AppData\Local\Kitty 2017-05-04 08:24:51 : [scan.folders] - Found C:\Windows\Update\psgo 2017-05-04 08:24:51 : [scan.folders] - Stopping folders scan 2017-05-04 08:24:51 : [scan.folders] - 81 malicious folders found 2017-05-04 08:24:51 : [scan] - Progress: 50% 2017-05-04 08:24:51 : [scan.files] - Starting files scan 2017-05-04 08:24:52 : [scan.files] - Found C:\Windows\SysNative\log\iSafeKrnlCall.log 2017-05-04 08:24:53 : [scan.files] - Found C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys 2017-05-04 08:24:53 : [scan.files] - Found C:\Windows\SysNative\drivers\iSafeNetFilter.sys 2017-05-04 08:24:53 : [scan.files] - Found C:\Windows\SysNative\drivers\TFsFltX64.sys 2017-05-04 08:24:53 : [scan.files] - Found C:\Windows\SysNative\drivers\TAOKernelEx64.sys 2017-05-04 08:24:53 : [scan.files] - Found C:\Users\Public\Desktop\YTD Video Downloader.lnk 2017-05-04 08:24:54 : [scan.files] - Found C:\Program Files (x86)\Common Files\SERVICES\ITHEMES.DLL 2017-05-04 08:24:54 : [scan.files] - Found C:\Program Files (x86)\settings.dat 2017-05-04 08:24:54 : [scan.files] - Found C:\Users\Public\Documents\cfg.ini 2017-05-04 08:24:54 : [scan.files] - Found C:\Users\Public\Documents\cc.ini 2017-05-04 08:24:54 : [scan.files] - Found C:\Users\Public\Documents\temp.dat 2017-05-04 08:24:54 : [scan.files] - Found C:\Users\Public\Documents\report.dat 2017-05-04 08:24:54 : [scan.files] - Found C:\Users\Public\Desktop\FLV Player.lnk 2017-05-04 08:24:54 : [scan.files] - Found C:\Users\USER\AppData\Local\AMD\amd.exe 2017-05-04 08:24:54 : [scan.files] - Stopping files scan 2017-05-04 08:24:54 : [scan.files] - 15 malicious files found 2017-05-04 08:24:54 : [scan] - Progress: 55% 2017-05-04 08:24:54 : [scan.dll] - Starting DLL scan 2017-05-04 08:24:55 : [scan.dll] - Stopping DLL scan 2017-05-04 08:24:55 : [scan.dll] - 0 malicious DLL found 2017-05-04 08:24:55 : [scan] - Progress: 60% 2017-05-04 08:24:55 : [scan.wmi] - Starting WMI scan 2017-05-04 08:24:55 : [scan.wmi] - Stopping WMI scan 2017-05-04 08:24:55 : [scan.wmi] - 0 malicious WMI found 2017-05-04 08:24:55 : [scan] - Progress: 65% 2017-05-04 08:24:55 : [scan.shortcuts] - Starting shortcuts scan 2017-05-04 08:24:56 : [scan.shortcuts] - Found C:\USERs\USER\Desktop\chrome.exe - Shortcut (2).lnk [http://www.ourluckysites.com/?type=sc&ts=1493101566&z=6cfc98e90f4a9d90c8b9b77gaz7t6c4gfeegbw5w0c&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT] 2017-05-04 08:24:56 : [scan.shortcuts] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [http://www.mylucky123.com/?type=sc&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT] 2017-05-04 08:24:56 : [scan.shortcuts] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\chrome.exe - Shortcut (2).lnk [http://www.ourluckysites.com/?type=sc&ts=1493101566&z=6cfc98e90f4a9d90c8b9b77gaz7t6c4gfeegbw5w0c&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT] 2017-05-04 08:24:56 : [scan.shortcuts] - Stopping shortcuts scan 2017-05-04 08:24:56 : [scan.shortcuts] - 3 malicious shortcuts found 2017-05-04 08:24:56 : [scan] - Progress: 70% 2017-05-04 08:24:56 : [scan.tasks] - Starting tasks scan 2017-05-04 08:24:56 : [scan.tasks] - Found Browser Updater Task(Core) 2017-05-04 08:24:56 : [scan.tasks] - Found Milimili 2017-05-04 08:24:56 : [scan.tasks] - Found RedjaneUpdateTaskMachineUA 2017-05-04 08:24:56 : [scan.tasks] - Found RedjaneUpdateTaskMachineCore 2017-05-04 08:24:57 : [scan.tasks] - Found Windows-PG 2017-05-04 08:24:57 : [scan.tasks] - Stopping tasks scan 2017-05-04 08:24:57 : [scan.tasks] - 6 malicious tasks found 2017-05-04 08:24:57 : [scan] - Progress: 75% 2017-05-04 08:24:57 : [scan.registry] - Starting registry scan [1] 2017-05-04 08:25:02 : [scan.registry] - Stopping registry scan [1] 2017-05-04 08:25:02 : [scan.registry] - Starting registry scan [2] 2017-05-04 08:25:04 : [scan.registry] - Found {51BEE30D-EEC8-4BA3-930B-298B8E759EB1} 2017-05-04 08:25:04 : [scan.registry] - Found 3045035B-3C14-4698-8AC4-ADB18CC42C1E 2017-05-04 08:25:04 : [scan.registry] - Found {70DE12EA-79F4-46BC-9812-86DB50A2FD64} 2017-05-04 08:25:05 : [scan.registry] - Found {03AE1B7B-A9E7-4D5A-9D34-89999C31B659} 2017-05-04 08:25:05 : [scan.registry] - Found {E7270EC6-0113-4A78-B610-E501D0A9E48E} 2017-05-04 08:25:05 : [scan.registry] - Found {357D32FC-F0AE-4B37-B36F-D44AA31496F5} 2017-05-04 08:25:05 : [scan.registry] - Found {80B3B43F-7508-4627-BE66-00FB9AE5EE72} 2017-05-04 08:25:05 : [scan.registry] - Found {5A83D7C9-4A14-4000-BC05-389268238753} 2017-05-04 08:25:06 : [scan.registry] - Found {29B6CFD5-0064-411A-8C42-9890C83F9921} 2017-05-04 08:25:17 : [scan.registry] - Stopping registry scan [2] 2017-05-04 08:25:17 : [scan.registry] - Starting registry scan [3] 2017-05-04 08:25:17 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-05-04 08:25:17 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-05-04 08:25:19 : [scan.registry] - Found PRODUCTSETUP 2017-05-04 08:25:19 : [scan.registry] - Found WajIEnhance 2017-05-04 08:25:19 : [scan.registry] - Found csastats 2017-05-04 08:25:19 : [scan.registry] - Found WinSnare 2017-05-04 08:25:20 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-05-04 08:25:20 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-05-04 08:25:21 : [scan.registry] - Found PRODUCTSETUP 2017-05-04 08:25:21 : [scan.registry] - Found WajIEnhance 2017-05-04 08:25:21 : [scan.registry] - Found csastats 2017-05-04 08:25:21 : [scan.registry] - Found WinSnare 2017-05-04 08:25:22 : [scan.registry] - Found hdcode 2017-05-04 08:25:22 : [scan.registry] - Found yessearchesSoftware 2017-05-04 08:25:22 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-05-04 08:25:22 : [scan.registry] - Found Social2Sear 2017-05-04 08:25:22 : [scan.registry] - Found {E6276374-DE18-4AA5-A365-9016A2F98A2D} 2017-05-04 08:25:22 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-05-04 08:25:22 : [scan.registry] - Found ScreenShot 2017-05-04 08:25:22 : [scan.registry] - Found WinZiper 2017-05-04 08:25:22 : [scan.registry] - Found WinSaberSvc 2017-05-04 08:25:22 : [scan.registry] - Found InterHop 2017-05-04 08:25:22 : [scan.registry] - Found WinArcher 2017-05-04 08:25:22 : [scan.registry] - Found amule-custom 2017-05-04 08:25:22 : [scan.registry] - Found mylucky123Software 2017-05-04 08:25:22 : [scan.registry] - Found UvConverter 2017-05-04 08:25:22 : [scan.registry] - Found UvConv 2017-05-04 08:25:22 : [scan.registry] - Found ourluckysitesSoftware 2017-05-04 08:25:22 : [scan.registry] - Found {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} 2017-05-04 08:25:22 : [scan.registry] - Found {A0275D4F-FFAB-4A42-9874-B871B1C4CA3D} 2017-05-04 08:25:22 : [scan.registry] - Found {19539992-061C-4E8B-9053-07B175303AF4} 2017-05-04 08:25:22 : [scan.registry] - Found Corner Sunshine 2017-05-04 08:25:23 : [scan.registry] - Found PRODUCTSETUP 2017-05-04 08:25:23 : [scan.registry] - Found WajIEnhance 2017-05-04 08:25:23 : [scan.registry] - Found csastats 2017-05-04 08:25:23 : [scan.registry] - Found WinSnare 2017-05-04 08:25:23 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-05-04 08:25:23 : [scan.registry] - Found Social2Sear 2017-05-04 08:25:23 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-05-04 08:25:23 : [scan.registry] - Found InterSect Alliance 2017-05-04 08:25:24 : [scan.registry] - Found Corner Sunshine 2017-05-04 08:25:24 : [scan.registry] - Stopping registry scan [3] 2017-05-04 08:25:24 : [scan] - Progress: 80% 2017-05-04 08:25:24 : [scan.registry] - Starting registry scan [4] 2017-05-04 08:25:24 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-05-04 08:25:24 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-05-04 08:25:24 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-05-04 08:25:24 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-05-04 08:25:24 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-05-04 08:25:24 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-05-04 08:25:24 : [scan.registry] - Found 29993591C160B8E40935701B5703A34F 2017-05-04 08:25:24 : [scan.registry] - Found B68CE107A2DED706DC47D6BC4BF3C4C1 2017-05-04 08:25:24 : [scan.registry] - Found 9C767D9D7BB3F9C4B839FF09B6C80DCF 2017-05-04 08:25:24 : [scan.registry] - Found 4EE2F0310EBEC29A0C48C035C43786AA 2017-05-04 08:25:24 : [scan.registry] - Found 4B2A47D6F1D42DD81A292C027724D291 2017-05-04 08:25:24 : [scan.registry] - Found 02C076B2283AB74D88D5E4D34BC497FF 2017-05-04 08:25:24 : [scan.registry] - Found 29993591C160B8E40935701B5703A34F 2017-05-04 08:25:24 : [scan.registry] - Found FFA0118CE95AE0D70F14E7E8A72452C8 2017-05-04 08:25:24 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-05-04 08:25:24 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-05-04 08:25:24 : [scan.registry] - Found 29993591C160B8E40935701B5703A34F 2017-05-04 08:25:24 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-05-04 08:25:24 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-05-04 08:25:24 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-05-04 08:25:24 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-05-04 08:25:24 : [scan.registry] - Stopping registry scan [4] 2017-05-04 08:25:24 : [scan.registry] - Starting registry scan [5] 2017-05-04 08:25:24 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Default_Search_URL http://www.mylucky123.com/search/?type=ds&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT&q={searchTerms} 2017-05-04 08:25:24 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Default_Page_URL http://www.mylucky123.com/?type=hp&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT 2017-05-04 08:25:24 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Start Page https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro 2017-05-04 08:25:24 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Search Page http://www.mylucky123.com/search/?type=ds&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT&q={searchTerms} 2017-05-04 08:25:24 : [scan.registry] - Stopping registry scan [5] 2017-05-04 08:25:24 : [scan] - Progress: 82% 2017-05-04 08:25:24 : [scan.registry] - Starting registry scan [6] 2017-05-04 08:25:24 : [scan.registry] - Stopping registry scan [6] 2017-05-04 08:25:24 : [scan.registry] - Starting registry scan [7] 2017-05-04 08:25:24 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-05-04 08:25:24 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-05-04 08:25:24 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-05-04 08:25:24 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-05-04 08:25:24 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-05-04 08:25:24 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-05-04 08:25:24 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-05-04 08:25:24 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-05-04 08:25:24 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-05-04 08:25:24 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-05-04 08:25:24 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ 2017-05-04 08:25:24 : [scan.registry] - Stopping registry scan [7] 2017-05-04 08:25:24 : [scan.registry] - Starting registry scan [8] 2017-05-04 08:25:24 : [scan.registry] - Stopping registry scan [8] 2017-05-04 08:25:24 : [scan] - Progress: 84% 2017-05-04 08:25:24 : [scan.registry] - Starting registry scan [9] 2017-05-04 08:25:24 : [scan.registry] - Found HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 2017-05-04 08:25:24 : [scan.registry] - Found HKLM64\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 2017-05-04 08:25:24 : [scan.registry] - Stopping registry scan [9] 2017-05-04 08:25:24 : [scan.registry] - Starting registry scan [10] 2017-05-04 08:25:24 : [scan.registry] - Stopping registry scan [10] 2017-05-04 08:25:24 : [scan.registry] - Starting registry scan [11] 2017-05-04 08:25:24 : [scan.registry] - Stopping registry scan [11] 2017-05-04 08:25:24 : [scan.registry] - Starting registry scan [12] 2017-05-04 08:25:24 : [scan.registry] - Stopping registry scan [12] 2017-05-04 08:25:24 : [scan.registry] - Starting registry scan [13] 2017-05-04 08:25:24 : [scan.registry] - Stopping registry scan [13] 2017-05-04 08:25:24 : [scan.registry] - Starting registry scan [14] 2017-05-04 08:25:24 : [scan.registry] - Stopping registry scan [14] 2017-05-04 08:25:24 : [scan.registry] - Starting registry scan [15] 2017-05-04 08:25:24 : [scan.registry] - Stopping registry scan [15] 2017-05-04 08:25:24 : [scan.registry] - Starting registry scan [16] 2017-05-04 08:25:25 : [scan.registry] - Stopping registry scan [16] 2017-05-04 08:25:25 : [scan.registry] - Starting registry scan [17] 2017-05-04 08:25:25 : [scan.registry] - Stopping registry scan [17] 2017-05-04 08:25:25 : [scan.registry] - Starting registry scan [18] 2017-05-04 08:25:25 : [scan.registry] - Found gplyra 2017-05-04 08:25:25 : [scan.registry] - Found gplyra 2017-05-04 08:25:25 : [scan.registry] - Found gplyra 2017-05-04 08:25:25 : [scan.registry] - Stopping registry scan [18] 2017-05-04 08:25:25 : [scan] - Progress: 86% 2017-05-04 08:25:25 : [scan.registry] - Starting registry scan [19] 2017-05-04 08:25:25 : [scan.registry] - Found HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE 2017-05-04 08:25:25 : [scan.registry] - Found HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper 2017-05-04 08:25:25 : [scan.registry] - Found HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper 2017-05-04 08:25:25 : [scan.registry] - Found HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper 2017-05-04 08:25:25 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP 2017-05-04 08:25:25 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP 2017-05-04 08:25:25 : [scan.registry] - Found HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-05-04 08:25:25 : [scan.registry] - Found HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-05-04 08:25:25 : [scan.registry] - Found HKEY_CLASSES_ROOT\.qmgc 2017-05-04 08:25:25 : [scan.registry] - Found HKLM\SOFTWARE\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E 2017-05-04 08:25:25 : [scan.registry] - Found HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-05-04 08:25:25 : [scan.registry] - Found HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-05-04 08:25:25 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost WinSAPSvc 2017-05-04 08:25:25 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost ArcherGroupEx 2017-05-04 08:25:25 : [scan.registry] - Found HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper 2017-05-04 08:25:25 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Services\Themes DependOnService 2017-05-04 08:25:25 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost GubedZLGroupEx 2017-05-04 08:25:25 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost GubZLGroEx 2017-05-04 08:25:25 : [scan.registry] - Found HKCU\SOFTWARE\Classes\ChromeHTML 2017-05-04 08:25:25 : [scan.registry] - Found HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML 2017-05-04 08:25:25 : [scan.registry] - Stopping registry scan [19] 2017-05-04 08:25:25 : [scan] - Progress: 88% 2017-05-04 08:25:25 : [scan.registry] - 123 malicious registry element found 2017-05-04 08:25:25 : [scan] - Progress: 90% 2017-05-04 08:25:25 : [main] - Firefox is installed: True 2017-05-04 08:25:25 : [scan.firefox] - Starting Firefox based browsers scan [1] 2017-05-04 08:25:27 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com] 2017-05-04 08:25:29 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com] 2017-05-04 08:25:31 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com] 2017-05-04 08:25:32 : [scan.firefox] - Stopping Firefox based browsers scan [1] 2017-05-04 08:25:32 : [scan.firefox] - Starting Firefox based browsers scan [2] 2017-05-04 08:25:32 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\nice.xml 2017-05-04 08:25:32 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\mylucky123.xml 2017-05-04 08:25:32 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\yahoo! powered search.xml 2017-05-04 08:25:32 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\amisites.xml 2017-05-04 08:25:32 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\startpageing123.xml 2017-05-04 08:25:32 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\luck.xml 2017-05-04 08:25:32 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\ourluckysites.xml 2017-05-04 08:25:32 : [scan.firefox] - Stopping Firefox based browsers scan [2] 2017-05-04 08:25:32 : [scan] - Progress: 92% 2017-05-04 08:25:32 : [scan.firefox] - Starting Firefox based browsers scan [3] 2017-05-04 08:25:32 : [scan.firefox] - Reading C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\prefs.js 2017-05-04 08:25:32 : [scan.firefox] - Found "browser.search.searchengine.url" - "http://www.luckysearch123.com/search.php?type=ds&ts=1489036179&from=5fdc0308&uid=toshibaxmq01abd100_35ilpkumtxx35ilpkumt&z=089d55749609940b66ce91dgfz3b3t8eac6qegfqam&q={searchTerms}" 2017-05-04 08:25:32 : [scan.firefox] - Found "browser.search.searchengine.iconURL" - "http://www.luckysearch123.com/favicon.ico?t=1" 2017-05-04 08:25:32 : [scan.firefox] - Reading C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\user.js 2017-05-04 08:25:32 : [scan.firefox] - No profile to scan, skipping 2017-05-04 08:25:32 : [scan.firefox] - No profile to scan, skipping 2017-05-04 08:25:32 : [scan.firefox] - No profile to scan, skipping 2017-05-04 08:25:32 : [scan] - Progress: 94% 2017-05-04 08:25:32 : [scan.firefox] - Stopping Firefox based browsers scan [3] 2017-05-04 08:25:32 : [scan.firefox] - 2 malicious Firefox preferences found 2017-05-04 08:25:32 : [scan] - Progress: 95% 2017-05-04 08:25:32 : [main] - Chrome is installed: True 2017-05-04 08:25:32 : [scan.chromium] - Starting Chromium based browsers scan [1] 2017-05-04 08:25:34 : [scan.chromium] - Found HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-05-04 08:25:34 : [scan.chromium] - Found HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-05-04 08:25:34 : [scan.chromium] - Found HKCU64\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-05-04 08:25:34 : [scan.chromium] - Found HKLM64\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-05-04 08:25:34 : [scan.chromium] - Stopping Chromium based browsers scan [1] 2017-05-04 08:25:34 : [scan] - Progress: 97% 2017-05-04 08:25:34 : [scan.chromium] - Starting Chromium based browsers scan [2] 2017-05-04 08:25:34 : [scan.chromium] - No profile to scan, skipping 2017-05-04 08:25:34 : [scan.chromium] - Opening C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Data 2017-05-04 08:25:34 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] uk.ask.com 2017-05-04 08:25:34 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] yessearches 2017-05-04 08:25:34 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] mylucky123 2017-05-04 08:25:34 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] nice 2017-05-04 08:25:34 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] ourluckysites 2017-05-04 08:25:34 : [scan.chromium] - Closing C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Data 2017-05-04 08:25:34 : [scan.chromium] - Opening C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences 2017-05-04 08:25:36 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [startup_urls] http://www.nicesearches.com?type=hp&ts=1478740517&from=ead80003&uid=toshibaxmq01abd100_35ilpkumtxx35ilpkumt&z=4bfed39884d9632aea37899gcz0m0b7mez5edw5gaz 2017-05-04 08:25:36 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [favicon_url] http://www.mylucky123.com/searchfavicon.ico 2017-05-04 08:25:36 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [Extensions] pilplloabdedfmialnfchjomjmpjcoej 2017-05-04 08:25:36 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [Homepage] http://www.nicesearches.com?type=hp&ts=1478740517&from=ead80003&uid=toshibaxmq01abd100_35ilpkumtxx35ilpkumt&z=4bfed39884d9632aea37899gcz0m0b7mez5edw5gaz 2017-05-04 08:25:36 : [scan.chromium] - No profile to scan, skipping 2017-05-04 08:25:36 : [scan.chromium] - No profile to scan, skipping 2017-05-04 08:25:36 : [scan.chromium] - No profile to scan, skipping 2017-05-04 08:25:36 : [scan.chromium] - No profile to scan, skipping 2017-05-04 08:25:36 : [scan.chromium] - No profile to scan, skipping 2017-05-04 08:25:36 : [scan.chromium] - Stopping Chromium based browsers scan [2] 2017-05-04 08:25:36 : [scan] - Progress: 99% 2017-05-04 08:25:36 : [scan.chromium] - Starting Chromium based browsers scan [3] 2017-05-04 08:25:36 : [scan.chromium] - Stopping Chromium based browsers scan [3] 2017-05-04 08:25:36 : [scan.chromium] - 9 malicious Chromium preferences elements found 2017-05-04 08:25:36 : [scan] - Progress: 100% 2017-05-04 08:25:36 : [scan] - Stopping scan 2017-05-04 08:26:12 : [main.gui] - Clean requested 2017-05-04 08:26:17 : [main.gui] - Killing all processes 2017-05-04 08:26:17 : [main] - Killing [System Process](0) 2017-05-04 08:26:17 : [main] - Killing System(4) 2017-05-04 08:26:17 : [main] - smss.exe - (4) not killed - whitelisted 2017-05-04 08:26:17 : [main] - csrss.exe - (4) not killed - whitelisted 2017-05-04 08:26:17 : [main] - wininit.exe - (4) not killed - whitelisted 2017-05-04 08:26:17 : [main] - csrss.exe - (4) not killed - whitelisted 2017-05-04 08:26:17 : [main] - winlogon.exe - (4) not killed - whitelisted 2017-05-04 08:26:17 : [main] - services.exe - (4) not killed - whitelisted 2017-05-04 08:26:17 : [main] - lsass.exe - (4) not killed - whitelisted 2017-05-04 08:26:17 : [main] - svchost.exe - (4) not killed - whitelisted 2017-05-04 08:26:17 : [main] - svchost.exe - (4) not killed - whitelisted 2017-05-04 08:26:17 : [main] - Killing nvvsvc.exe(344) 2017-05-04 08:26:17 : [main] - dwm.exe - (344) not killed - whitelisted 2017-05-04 08:26:17 : [main] - Killing nvxdsync.exe(604) 2017-05-04 08:26:17 : [main] - Killing nvvsvc.exe(624) 2017-05-04 08:26:17 : [main] - svchost.exe - (624) not killed - whitelisted 2017-05-04 08:26:17 : [main] - svchost.exe - (624) not killed - whitelisted 2017-05-04 08:26:17 : [main] - svchost.exe - (624) not killed - whitelisted 2017-05-04 08:26:17 : [main] - Killing igfxCUIService.exe(1088) 2017-05-04 08:26:17 : [main] - svchost.exe - (1088) not killed - whitelisted 2017-05-04 08:26:17 : [main] - svchost.exe - (1088) not killed - whitelisted 2017-05-04 08:26:17 : [main] - Killing AvastSvc.exe(1384) 2017-05-04 08:26:17 : [main] - explorer.exe - (1384) not killed - whitelisted 2017-05-04 08:26:17 : [main] - Killing spoolsv.exe(1684) 2017-05-04 08:26:17 : [main] - Killing SMΔRTP.exe(1712) 2017-05-04 08:26:17 : [main] - Killing taskhostex.exe(1760) 2017-05-04 08:26:17 : [main] - svchost.exe - (1760) not killed - whitelisted 2017-05-04 08:26:17 : [main] - Killing afwServ.exe(1892) 2017-05-04 08:26:17 : [main] - Killing lmgrd.exe(1080) 2017-05-04 08:26:17 : [main] - conhost.exe - (1080) not killed - whitelisted 2017-05-04 08:26:17 : [main] - svchost.exe - (1080) not killed - whitelisted 2017-05-04 08:26:17 : [main] - dasHost.exe - (1080) not killed - whitelisted 2017-05-04 08:26:17 : [main] - Killing DptfPolicyConfigTDPService.exe(1456) 2017-05-04 08:26:17 : [main] - Killing lmgrd.exe(1744) 2017-05-04 08:26:17 : [main] - Killing DptfPolicyLpmService.exe(1824) 2017-05-04 08:26:17 : [main] - Killing esif_uf.exe(1508) 2017-05-04 08:26:17 : [main] - Killing ARCGIS.exe(0) 2017-05-04 08:26:17 : [main] - Killing HPSIsvc.exe(1308) 2017-05-04 08:26:17 : [main] - Killing NitroPDFDriverService8x64.exe(2072) 2017-05-04 08:26:17 : [main] - Killing NLSSRV32.EXE(2236) 2017-05-04 08:26:17 : [main] - Killing NvNetworkService.exe(2256) 2017-05-04 08:26:17 : [main] - Killing creator-ws.exe(2308) 2017-05-04 08:26:17 : [main] - Killing Architect Manager.exe(2404) 2017-05-04 08:26:17 : [main] - Killing PnkBstrA.exe(2444) 2017-05-04 08:26:18 : [main] - svchost.exe - (2444) not killed - whitelisted 2017-05-04 08:26:18 : [main] - svchost.exe - (2444) not killed - whitelisted 2017-05-04 08:26:18 : [main] - Killing TunMirror.exe(3172) 2017-05-04 08:26:18 : [main] - WmiPrvSE.exe - (3172) not killed - whitelisted 2017-05-04 08:26:18 : [main] - Killing AsusTPLoader.exe(3664) 2017-05-04 08:26:18 : [main] - svchost.exe - (3664) not killed - whitelisted 2017-05-04 08:26:18 : [main] - Killing aswidsagenta.exe(3844) 2017-05-04 08:26:18 : [main] - Killing FNPLicensingService.exe(3244) 2017-05-04 08:26:18 : [main] - Killing RAVCpl64.exe(3604) 2017-05-04 08:26:18 : [main] - Killing PresentationFontCache.exe(4196) 2017-05-04 08:26:18 : [main] - svchost.exe - (4196) not killed - whitelisted 2017-05-04 08:26:18 : [main] - Killing SearchIndexer.exe(4636) 2017-05-04 08:26:18 : [main] - Killing DptfPolicyLpmServiceHelper.exe(4060) 2017-05-04 08:26:18 : [main] - Killing CCleaner64.exe(4572) 2017-05-04 08:26:18 : [main] - Killing AvastUI.exe(5488) 2017-05-04 08:26:18 : [main] - Killing GoogleCrashHandler.exe(3228) 2017-05-04 08:26:18 : [main] - Killing GoogleCrashHandler64.exe(808) 2017-05-04 08:26:18 : [main] - Killing SmadavProtect64.exe(5704) 2017-05-04 08:26:18 : [main] - Killing jhi_service.exe(3672) 2017-05-04 08:26:18 : [main] - LMS.exe - (3672) not killed - whitelisted 2017-05-04 08:26:18 : [main] - Killing CompatTelRunner.exe(816) 2017-05-04 08:26:18 : [main] - conhost.exe - (816) not killed - whitelisted 2017-05-04 08:26:18 : [main] - Killing CompatTelRunner.exe(5832) 2017-05-04 08:26:18 : [main] - svchost.exe - (5832) not killed - whitelisted 2017-05-04 08:26:18 : [main] - Killing taskeng.exe(3980) 2017-05-04 08:26:18 : [main] - adwcleaner_6.046.exe - (3980) not killed - whitelisted 2017-05-04 08:26:18 : [main] - Killing esif_assist.exe(5444) 2017-05-04 08:26:18 : [main] - Killing audiodg.exe(900) 2017-05-04 08:26:19 : [quarantine] - Quarantine database successfully opened 2017-05-04 08:26:19 : [clean] - Progress: 0% 2017-05-04 08:26:19 : [clean.services] - Starting services clean 2017-05-04 08:26:19 : [clean.services] - Stopping services clean 2017-05-04 08:26:19 : [clean] - Progress: 10% 2017-05-04 08:26:19 : [clean.folders] - Starting folders clean 2017-05-04 08:35:31 : INFO [main] - >>>> STARTING <<<< 2017-05-04 08:35:31 : INFO [main] - Version: 6.046 2017-05-04 08:35:31 : INFO [main] - RAM Usage: 50 2017-05-04 08:35:31 : INFO [main] - OS: WIN_81 X64 2017-05-04 08:35:31 : [main.language] - Checking the language 2017-05-04 08:35:31 : [main.language] - Language found: en 2017-05-04 08:35:31 : [main.network] - Checking the network connectivity 2017-05-04 08:35:31 : [main.network] - Network connectivity status: True 2017-05-04 08:35:31 : [main.eula] - Checking for EULA agreement 2017-05-04 08:35:31 : [main.network] - Check for updates 2017-05-04 08:35:31 : [main.network] - Requesting the last release number 2017-05-04 08:35:36 : [main.network] - The current version is up-to-date 2017-05-04 08:35:36 : [main.gui] - GUI setup 2017-05-04 08:35:36 : [main.gui] - Languages setup 2017-05-04 08:35:36 : [main] - Chrome is installed: True 2017-05-04 08:35:36 : [main] - Firefox is installed: True 2017-05-04 08:35:36 : [main.gui] - Showing the gui 2017-05-04 08:35:48 : [main.gui] - Deleting temporary files before exiting 2017-05-04 08:35:48 : [main.gui] - >>>> EXITING <<<< 2017-05-04 08:40:36 : INFO [main] - >>>> STARTING <<<< 2017-05-04 08:40:36 : INFO [main] - Version: 6.046 2017-05-04 08:40:36 : INFO [main] - RAM Usage: 52 2017-05-04 08:40:36 : INFO [main] - OS: WIN_81 X64 2017-05-04 08:40:36 : [main.language] - Checking the language 2017-05-04 08:40:36 : [main.language] - Language found: en 2017-05-04 08:40:36 : [main.network] - Checking the network connectivity 2017-05-04 08:40:36 : [main.network] - Network connectivity status: True 2017-05-04 08:40:36 : [main.eula] - Checking for EULA agreement 2017-05-04 08:40:36 : [main.network] - Check for updates 2017-05-04 08:40:36 : [main.network] - Requesting the last release number 2017-05-04 08:40:38 : [main.network] - The current version is up-to-date 2017-05-04 08:40:38 : [main.gui] - GUI setup 2017-05-04 08:40:38 : [main.gui] - Languages setup 2017-05-04 08:40:38 : [main] - Chrome is installed: True 2017-05-04 08:40:38 : [main] - Firefox is installed: True 2017-05-04 08:40:38 : [main.gui] - Showing the gui 2017-05-04 08:40:42 : [main.gui] - Showing Options window 2017-05-04 08:40:46 : [main] - Saving current options to the configuration file 2017-05-04 08:40:48 : [main.gui] - Scan requested 2017-05-04 08:40:48 : [scan] - Running from: C:\AdwCleaner 2017-05-04 08:40:48 : [scan] - Progress: 0% 2017-05-04 08:40:48 : [database] - Using local database 2017-05-04 08:40:48 : [scan] - Progress: 5% 2017-05-04 08:40:48 : [database] - Initialize the database 2017-05-04 08:40:48 : [database] - Loading sqlite3.dll 2017-05-04 08:40:48 : [database] - Opening the database 2017-05-04 08:40:48 : [database] - Querying database's version 2017-05-04 08:40:48 : [database] - Loading internal data 2017-05-04 08:40:48 : [database] - Loading detections 2017-05-04 08:40:51 : [database] - Loading generics 2017-05-04 08:40:51 : [database] - Closing the database 2017-05-04 08:40:51 : [database] - Closing database 2017-05-04 08:40:51 : [database] - Unloading sqlite3.dll 2017-05-04 08:40:51 : [scan] - Progress: 15% 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [1] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [2] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [3] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [4] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [5] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [6] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [7] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [8] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [9] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [10] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [11] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [12] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [13] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [14] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [15] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [16] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [17] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [18] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [19] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [20] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [21] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [22] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [23] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [24] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [25] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [26] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [27] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [28] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [29] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [30] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [31] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [32] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [33] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [34] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [35] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [36] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [37] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [38] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [39] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [40] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [41] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [42] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [43] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [44] 2017-05-04 08:40:51 : [scan.generic] - Generating generic detections [45] 2017-05-04 08:40:51 : [scan.generic] - Generic detections generated 2017-05-04 08:40:51 : [scan] - Progress: 20% 2017-05-04 08:40:51 : [scan.generic] - Starting generic analysis 2017-05-04 08:40:53 : [scan.generic] - Found e2903e0f6f7551838556f4481716e1e5.sys 2017-05-04 08:40:54 : [scan.generic] - Found Browser Updater Task(Core) 2017-05-04 08:40:54 : [scan] - Progress: 30% 2017-05-04 08:40:54 : [scan.services] - Starting services scan [1] 2017-05-04 08:40:54 : [scan.registry] - Found winzipersvc 2017-05-04 08:40:54 : [scan.registry] - Found winzipersvc 2017-05-04 08:40:54 : [scan.registry] - Found qkseeService 2017-05-04 08:40:54 : [scan.registry] - Found qkseeService 2017-05-04 08:40:54 : [scan.registry] - Found ByteFenceService 2017-05-04 08:40:54 : [scan.registry] - Found ByteFenceService 2017-05-04 08:40:54 : [scan.registry] - Found WinSnare 2017-05-04 08:40:54 : [scan.registry] - Found WinSnare 2017-05-04 08:40:54 : [scan.registry] - Found SNARER 2017-05-04 08:40:54 : [scan.registry] - Found SNARER 2017-05-04 08:40:54 : [scan.registry] - Found SNARE 2017-05-04 08:40:54 : [scan.registry] - Found SNARE 2017-05-04 08:40:54 : [scan.services] - Stopping services scan [1] 2017-05-04 08:40:54 : [scan.services] - Starting services scan [2] 2017-05-04 08:40:55 : [scan.services] - Found SNARE 2017-05-04 08:40:55 : [scan.services] - Stopping services scan [2] 2017-05-04 08:40:55 : [scan.services] - 1 malicious services found 2017-05-04 08:40:55 : [scan] - Progress: 40% 2017-05-04 08:40:55 : [scan.folders] - Starting folders scan 2017-05-04 08:40:57 : [scan.folders] - Found C:\USERs\USER\AppData\Local\Coldmay 2017-05-04 08:40:57 : [scan.folders] - Found C:\USERs\USER\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD} 2017-05-04 08:40:57 : [scan.folders] - Found C:\USERs\USER\AppData\Local\SNARER 2017-05-04 08:41:00 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\cpuminer 2017-05-04 08:41:01 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\ImageCropResize 2017-05-04 08:41:01 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\WinZiper 2017-05-04 08:41:01 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\gplyra 2017-05-04 08:41:01 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Tencent 2017-05-04 08:41:01 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\WinSAPSvc 2017-05-04 08:41:01 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\WinSnare 2017-05-04 08:41:01 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Kyubey 2017-05-04 08:41:04 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YSPackage 2017-05-04 08:41:04 : [scan.folders] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2017-05-04 08:41:06 : [scan.folders] - Found C:\Program Files\ByteFence 2017-05-04 08:41:06 : [scan.folders] - Found C:\Program Files\Plumbytes Software 2017-05-04 08:41:06 : [scan.folders] - Found C:\Program Files\Common Files\Tencent 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\TXQMPC 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\QQBrowser 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\Tencent 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\ChelfNotify 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\Allhair 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\ytd video downloader 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\WinSAPSvc 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\BaofengUpdate_U 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\Redjane 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\chelfnotify 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\gjcfj 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\jcfjc 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\Application Data\TXQMPC 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\Application Data\QQBrowser 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\Application Data\Tencent 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\Application Data\ChelfNotify 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\Application Data\Allhair 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\Application Data\ytd video downloader 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\Application Data\WinSAPSvc 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\Application Data\BaofengUpdate_U 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\Application Data\Redjane 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\Application Data\chelfnotify 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\Application Data\gjcfj 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\Application Data\jcfjc 2017-05-04 08:41:09 : [scan.folders] - Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sear 2017-05-04 08:41:10 : [scan.folders] - Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\GreenTree Applications 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\WinZipper 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\TData 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\CleanBrowser 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\QQBrowser 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\HomePageDefender 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\yesbnd 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\TXQQBrowser 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\Tencent 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\WinSaber 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\winsaber 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\Allhair 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\InterHop 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\WinArcher 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\UvConverter 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\winarcher 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\Gubed 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\Gub 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\BikaQRssReader 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\Skusenzecult 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\bilibili 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\BikaQRss 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\Coldmay 2017-05-04 08:41:11 : [scan.folders] - Found C:\Program Files (x86)\Common Files\Tencent 2017-05-04 08:41:13 : [scan.folders] - Found C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent 2017-05-04 08:41:13 : [scan.folders] - Found C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\aMule 2017-05-04 08:41:14 : [scan.folders] - Found C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC 2017-05-04 08:41:15 : [scan.folders] - Found C:\Users\Public\Documents\dmp 2017-05-04 08:41:15 : [scan.folders] - Found C:\Program Files (x86)\Firefox 2017-05-04 08:41:15 : [scan.folders] - Found C:\ProgramData\WinTools 2017-05-04 08:41:15 : [scan.folders] - Found C:\Users\USER\AppData\Roaming\WinSnare 2017-05-04 08:41:15 : [scan.folders] - Found C:\Program Files (x86)\reports 2017-05-04 08:41:15 : [scan.folders] - Found C:\Users\USER\AppData\Roaming\Firefox 2017-05-04 08:41:15 : [scan.folders] - Found C:\Users\USER\AppData\Local\Firefox 2017-05-04 08:41:15 : [scan.folders] - Found C:\Users\USER\AppData\Roaming\clean 2017-05-04 08:41:15 : [scan.folders] - Found C:\UPDATE\PSGO 2017-05-04 08:41:15 : [scan.folders] - Found C:\Users\USER\AppData\Local\SNARE 2017-05-04 08:41:15 : [scan.folders] - Found C:\Users\USER\AppData\Local\Kitty 2017-05-04 08:41:15 : [scan.folders] - Found C:\Windows\Update\psgo 2017-05-04 08:41:15 : [scan.folders] - Stopping folders scan 2017-05-04 08:41:15 : [scan.folders] - 81 malicious folders found 2017-05-04 08:41:15 : [scan] - Progress: 50% 2017-05-04 08:41:15 : [scan.files] - Starting files scan 2017-05-04 08:41:16 : [scan.files] - Found C:\Windows\SysNative\log\iSafeKrnlCall.log 2017-05-04 08:41:17 : [scan.files] - Found C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys 2017-05-04 08:41:17 : [scan.files] - Found C:\Windows\SysNative\drivers\iSafeNetFilter.sys 2017-05-04 08:41:17 : [scan.files] - Found C:\Windows\SysNative\drivers\TFsFltX64.sys 2017-05-04 08:41:17 : [scan.files] - Found C:\Windows\SysNative\drivers\TAOKernelEx64.sys 2017-05-04 08:41:17 : [scan.files] - Found C:\Users\Public\Desktop\YTD Video Downloader.lnk 2017-05-04 08:41:18 : [scan.files] - Found C:\Program Files (x86)\Common Files\SERVICES\ITHEMES.DLL 2017-05-04 08:41:18 : [scan.files] - Found C:\Program Files (x86)\settings.dat 2017-05-04 08:41:18 : [scan.files] - Found C:\Users\Public\Documents\cfg.ini 2017-05-04 08:41:18 : [scan.files] - Found C:\Users\Public\Documents\cc.ini 2017-05-04 08:41:18 : [scan.files] - Found C:\Users\Public\Documents\temp.dat 2017-05-04 08:41:18 : [scan.files] - Found C:\Users\Public\Documents\report.dat 2017-05-04 08:41:18 : [scan.files] - Found C:\Users\Public\Desktop\FLV Player.lnk 2017-05-04 08:41:18 : [scan.files] - Found C:\Users\USER\AppData\Local\AMD\amd.exe 2017-05-04 08:41:18 : [scan.files] - Stopping files scan 2017-05-04 08:41:18 : [scan.files] - 15 malicious files found 2017-05-04 08:41:18 : [scan] - Progress: 55% 2017-05-04 08:41:18 : [scan.dll] - Starting DLL scan 2017-05-04 08:41:19 : [scan.dll] - Stopping DLL scan 2017-05-04 08:41:19 : [scan.dll] - 0 malicious DLL found 2017-05-04 08:41:19 : [scan] - Progress: 60% 2017-05-04 08:41:19 : [scan.wmi] - Starting WMI scan 2017-05-04 08:41:19 : [scan.wmi] - Stopping WMI scan 2017-05-04 08:41:19 : [scan.wmi] - 0 malicious WMI found 2017-05-04 08:41:19 : [scan] - Progress: 65% 2017-05-04 08:41:19 : [scan.shortcuts] - Starting shortcuts scan 2017-05-04 08:41:19 : [scan.shortcuts] - Found C:\USERs\USER\Desktop\chrome.exe - Shortcut (2).lnk [http://www.ourluckysites.com/?type=sc&ts=1493101566&z=6cfc98e90f4a9d90c8b9b77gaz7t6c4gfeegbw5w0c&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT] 2017-05-04 08:41:19 : [scan.shortcuts] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [http://www.mylucky123.com/?type=sc&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT] 2017-05-04 08:41:19 : [scan.shortcuts] - Found C:\USERs\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\chrome.exe - Shortcut (2).lnk [http://www.ourluckysites.com/?type=sc&ts=1493101566&z=6cfc98e90f4a9d90c8b9b77gaz7t6c4gfeegbw5w0c&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT] 2017-05-04 08:41:19 : [scan.shortcuts] - Stopping shortcuts scan 2017-05-04 08:41:19 : [scan.shortcuts] - 3 malicious shortcuts found 2017-05-04 08:41:19 : [scan] - Progress: 70% 2017-05-04 08:41:19 : [scan.tasks] - Starting tasks scan 2017-05-04 08:41:20 : [scan.tasks] - Found Browser Updater Task(Core) 2017-05-04 08:41:20 : [scan.tasks] - Found Milimili 2017-05-04 08:41:20 : [scan.tasks] - Found RedjaneUpdateTaskMachineUA 2017-05-04 08:41:20 : [scan.tasks] - Found RedjaneUpdateTaskMachineCore 2017-05-04 08:41:20 : [scan.tasks] - Found Windows-PG 2017-05-04 08:41:20 : [scan.tasks] - Stopping tasks scan 2017-05-04 08:41:20 : [scan.tasks] - 6 malicious tasks found 2017-05-04 08:41:20 : [scan] - Progress: 75% 2017-05-04 08:41:20 : [scan.registry] - Starting registry scan [1] 2017-05-04 08:41:25 : [scan.registry] - Stopping registry scan [1] 2017-05-04 08:41:25 : [scan.registry] - Starting registry scan [2] 2017-05-04 08:41:27 : [scan.registry] - Found {51BEE30D-EEC8-4BA3-930B-298B8E759EB1} 2017-05-04 08:41:27 : [scan.registry] - Found 3045035B-3C14-4698-8AC4-ADB18CC42C1E 2017-05-04 08:41:28 : [scan.registry] - Found {70DE12EA-79F4-46BC-9812-86DB50A2FD64} 2017-05-04 08:41:28 : [scan.registry] - Found {03AE1B7B-A9E7-4D5A-9D34-89999C31B659} 2017-05-04 08:41:28 : [scan.registry] - Found {E7270EC6-0113-4A78-B610-E501D0A9E48E} 2017-05-04 08:41:28 : [scan.registry] - Found {357D32FC-F0AE-4B37-B36F-D44AA31496F5} 2017-05-04 08:41:28 : [scan.registry] - Found {80B3B43F-7508-4627-BE66-00FB9AE5EE72} 2017-05-04 08:41:29 : [scan.registry] - Found {5A83D7C9-4A14-4000-BC05-389268238753} 2017-05-04 08:41:30 : [scan.registry] - Found {29B6CFD5-0064-411A-8C42-9890C83F9921} 2017-05-04 08:41:39 : [scan.registry] - Stopping registry scan [2] 2017-05-04 08:41:39 : [scan.registry] - Starting registry scan [3] 2017-05-04 08:41:39 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-05-04 08:41:39 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-05-04 08:41:41 : [scan.registry] - Found PRODUCTSETUP 2017-05-04 08:41:41 : [scan.registry] - Found WajIEnhance 2017-05-04 08:41:41 : [scan.registry] - Found csastats 2017-05-04 08:41:41 : [scan.registry] - Found WinSnare 2017-05-04 08:41:42 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-05-04 08:41:42 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-05-04 08:41:43 : [scan.registry] - Found PRODUCTSETUP 2017-05-04 08:41:43 : [scan.registry] - Found WajIEnhance 2017-05-04 08:41:43 : [scan.registry] - Found csastats 2017-05-04 08:41:43 : [scan.registry] - Found WinSnare 2017-05-04 08:41:43 : [scan.registry] - Found hdcode 2017-05-04 08:41:43 : [scan.registry] - Found yessearchesSoftware 2017-05-04 08:41:43 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-05-04 08:41:43 : [scan.registry] - Found Social2Sear 2017-05-04 08:41:43 : [scan.registry] - Found {E6276374-DE18-4AA5-A365-9016A2F98A2D} 2017-05-04 08:41:43 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-05-04 08:41:43 : [scan.registry] - Found ScreenShot 2017-05-04 08:41:43 : [scan.registry] - Found WinZiper 2017-05-04 08:41:43 : [scan.registry] - Found WinSaberSvc 2017-05-04 08:41:43 : [scan.registry] - Found InterHop 2017-05-04 08:41:43 : [scan.registry] - Found WinArcher 2017-05-04 08:41:43 : [scan.registry] - Found amule-custom 2017-05-04 08:41:43 : [scan.registry] - Found mylucky123Software 2017-05-04 08:41:43 : [scan.registry] - Found UvConverter 2017-05-04 08:41:43 : [scan.registry] - Found UvConv 2017-05-04 08:41:43 : [scan.registry] - Found ourluckysitesSoftware 2017-05-04 08:41:44 : [scan.registry] - Found {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} 2017-05-04 08:41:44 : [scan.registry] - Found {A0275D4F-FFAB-4A42-9874-B871B1C4CA3D} 2017-05-04 08:41:44 : [scan.registry] - Found {19539992-061C-4E8B-9053-07B175303AF4} 2017-05-04 08:41:44 : [scan.registry] - Found Corner Sunshine 2017-05-04 08:41:44 : [scan.registry] - Found PRODUCTSETUP 2017-05-04 08:41:44 : [scan.registry] - Found WajIEnhance 2017-05-04 08:41:44 : [scan.registry] - Found csastats 2017-05-04 08:41:44 : [scan.registry] - Found WinSnare 2017-05-04 08:41:45 : [scan.registry] - Found {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} 2017-05-04 08:41:45 : [scan.registry] - Found Social2Sear 2017-05-04 08:41:45 : [scan.registry] - Found {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} 2017-05-04 08:41:45 : [scan.registry] - Found InterSect Alliance 2017-05-04 08:41:45 : [scan.registry] - Found Corner Sunshine 2017-05-04 08:41:45 : [scan.registry] - Stopping registry scan [3] 2017-05-04 08:41:45 : [scan] - Progress: 80% 2017-05-04 08:41:45 : [scan.registry] - Starting registry scan [4] 2017-05-04 08:41:46 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-05-04 08:41:46 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-05-04 08:41:46 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-05-04 08:41:46 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-05-04 08:41:46 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-05-04 08:41:46 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-05-04 08:41:46 : [scan.registry] - Found 29993591C160B8E40935701B5703A34F 2017-05-04 08:41:46 : [scan.registry] - Found B68CE107A2DED706DC47D6BC4BF3C4C1 2017-05-04 08:41:46 : [scan.registry] - Found 9C767D9D7BB3F9C4B839FF09B6C80DCF 2017-05-04 08:41:46 : [scan.registry] - Found 4EE2F0310EBEC29A0C48C035C43786AA 2017-05-04 08:41:46 : [scan.registry] - Found 4B2A47D6F1D42DD81A292C027724D291 2017-05-04 08:41:46 : [scan.registry] - Found 02C076B2283AB74D88D5E4D34BC497FF 2017-05-04 08:41:46 : [scan.registry] - Found 29993591C160B8E40935701B5703A34F 2017-05-04 08:41:46 : [scan.registry] - Found FFA0118CE95AE0D70F14E7E8A72452C8 2017-05-04 08:41:46 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-05-04 08:41:46 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-05-04 08:41:46 : [scan.registry] - Found 29993591C160B8E40935701B5703A34F 2017-05-04 08:41:46 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-05-04 08:41:46 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-05-04 08:41:46 : [scan.registry] - Found F4D5720ABAFF24A489478B171B4CACD3 2017-05-04 08:41:46 : [scan.registry] - Found F39E5917C417B4041A46F88010121C6E 2017-05-04 08:41:46 : [scan.registry] - Stopping registry scan [4] 2017-05-04 08:41:46 : [scan.registry] - Starting registry scan [5] 2017-05-04 08:41:46 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Default_Search_URL http://www.mylucky123.com/search/?type=ds&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT&q={searchTerms} 2017-05-04 08:41:46 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Default_Page_URL http://www.mylucky123.com/?type=hp&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT 2017-05-04 08:41:46 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Start Page https://id.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mnsprg_17_17¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Did%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztD0AyDzzzyyCtB0BtAyCyDtA0BtB0EtN0D0Tzu0StCzyyEtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StBtC0BtA0D0A0EyDtGtC0AzzyCtGtDtDtDyCtGyEzz0EtAtGzyzz0C0DtDtC0BtDyByCtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtCyE0F0AyByEtG0AzztAtAtGyEyCtAzytG0B0F0B0FtGzzyC0Dzz0Ezz0DtDtDtC0EyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCyBzz%26cr%3D343033546%26a%3Dwbf_mnsprg_17_17%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro 2017-05-04 08:41:46 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main Search Page http://www.mylucky123.com/search/?type=ds&ts=1475034319&z=8568bfa6b1e9df250b2df47g3z7mdw8e0cfzac0gao&from=che0812&uid=TOSHIBAXMQ01ABD100_35ILPKUMTXX35ILPKUMT&q={searchTerms} 2017-05-04 08:41:46 : [scan.registry] - Stopping registry scan [5] 2017-05-04 08:41:46 : [scan] - Progress: 82% 2017-05-04 08:41:46 : [scan.registry] - Starting registry scan [6] 2017-05-04 08:41:46 : [scan.registry] - Stopping registry scan [6] 2017-05-04 08:41:46 : [scan.registry] - Starting registry scan [7] 2017-05-04 08:41:46 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-05-04 08:41:46 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-05-04 08:41:46 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-05-04 08:41:46 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-05-04 08:41:46 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-05-04 08:41:46 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-05-04 08:41:46 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-05-04 08:41:46 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-05-04 08:41:46 : [scan.registry] - Found {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} 2017-05-04 08:41:46 : [scan.registry] - Found {33BB0A4E-99AF-4226-BDF6-49120163DE86} 2017-05-04 08:41:46 : [scan.registry] - Found HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ 2017-05-04 08:41:46 : [scan.registry] - Stopping registry scan [7] 2017-05-04 08:41:46 : [scan.registry] - Starting registry scan [8] 2017-05-04 08:41:46 : [scan.registry] - Stopping registry scan [8] 2017-05-04 08:41:46 : [scan] - Progress: 84% 2017-05-04 08:41:46 : [scan.registry] - Starting registry scan [9] 2017-05-04 08:41:46 : [scan.registry] - Found HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 2017-05-04 08:41:46 : [scan.registry] - Found HKLM64\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 2017-05-04 08:41:46 : [scan.registry] - Stopping registry scan [9] 2017-05-04 08:41:46 : [scan.registry] - Starting registry scan [10] 2017-05-04 08:41:46 : [scan.registry] - Stopping registry scan [10] 2017-05-04 08:41:46 : [scan.registry] - Starting registry scan [11] 2017-05-04 08:41:46 : [scan.registry] - Stopping registry scan [11] 2017-05-04 08:41:46 : [scan.registry] - Starting registry scan [12] 2017-05-04 08:41:46 : [scan.registry] - Stopping registry scan [12] 2017-05-04 08:41:46 : [scan.registry] - Starting registry scan [13] 2017-05-04 08:41:46 : [scan.registry] - Stopping registry scan [13] 2017-05-04 08:41:46 : [scan.registry] - Starting registry scan [14] 2017-05-04 08:41:46 : [scan.registry] - Stopping registry scan [14] 2017-05-04 08:41:46 : [scan.registry] - Starting registry scan [15] 2017-05-04 08:41:46 : [scan.registry] - Stopping registry scan [15] 2017-05-04 08:41:46 : [scan.registry] - Starting registry scan [16] 2017-05-04 08:41:46 : [scan.registry] - Stopping registry scan [16] 2017-05-04 08:41:46 : [scan.registry] - Starting registry scan [17] 2017-05-04 08:41:46 : [scan.registry] - Stopping registry scan [17] 2017-05-04 08:41:46 : [scan.registry] - Starting registry scan [18] 2017-05-04 08:41:47 : [scan.registry] - Found gplyra 2017-05-04 08:41:47 : [scan.registry] - Found gplyra 2017-05-04 08:41:47 : [scan.registry] - Found gplyra 2017-05-04 08:41:47 : [scan.registry] - Stopping registry scan [18] 2017-05-04 08:41:47 : [scan] - Progress: 86% 2017-05-04 08:41:47 : [scan.registry] - Starting registry scan [19] 2017-05-04 08:41:47 : [scan.registry] - Found HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE 2017-05-04 08:41:47 : [scan.registry] - Found HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper 2017-05-04 08:41:47 : [scan.registry] - Found HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper 2017-05-04 08:41:47 : [scan.registry] - Found HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper 2017-05-04 08:41:47 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP 2017-05-04 08:41:47 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP 2017-05-04 08:41:47 : [scan.registry] - Found HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-05-04 08:41:47 : [scan.registry] - Found HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-05-04 08:41:47 : [scan.registry] - Found HKEY_CLASSES_ROOT\.qmgc 2017-05-04 08:41:47 : [scan.registry] - Found HKLM\SOFTWARE\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E 2017-05-04 08:41:47 : [scan.registry] - Found HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-05-04 08:41:47 : [scan.registry] - Found HKCU\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF} 2017-05-04 08:41:47 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost WinSAPSvc 2017-05-04 08:41:47 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost ArcherGroupEx 2017-05-04 08:41:47 : [scan.registry] - Found HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper 2017-05-04 08:41:47 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Services\Themes DependOnService 2017-05-04 08:41:47 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost GubedZLGroupEx 2017-05-04 08:41:47 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost GubZLGroEx 2017-05-04 08:41:47 : [scan.registry] - Found HKCU\SOFTWARE\Classes\ChromeHTML 2017-05-04 08:41:47 : [scan.registry] - Found HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML 2017-05-04 08:41:47 : [scan.registry] - Stopping registry scan [19] 2017-05-04 08:41:47 : [scan] - Progress: 88% 2017-05-04 08:41:47 : [scan.registry] - 123 malicious registry element found 2017-05-04 08:41:47 : [scan] - Progress: 90% 2017-05-04 08:41:47 : [main] - Firefox is installed: True 2017-05-04 08:41:47 : [scan.firefox] - Starting Firefox based browsers scan [1] 2017-05-04 08:41:49 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com] 2017-05-04 08:41:51 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com] 2017-05-04 08:41:52 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com] 2017-05-04 08:41:53 : [scan.firefox] - Stopping Firefox based browsers scan [1] 2017-05-04 08:41:53 : [scan.firefox] - Starting Firefox based browsers scan [2] 2017-05-04 08:41:53 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\nice.xml 2017-05-04 08:41:53 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\mylucky123.xml 2017-05-04 08:41:53 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\yahoo! powered search.xml 2017-05-04 08:41:53 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\amisites.xml 2017-05-04 08:41:53 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\startpageing123.xml 2017-05-04 08:41:53 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\luck.xml 2017-05-04 08:41:53 : [scan.firefox] - Found C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\searchplugins\ourluckysites.xml 2017-05-04 08:41:53 : [scan.firefox] - Stopping Firefox based browsers scan [2] 2017-05-04 08:41:53 : [scan] - Progress: 92% 2017-05-04 08:41:53 : [scan.firefox] - Starting Firefox based browsers scan [3] 2017-05-04 08:41:53 : [scan.firefox] - Reading C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\prefs.js 2017-05-04 08:41:53 : [scan.firefox] - Found "browser.search.searchengine.url" - "http://www.luckysearch123.com/search.php?type=ds&ts=1489036179&from=5fdc0308&uid=toshibaxmq01abd100_35ilpkumtxx35ilpkumt&z=089d55749609940b66ce91dgfz3b3t8eac6qegfqam&q={searchTerms}" 2017-05-04 08:41:53 : [scan.firefox] - Found "browser.search.searchengine.iconURL" - "http://www.luckysearch123.com/favicon.ico?t=1" 2017-05-04 08:41:53 : [scan.firefox] - Reading C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\2d8b7u1b.default\user.js 2017-05-04 08:41:53 : [scan.firefox] - No profile to scan, skipping 2017-05-04 08:41:53 : [scan.firefox] - No profile to scan, skipping 2017-05-04 08:41:53 : [scan.firefox] - No profile to scan, skipping 2017-05-04 08:41:53 : [scan] - Progress: 94% 2017-05-04 08:41:53 : [scan.firefox] - Stopping Firefox based browsers scan [3] 2017-05-04 08:41:53 : [scan.firefox] - 2 malicious Firefox preferences found 2017-05-04 08:41:53 : [scan] - Progress: 95% 2017-05-04 08:41:53 : [main] - Chrome is installed: True 2017-05-04 08:41:53 : [scan.chromium] - Starting Chromium based browsers scan [1] 2017-05-04 08:41:55 : [scan.chromium] - Found HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-05-04 08:41:55 : [scan.chromium] - Found HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-05-04 08:41:55 : [scan.chromium] - Found HKCU64\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-05-04 08:41:55 : [scan.chromium] - Found HKLM64\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-05-04 08:41:55 : [scan.chromium] - Stopping Chromium based browsers scan [1] 2017-05-04 08:41:55 : [scan] - Progress: 97% 2017-05-04 08:41:55 : [scan.chromium] - Starting Chromium based browsers scan [2] 2017-05-04 08:41:55 : [scan.chromium] - No profile to scan, skipping 2017-05-04 08:41:55 : [scan.chromium] - Opening C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Data 2017-05-04 08:41:55 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] uk.ask.com 2017-05-04 08:41:55 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] yessearches 2017-05-04 08:41:55 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] mylucky123 2017-05-04 08:41:55 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] nice 2017-05-04 08:41:55 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] ourluckysites 2017-05-04 08:41:55 : [scan.chromium] - Closing C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Data 2017-05-04 08:41:55 : [scan.chromium] - Opening C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences 2017-05-04 08:41:57 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [startup_urls] http://www.nicesearches.com?type=hp&ts=1478740517&from=ead80003&uid=toshibaxmq01abd100_35ilpkumtxx35ilpkumt&z=4bfed39884d9632aea37899gcz0m0b7mez5edw5gaz 2017-05-04 08:41:57 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [favicon_url] http://www.mylucky123.com/searchfavicon.ico 2017-05-04 08:41:57 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [Extensions] pilplloabdedfmialnfchjomjmpjcoej 2017-05-04 08:41:57 : [scan.chromium] - Found C:\Users\USER\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [Homepage] http://www.nicesearches.com?type=hp&ts=1478740517&from=ead80003&uid=toshibaxmq01abd100_35ilpkumtxx35ilpkumt&z=4bfed39884d9632aea37899gcz0m0b7mez5edw5gaz 2017-05-04 08:41:57 : [scan.chromium] - No profile to scan, skipping 2017-05-04 08:41:57 : [scan.chromium] - No profile to scan, skipping 2017-05-04 08:41:57 : [scan.chromium] - No profile to scan, skipping 2017-05-04 08:41:57 : [scan.chromium] - No profile to scan, skipping 2017-05-04 08:41:57 : [scan.chromium] - No profile to scan, skipping 2017-05-04 08:41:57 : [scan.chromium] - Stopping Chromium based browsers scan [2] 2017-05-04 08:41:57 : [scan] - Progress: 99% 2017-05-04 08:41:57 : [scan.chromium] - Starting Chromium based browsers scan [3] 2017-05-04 08:41:57 : [scan.chromium] - Stopping Chromium based browsers scan [3] 2017-05-04 08:41:57 : [scan.chromium] - 9 malicious Chromium preferences elements found 2017-05-04 08:41:57 : [scan] - Progress: 100% 2017-05-04 08:41:57 : [scan] - Stopping scan 2017-05-04 08:42:10 : [main.gui] - Clean requested 2017-05-04 08:42:34 : [main.gui] - Killing all processes 2017-05-04 08:42:34 : [main] - Killing [System Process](0) 2017-05-04 08:42:34 : [main] - Killing System(4) 2017-05-04 08:42:34 : [main] - smss.exe - (4) not killed - whitelisted 2017-05-04 08:42:34 : [main] - csrss.exe - (4) not killed - whitelisted 2017-05-04 08:42:34 : [main] - wininit.exe - (4) not killed - whitelisted 2017-05-04 08:42:34 : [main] - csrss.exe - (4) not killed - whitelisted 2017-05-04 08:42:34 : [main] - winlogon.exe - (4) not killed - whitelisted 2017-05-04 08:42:34 : [main] - services.exe - (4) not killed - whitelisted 2017-05-04 08:42:34 : [main] - lsass.exe - (4) not killed - whitelisted 2017-05-04 08:42:34 : [main] - svchost.exe - (4) not killed - whitelisted 2017-05-04 08:42:34 : [main] - svchost.exe - (4) not killed - whitelisted 2017-05-04 08:42:34 : [main] - dwm.exe - (4) not killed - whitelisted 2017-05-04 08:42:34 : [main] - svchost.exe - (4) not killed - whitelisted 2017-05-04 08:42:34 : [main] - svchost.exe - (4) not killed - whitelisted 2017-05-04 08:42:34 : [main] - svchost.exe - (4) not killed - whitelisted 2017-05-04 08:42:34 : [main] - svchost.exe - (4) not killed - whitelisted 2017-05-04 08:42:34 : [main] - svchost.exe - (4) not killed - whitelisted 2017-05-04 08:42:34 : [main] - Killing AvastSvc.exe(1384) 2017-05-04 08:42:34 : [main] - explorer.exe - (1384) not killed - whitelisted 2017-05-04 08:42:34 : [main] - svchost.exe - (1384) not killed - whitelisted 2017-05-04 08:42:34 : [main] - Killing afwServ.exe(1892) 2017-05-04 08:42:34 : [main] - svchost.exe - (1892) not killed - whitelisted 2017-05-04 08:42:34 : [main] - dasHost.exe - (1892) not killed - whitelisted 2017-05-04 08:42:34 : [main] - svchost.exe - (1892) not killed - whitelisted 2017-05-04 08:42:34 : [main] - svchost.exe - (1892) not killed - whitelisted 2017-05-04 08:42:34 : [main] - svchost.exe - (1892) not killed - whitelisted 2017-05-04 08:42:34 : [main] - Killing aswidsagenta.exe(3844) 2017-05-04 08:42:34 : [main] - svchost.exe - (3844) not killed - whitelisted 2017-05-04 08:42:34 : [main] - Killing AvastUI.exe(5488) 2017-05-04 08:42:34 : [main] - LMS.exe - (5488) not killed - whitelisted 2017-05-04 08:42:34 : [main] - Killing PresentationFontCache.exe(6068) 2017-05-04 08:42:34 : [main] - Killing HPSIsvc.exe(5348) 2017-05-04 08:42:34 : [main] - Killing spoolsv.exe(1788) 2017-05-04 08:42:35 : [main] - Killing SearchIndexer.exe(5272) 2017-05-04 08:42:35 : [main] - Killing sppsvc.exe(4316) 2017-05-04 08:42:35 : [main] - SppExtComObj.Exe - (4316) not killed - whitelisted 2017-05-04 08:42:35 : [main] - Killing slui.exe(3980) 2017-05-04 08:42:35 : [main] - Killing slui.exe(3648) 2017-05-04 08:42:35 : [main] - Killing nvvsvc.exe(4628) 2017-05-04 08:42:35 : [main] - Killing nvxdsync.exe(1124) 2017-05-04 08:42:35 : [main] - Killing nvvsvc.exe(5436) 2017-05-04 08:42:35 : [main] - Killing chrome.exe(2312) 2017-05-04 08:42:35 : [main] - Killing chrome.exe(5376) 2017-05-04 08:42:35 : [main] - Killing chrome.exe(0) 2017-05-04 08:42:35 : [main] - Killing chrome.exe(0) 2017-05-04 08:42:35 : [main] - Killing chrome.exe(0) 2017-05-04 08:42:35 : [main] - Killing chrome.exe(0) 2017-05-04 08:42:35 : [main] - Killing dllhost.exe(200) 2017-05-04 08:42:35 : [main] - Killing slui.exe(4692) 2017-05-04 08:42:35 : [main] - Killing chrome.exe(0) 2017-05-04 08:42:35 : [main] - Killing chrome.exe(0) 2017-05-04 08:42:35 : [main] - Killing chrome.exe(0) 2017-05-04 08:42:35 : [main] - Killing chrome.exe(0) 2017-05-04 08:42:35 : [main] - Killing slui.exe(1128) 2017-05-04 08:42:35 : [main] - adwcleaner_6.046.exe - (1128) not killed - whitelisted 2017-05-04 08:42:35 : [main] - Killing taskeng.exe(5400) 2017-05-04 08:42:35 : [main] - WmiPrvSE.exe - (5400) not killed - whitelisted 2017-05-04 08:42:35 : [quarantine] - Quarantine database successfully opened 2017-05-04 08:42:35 : [clean] - Progress: 0% 2017-05-04 08:42:35 : [clean.services] - Starting services clean 2017-05-04 08:42:35 : [clean.services] - Stopping services clean 2017-05-04 08:42:35 : [clean] - Progress: 10% 2017-05-04 08:42:35 : [clean.folders] - Starting folders clean