2017-04-12 18:17:21 : [main] - Saving current options to the configuration file 2017-04-12 18:17:22 : [main.gui] - Scan requested 2017-04-12 18:17:22 : [scan] - Running from: C:\AdwCleaner 2017-04-12 18:17:22 : [scan] - Progress: 0% 2017-04-12 18:17:22 : [database] - Checking for database updates 2017-04-12 18:17:22 : [main.network] - Requesting the latest database release number 2017-04-12 18:17:29 : [main.network] - Latest definitions: ce5e6b43ed0df5889c92044333ba91a9 2017-04-12 18:17:29 : [main.network] - Updating definitions 2017-04-12 18:18:38 : INFO [main] - >>>> STARTING <<<< 2017-04-12 18:18:38 : INFO [main] - Version: 6.045 2017-04-12 18:18:38 : INFO [main] - RAM Usage: 57 2017-04-12 18:18:38 : INFO [main] - OS: WIN_10 X86 2017-04-12 18:18:38 : [main.language] - Checking the language 2017-04-12 18:18:38 : [main.language] - Language found: en 2017-04-12 18:18:38 : [main.network] - Checking the network connectivity 2017-04-12 18:18:38 : [main.network] - Network connectivity status: True 2017-04-12 18:18:38 : [main.eula] - Checking for EULA agreement 2017-04-12 18:18:38 : [main.network] - Check for updates 2017-04-12 18:18:38 : [main.network] - Requesting the last release number 2017-04-12 18:18:42 : [main.network] - The current version is up-to-date 2017-04-12 18:18:42 : [main.gui] - GUI setup 2017-04-12 18:18:42 : [main.gui] - Languages setup 2017-04-12 18:18:42 : [main] - Chrome is installed: True 2017-04-12 18:18:42 : [main] - Firefox is installed: True 2017-04-12 18:18:42 : [main.gui] - Showing the gui 2017-04-12 18:19:01 : [main.gui] - Showing Options window 2017-04-12 18:19:30 : [main] - Saving current options to the configuration file 2017-04-12 18:19:51 : [main.gui] - Scan requested 2017-04-12 18:19:51 : [scan] - Running from: C:\AdwCleaner 2017-04-12 18:19:51 : [scan] - Progress: 0% 2017-04-12 18:19:51 : [database] - Checking for database updates 2017-04-12 18:19:51 : [main.network] - Requesting the latest database release number 2017-04-12 18:19:56 : [main.network] - Latest definitions: ce5e6b43ed0df5889c92044333ba91a9 2017-04-12 18:19:56 : [main.network] - Updating definitions 2017-04-12 18:20:07 : [main.network] - Saving the updated definitions 2017-04-12 18:20:07 : [database] - Database successfully updated: CE5E6B43ED0DF5889C92044333BA91A9 2017-04-12 18:20:07 : [scan] - Progress: 5% 2017-04-12 18:20:07 : [database] - Initialize the database 2017-04-12 18:20:07 : [database] - Loading sqlite3.dll 2017-04-12 18:20:07 : [database] - Opening the database 2017-04-12 18:20:07 : [database] - Querying database's version 2017-04-12 18:20:07 : [database] - Loading internal data 2017-04-12 18:20:07 : [database] - Loading detections 2017-04-12 18:20:12 : [database] - Loading generics 2017-04-12 18:20:12 : [database] - Closing the database 2017-04-12 18:20:12 : [database] - Closing database 2017-04-12 18:20:12 : [database] - Unloading sqlite3.dll 2017-04-12 18:20:12 : [scan] - Progress: 15% 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [1] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [2] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [3] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [4] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [5] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [6] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [7] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [8] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [9] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [10] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [11] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [12] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [13] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [14] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [15] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [16] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [17] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [18] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [19] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [20] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [21] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [22] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [23] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [24] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [25] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [26] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [27] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [28] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [29] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [30] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [31] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [32] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [33] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [34] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [35] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [36] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [37] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [38] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [39] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [40] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [41] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [42] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [43] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [44] 2017-04-12 18:20:12 : [scan.generic] - Generating generic detections [45] 2017-04-12 18:20:12 : [scan.generic] - Generic detections generated 2017-04-12 18:20:12 : [scan] - Progress: 20% 2017-04-12 18:20:12 : [scan.generic] - Starting generic analysis 2017-04-12 18:20:34 : [scan.generic] - Found HKLM\SOFTWARE\5b952a37-ebad-c0b3-e5d4-92d30f6ce1bc 2017-04-12 18:20:34 : [scan.generic] - Found Tafewardkinerpy 2017-04-12 18:20:48 : [scan] - Progress: 30% 2017-04-12 18:20:48 : [scan.services] - Starting services scan [1] 2017-04-12 18:20:48 : [scan.registry] - Found WindowsMangerProtect 2017-04-12 18:20:48 : [scan.registry] - Found GoogleChromeUpService 2017-04-12 18:20:48 : [scan.registry] - Found FirefoxU 2017-04-12 18:20:48 : [scan.registry] - Found WinSnare 2017-04-12 18:20:48 : [scan.registry] - Found windowsmangerprotect 2017-04-12 18:20:48 : [scan.registry] - Found googlechromeupservice 2017-04-12 18:20:48 : [scan.registry] - Found SNARER 2017-04-12 18:20:48 : [scan.services] - Stopping services scan [1] 2017-04-12 18:20:48 : [scan.services] - Starting services scan [2] 2017-04-12 18:20:49 : [scan.services] - Found AMD 2017-04-12 18:20:49 : [scan.services] - Stopping services scan [2] 2017-04-12 18:20:49 : [scan.services] - 1 malicious services found 2017-04-12 18:20:49 : [scan] - Progress: 40% 2017-04-12 18:20:49 : [scan.folders] - Starting folders scan 2017-04-12 18:21:37 : [scan.folders] - Found C:\Users\Vaishnavi\AppData\Roaming\Firefox 2017-04-12 18:21:37 : [scan.folders] - Found C:\Users\Vaishnavi\AppData\Local\Firefox 2017-04-12 18:21:37 : [scan.folders] - Stopping folders scan 2017-04-12 18:21:37 : [scan.folders] - 2 malicious folders found 2017-04-12 18:21:37 : [scan] - Progress: 50% 2017-04-12 18:21:37 : [scan.files] - Starting files scan 2017-04-12 18:21:42 : [scan.files] - Found C:\Users\Vaishnavi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk 2017-04-12 18:21:43 : [scan.files] - Found C:\Users\Vaishnavi\AppData\Roaming\Microsoft\Windows\Start Menu\¿ìѹ.lnk 2017-04-12 18:21:49 : [scan.files] - Found C:\WINDOWS\system32\findit.xml 2017-04-12 18:21:50 : [scan.files] - Found C:\WINDOWS\system32\drivers\iSafeKrnlBoot.sys 2017-04-12 18:21:50 : [scan.files] - Found C:\WINDOWS\system32\drivers\KuaiZipDrive.sys 2017-04-12 18:21:51 : [scan.files] - Found C:\WINDOWS\rsrcs.dll 2017-04-12 18:21:51 : [scan.files] - Found C:\Program Files\settings.dat 2017-04-12 18:21:51 : [scan.files] - Found C:\Users\Public\Documents\temp.dat 2017-04-12 18:21:51 : [scan.files] - Found C:\Users\Public\Documents\report.dat 2017-04-12 18:21:51 : [scan.files] - Stopping files scan 2017-04-12 18:21:51 : [scan.files] - 9 malicious files found 2017-04-12 18:21:51 : [scan] - Progress: 55% 2017-04-12 18:21:51 : [scan.dll] - Starting DLL scan 2017-04-12 18:21:51 : [scan.dll] - Stopping DLL scan 2017-04-12 18:21:51 : [scan.dll] - 0 malicious DLL found 2017-04-12 18:21:51 : [scan] - Progress: 60% 2017-04-12 18:21:51 : [scan.wmi] - Starting WMI scan 2017-04-12 18:21:51 : [scan.wmi] - Found \root\subscription 2017-04-12 18:21:51 : [scan.wmi] - Stopping WMI scan 2017-04-12 18:21:51 : [scan.wmi] - 1 malicious WMI found 2017-04-12 18:21:51 : [scan] - Progress: 65% 2017-04-12 18:21:51 : [scan.shortcuts] - Starting shortcuts scan 2017-04-12 18:21:57 : [scan.shortcuts] - Cannot scan C:\Users\Vaishnavi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk 2017-04-12 18:22:00 : [scan.shortcuts] - Stopping shortcuts scan 2017-04-12 18:22:00 : [scan.shortcuts] - 0 malicious shortcuts found 2017-04-12 18:22:00 : [scan] - Progress: 70% 2017-04-12 18:22:00 : [scan.tasks] - Starting tasks scan 2017-04-12 18:22:01 : [scan.tasks] - Found Milimili 2017-04-12 18:22:01 : [scan.tasks] - Found iorrt 2017-04-12 18:22:01 : [scan.tasks] - Found Windows-PG 2017-04-12 18:22:01 : [scan.tasks] - Stopping tasks scan 2017-04-12 18:22:01 : [scan.tasks] - 4 malicious tasks found 2017-04-12 18:22:01 : [scan] - Progress: 75% 2017-04-12 18:22:01 : [scan.registry] - Starting registry scan [1] 2017-04-12 18:22:02 : [scan.registry] - Found Fishjanesc 2017-04-12 18:22:02 : [scan.registry] - Found QZipShell.ContextMenuExt 2017-04-12 18:22:02 : [scan.registry] - Found QZipShell.ContextMenuExt.1 2017-04-12 18:22:02 : [scan.registry] - Found QZipShell.DragDropMenu 2017-04-12 18:22:02 : [scan.registry] - Found QZipShell.DragDropMenu.1 2017-04-12 18:22:02 : [scan.registry] - Found QZipShell.KYDropHandler 2017-04-12 18:22:02 : [scan.registry] - Found QZipShell.KYDropHandler.1 2017-04-12 18:22:02 : [scan.registry] - Found QZipShell.KzShlobj 2017-04-12 18:22:02 : [scan.registry] - Found QZipShell.KzShlobj.1 2017-04-12 18:22:02 : [scan.registry] - Found QZipShell.PropertyExt 2017-04-12 18:22:02 : [scan.registry] - Found QZipShell.PropertyExt.1 2017-04-12 18:22:03 : [scan.registry] - Stopping registry scan [1] 2017-04-12 18:22:03 : [scan.registry] - Starting registry scan [2] 2017-04-12 18:22:05 : [scan.registry] - Found {9CC34070-3A38-4C7A-89CB-EF8177EF07A1} 2017-04-12 18:22:05 : [scan.registry] - Found {2FB831EA-DA68-4A66-8E31-A2D976A6296C} 2017-04-12 18:22:05 : [scan.registry] - Found {3DCCD550-7586-40D2-A51D-D2F98EC06B3C} 2017-04-12 18:22:05 : [scan.registry] - Found {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} 2017-04-12 18:22:05 : [scan.registry] - Found {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} 2017-04-12 18:22:05 : [scan.registry] - Found {C9487131-EF4C-40D9-BA70-E85356CAF67E} 2017-04-12 18:22:06 : [scan.registry] - Found {86C4C3BA-4EA4-4CF8-98B9-6B07B477B835} 2017-04-12 18:22:07 : [scan.registry] - Found {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} 2017-04-12 18:22:10 : [scan.registry] - Stopping registry scan [2] 2017-04-12 18:22:10 : [scan.registry] - Starting registry scan [3] 2017-04-12 18:22:10 : [scan.registry] - Found KuaiZip 2017-04-12 18:22:10 : [scan.registry] - Found UpgSvr 2017-04-12 18:22:10 : [scan.registry] - Found xvb`lj 2017-04-12 18:22:10 : [scan.registry] - Found {12DA0E6F-5543-440C-BAA2-28BF01070AFA} 2017-04-12 18:22:11 : [scan.registry] - Found APN PIP 2017-04-12 18:22:11 : [scan.registry] - Found AskPartnerNetwork 2017-04-12 18:22:11 : [scan.registry] - Found HomeTab 2017-04-12 18:22:11 : [scan.registry] - Found Kromtech 2017-04-12 18:22:11 : [scan.registry] - Found Mozilla\Extends 2017-04-12 18:22:11 : [scan.registry] - Found PIP 2017-04-12 18:22:11 : [scan.registry] - Found PRODUCTSETUP 2017-04-12 18:22:11 : [scan.registry] - Found SearchProtectWS 2017-04-12 18:22:11 : [scan.registry] - Found simplytech 2017-04-12 18:22:11 : [scan.registry] - Found Simplytech\HomeTab 2017-04-12 18:22:11 : [scan.registry] - Found TNT2 2017-04-12 18:22:11 : [scan.registry] - Found csastats 2017-04-12 18:22:11 : [scan.registry] - Found SIMPLYTECH 2017-04-12 18:22:11 : [scan.registry] - Found KuaiZip 2017-04-12 18:22:11 : [scan.registry] - Found mtUtatity 2017-04-12 18:22:11 : [scan.registry] - Found WinSnare 2017-04-12 18:22:11 : [scan.registry] - Found Fishjane 2017-04-12 18:22:11 : [scan.registry] - Found deskapp 2017-04-12 18:22:11 : [scan.registry] - Found {12DA0E6F-5543-440C-BAA2-28BF01070AFA} 2017-04-12 18:22:11 : [scan.registry] - Found {4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} 2017-04-12 18:22:11 : [scan.registry] - Found {D01A33E2-0A34-4659-82AA-8A90C51C0D21} 2017-04-12 18:22:11 : [scan.registry] - Found IMBoosterARP 2017-04-12 18:22:11 : [scan.registry] - Found IminentToolbar 2017-04-12 18:22:11 : [scan.registry] - Found SearchProtect 2017-04-12 18:22:11 : [scan.registry] - Found Vosteran.com 2017-04-12 18:22:11 : [scan.registry] - Found WajIntEnhance 2017-04-12 18:22:11 : [scan.registry] - Found SEARCHPROTECT 2017-04-12 18:22:12 : [scan.registry] - Found {12DA0E6F-5543-440C-BAA2-28BF01070AFA} 2017-04-12 18:22:13 : [scan.registry] - Found Installer 2017-04-12 18:22:13 : [scan.registry] - Found AutoTime 2017-04-12 18:22:13 : [scan.registry] - Found SNDA 2017-04-12 18:22:13 : [scan.registry] - Found mtUtatity 2017-04-12 18:22:13 : [scan.registry] - Found MICROSOFT\wewewe 2017-04-12 18:22:13 : [scan.registry] - Found WinSnare 2017-04-12 18:22:13 : [scan.registry] - Found dlr 2017-04-12 18:22:13 : [scan.registry] - Found PopWnd 2017-04-12 18:22:13 : [scan.registry] - Found UpgSvr 2017-04-12 18:22:13 : [scan.registry] - Found deskapp 2017-04-12 18:22:13 : [scan.registry] - Found {12DA0E6F-5543-440C-BAA2-28BF01070AFA} 2017-04-12 18:22:14 : [scan.registry] - Found AppTrailers 2017-04-12 18:22:14 : [scan.registry] - Found KuaiZip 2017-04-12 18:22:14 : [scan.registry] - Found UpgSvr 2017-04-12 18:22:14 : [scan.registry] - Found xvb`lj 2017-04-12 18:22:14 : [scan.registry] - Found {12DA0E6F-5543-440C-BAA2-28BF01070AFA} 2017-04-12 18:22:15 : [scan.registry] - Found Installer 2017-04-12 18:22:15 : [scan.registry] - Found AutoTime 2017-04-12 18:22:15 : [scan.registry] - Found SNDA 2017-04-12 18:22:15 : [scan.registry] - Found mtUtatity 2017-04-12 18:22:15 : [scan.registry] - Found MICROSOFT\wewewe 2017-04-12 18:22:15 : [scan.registry] - Found WinSnare 2017-04-12 18:22:15 : [scan.registry] - Found dlr 2017-04-12 18:22:15 : [scan.registry] - Found PopWnd 2017-04-12 18:22:15 : [scan.registry] - Found UpgSvr 2017-04-12 18:22:15 : [scan.registry] - Found deskapp 2017-04-12 18:22:15 : [scan.registry] - Found {12DA0E6F-5543-440C-BAA2-28BF01070AFA} 2017-04-12 18:22:15 : [scan.registry] - Found AppTrailers 2017-04-12 18:22:15 : [scan.registry] - Found {12A61307-94CD-4F8E-94BC-918E511FAA81} 2017-04-12 18:22:15 : [scan.registry] - Found {12DA0E6F-5543-440C-BAA2-28BF01070AFA} 2017-04-12 18:22:15 : [scan.registry] - Found {3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} 2017-04-12 18:22:15 : [scan.registry] - Found {4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} 2017-04-12 18:22:15 : [scan.registry] - Found AIM Toolbar 2017-04-12 18:22:15 : [scan.registry] - Found AskPartnerNetwork 2017-04-12 18:22:15 : [scan.registry] - Found Conduit 2017-04-12 18:22:15 : [scan.registry] - Found FFPluginHp 2017-04-12 18:22:15 : [scan.registry] - Found Iminent 2017-04-12 18:22:15 : [scan.registry] - Found istartsurfSoftware 2017-04-12 18:22:15 : [scan.registry] - Found SearchModule 2017-04-12 18:22:15 : [scan.registry] - Found SearchProtect 2017-04-12 18:22:15 : [scan.registry] - Found searchult 2017-04-12 18:22:15 : [scan.registry] - Found SpeedBit 2017-04-12 18:22:15 : [scan.registry] - Found SEARCHPROTECT 2017-04-12 18:22:15 : [scan.registry] - Found youndooSoftware 2017-04-12 18:22:15 : [scan.registry] - Found OtherSearch 2017-04-12 18:22:15 : [scan.registry] - Found amule-custom 2017-04-12 18:22:15 : [scan.registry] - Found mtUtatity 2017-04-12 18:22:15 : [scan.registry] - Found InterSect Alliance 2017-04-12 18:22:15 : [scan.registry] - Found startpageing123Software 2017-04-12 18:22:15 : [scan.registry] - Found Fishjane 2017-04-12 18:22:15 : [scan.registry] - Found xvb`lj 2017-04-12 18:22:15 : [scan.registry] - Found msServer 2017-04-12 18:22:15 : [scan.registry] - Found {84416237-6490-494D-9AD6-4994DD978971} 2017-04-12 18:22:15 : [scan.registry] - Found {D01A33E2-0A34-4659-82AA-8A90C51C0D21} 2017-04-12 18:22:15 : [scan.registry] - Found IMBoosterARP 2017-04-12 18:22:15 : [scan.registry] - Found IminentToolbar 2017-04-12 18:22:15 : [scan.registry] - Found Linkey 2017-04-12 18:22:15 : [scan.registry] - Found SearchProtect 2017-04-12 18:22:15 : [scan.registry] - Found Vosteran.com 2017-04-12 18:22:16 : [scan.registry] - Found WajIntEnhance 2017-04-12 18:22:16 : [scan.registry] - Found SEARCHPROTECT 2017-04-12 18:22:16 : [scan.registry] - Found {59B5A9CD-253D-4C41-A073-B387D4C9672D} 2017-04-12 18:22:16 : [scan.registry] - Found {13D7C2E9-08E7-4889-94FF-87E707184E53} 2017-04-12 18:22:16 : [scan.registry] - Stopping registry scan [3] 2017-04-12 18:22:16 : [scan] - Progress: 80% 2017-04-12 18:22:16 : [scan.registry] - Starting registry scan [4] 2017-04-12 18:22:16 : [scan.registry] - Stopping registry scan [4] 2017-04-12 18:22:16 : [scan.registry] - Starting registry scan [5] 2017-04-12 18:22:16 : [scan.registry] - Stopping registry scan [5] 2017-04-12 18:22:16 : [scan] - Progress: 82% 2017-04-12 18:22:16 : [scan.registry] - Starting registry scan [6] 2017-04-12 18:22:16 : [scan.registry] - Stopping registry scan [6] 2017-04-12 18:22:16 : [scan.registry] - Starting registry scan [7] 2017-04-12 18:22:16 : [scan.registry] - Stopping registry scan [7] 2017-04-12 18:22:16 : [scan.registry] - Starting registry scan [8] 2017-04-12 18:22:16 : [scan.registry] - Stopping registry scan [8] 2017-04-12 18:22:16 : [scan] - Progress: 84% 2017-04-12 18:22:16 : [scan.registry] - Starting registry scan [9] 2017-04-12 18:22:16 : [scan.registry] - Stopping registry scan [9] 2017-04-12 18:22:16 : [scan.registry] - Starting registry scan [10] 2017-04-12 18:22:16 : [scan.registry] - Stopping registry scan [10] 2017-04-12 18:22:16 : [scan.registry] - Starting registry scan [11] 2017-04-12 18:22:16 : [scan.registry] - Found C:\ProgramData\Utatity\TransLax.dll 2017-04-12 18:22:16 : [scan.registry] - Stopping registry scan [11] 2017-04-12 18:22:16 : [scan.registry] - Starting registry scan [12] 2017-04-12 18:22:16 : [scan.registry] - Stopping registry scan [12] 2017-04-12 18:22:16 : [scan.registry] - Starting registry scan [13] 2017-04-12 18:22:16 : [scan.registry] - Stopping registry scan [13] 2017-04-12 18:22:16 : [scan.registry] - Starting registry scan [14] 2017-04-12 18:22:16 : [scan.registry] - Stopping registry scan [14] 2017-04-12 18:22:16 : [scan.registry] - Starting registry scan [15] 2017-04-12 18:22:16 : [scan.registry] - Stopping registry scan [15] 2017-04-12 18:22:16 : [scan.registry] - Starting registry scan [16] 2017-04-12 18:22:17 : [scan.registry] - Stopping registry scan [16] 2017-04-12 18:22:17 : [scan.registry] - Starting registry scan [17] 2017-04-12 18:22:17 : [scan.registry] - Stopping registry scan [17] 2017-04-12 18:22:17 : [scan.registry] - Starting registry scan [18] 2017-04-12 18:22:17 : [scan.registry] - Found msiql 2017-04-12 18:22:17 : [scan.registry] - Found DiskPower 2017-04-12 18:22:17 : [scan.registry] - Found AppTrailers 2017-04-12 18:22:17 : [scan.registry] - Stopping registry scan [18] 2017-04-12 18:22:17 : [scan] - Progress: 86% 2017-04-12 18:22:17 : [scan.registry] - Starting registry scan [19] 2017-04-12 18:22:17 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH 2017-04-12 18:22:17 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iSafeSvc2.exe 2017-04-12 18:22:17 : [scan.registry] - Found HKCU\Environment SNF 2017-04-12 18:22:17 : [scan.registry] - Found HKCU\Environment SNP 2017-04-12 18:22:17 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC} 2017-04-12 18:22:17 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1} 2017-04-12 18:22:17 : [scan.registry] - Found HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH 2017-04-12 18:22:17 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved KuaiZip Shell Extension 2017-04-12 18:22:17 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost kuaizipupdatesvc 2017-04-12 18:22:17 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj 2017-04-12 18:22:17 : [scan.registry] - Found HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 2017-04-12 18:22:17 : [scan.registry] - Found HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt 2017-04-12 18:22:17 : [scan.registry] - Found HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt 2017-04-12 18:22:17 : [scan.registry] - Found HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL 2017-04-12 18:22:17 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost WinSAPSvc 2017-04-12 18:22:17 : [scan.registry] - Found HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\KuaiZipShlExt 2017-04-12 18:22:17 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Utatity.exe 2017-04-12 18:22:17 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Utatity.exe 2017-04-12 18:22:17 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost WinSnare 2017-04-12 18:22:17 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost WinSnare 2017-04-12 18:22:17 : [scan.registry] - Found HKCU\SOFTWARE\Classes\ChromeHTML 2017-04-12 18:22:17 : [scan.registry] - Found HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML 2017-04-12 18:22:17 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost WINSNARE 2017-04-12 18:22:17 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost SNARER 2017-04-12 18:22:17 : [scan.registry] - Stopping registry scan [19] 2017-04-12 18:22:17 : [scan] - Progress: 88% 2017-04-12 18:22:17 : [scan.registry] - 150 malicious registry element found 2017-04-12 18:22:17 : [scan] - Progress: 90% 2017-04-12 18:22:17 : [main] - Firefox is installed: True 2017-04-12 18:22:17 : [scan.firefox] - Starting Firefox based browsers scan [1] 2017-04-12 18:22:21 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchffv2@gmail.com] 2017-04-12 18:22:21 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com] 2017-04-12 18:22:24 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchffv2@gmail.com] 2017-04-12 18:22:25 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com] 2017-04-12 18:22:27 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchffv2@gmail.com] 2017-04-12 18:22:27 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com] 2017-04-12 18:22:28 : [scan.firefox] - Stopping Firefox based browsers scan [1] 2017-04-12 18:22:28 : [scan.firefox] - Starting Firefox based browsers scan [2] 2017-04-12 18:22:28 : [scan.firefox] - Found C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a4ycc3sr.default\searchplugins\startpageing123.xml 2017-04-12 18:22:29 : [scan.firefox] - Stopping Firefox based browsers scan [2] 2017-04-12 18:22:29 : [scan] - Progress: 92% 2017-04-12 18:22:29 : [scan.firefox] - Starting Firefox based browsers scan [3] 2017-04-12 18:22:29 : [scan.firefox] - Reading C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a4ycc3sr.default\prefs.js 2017-04-12 18:22:29 : [scan.firefox] - Reading C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a4ycc3sr.default\user.js 2017-04-12 18:22:29 : [scan.firefox] - Reading C:\Users\Vaishnavi\AppData\Roaming\Mozilla\Firefox\Profiles\al4wjjbd.default-1467199780811\prefs.js 2017-04-12 18:22:30 : [scan.firefox] - Reading C:\Users\Vaishnavi\AppData\Roaming\Mozilla\Firefox\Profiles\al4wjjbd.default-1467199780811\user.js 2017-04-12 18:22:30 : [scan.firefox] - Reading C:\Users\Vaishnavi\AppData\Roaming\Mozilla\Firefox\Profiles\oz7itdg9.default-1491669357601\prefs.js 2017-04-12 18:22:30 : [scan.firefox] - Reading C:\Users\Vaishnavi\AppData\Roaming\Mozilla\Firefox\Profiles\oz7itdg9.default-1491669357601\user.js 2017-04-12 18:22:30 : [scan.firefox] - Reading C:\Users\Varun\AppData\Roaming\Mozilla\Firefox\Profiles\rmbrwe3s.default\prefs.js 2017-04-12 18:22:30 : [scan.firefox] - Reading C:\Users\Varun\AppData\Roaming\Mozilla\Firefox\Profiles\rmbrwe3s.default\user.js 2017-04-12 18:22:30 : [scan.firefox] - No profile to scan, skipping 2017-04-12 18:22:30 : [scan.firefox] - No profile to scan, skipping 2017-04-12 18:22:30 : [scan.firefox] - No profile to scan, skipping 2017-04-12 18:22:30 : [scan] - Progress: 94% 2017-04-12 18:22:30 : [scan.firefox] - Stopping Firefox based browsers scan [3] 2017-04-12 18:22:30 : [scan.firefox] - 0 malicious Firefox preferences found 2017-04-12 18:22:30 : [scan] - Progress: 95% 2017-04-12 18:22:30 : [main] - Chrome is installed: True 2017-04-12 18:22:30 : [scan.chromium] - Starting Chromium based browsers scan [1] 2017-04-12 18:22:38 : [scan.chromium] - Found HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa 2017-04-12 18:22:39 : [scan.chromium] - Found C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-04-12 18:22:39 : [scan.chromium] - Found C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage 2017-04-12 18:22:39 : [scan.chromium] - Found C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage-journal 2017-04-12 18:22:39 : [scan.chromium] - Found C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage 2017-04-12 18:22:39 : [scan.chromium] - Found HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-04-12 18:22:41 : [scan.chromium] - Stopping Chromium based browsers scan [1] 2017-04-12 18:22:41 : [scan] - Progress: 97% 2017-04-12 18:22:41 : [scan.chromium] - Starting Chromium based browsers scan [2] 2017-04-12 18:22:41 : [scan.chromium] - No profile to scan, skipping 2017-04-12 18:22:41 : [scan.chromium] - Opening C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data 2017-04-12 18:22:41 : [scan.chromium] - Closing C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data 2017-04-12 18:22:41 : [scan.chromium] - Opening C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences 2017-04-12 18:22:46 : [scan.chromium] - Found C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extensions] pilplloabdedfmialnfchjomjmpjcoej 2017-04-12 18:22:46 : [scan.chromium] - Opening C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data 2017-04-12 18:22:46 : [scan.chromium] - Closing C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data 2017-04-12 18:22:46 : [scan.chromium] - Opening C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences 2017-04-12 18:22:48 : [scan.chromium] - Opening C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data 2017-04-12 18:22:48 : [scan.chromium] - Closing C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data 2017-04-12 18:22:48 : [scan.chromium] - Opening C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences 2017-04-12 18:22:50 : [scan.chromium] - Opening C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data 2017-04-12 18:22:50 : [scan.chromium] - Closing C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data 2017-04-12 18:22:50 : [scan.chromium] - Opening C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\Profile 2\Secure Preferences 2017-04-12 18:22:52 : [scan.chromium] - Opening C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Data 2017-04-12 18:22:52 : [scan.chromium] - Closing C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Data 2017-04-12 18:22:52 : [scan.chromium] - Opening C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences 2017-04-12 18:23:09 : [scan.chromium] - Found C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [Extensions] jlcgehabolcakkjhgmgpkagpolbjlhfa 2017-04-12 18:23:09 : [scan.chromium] - Found C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [Extensions] pilplloabdedfmialnfchjomjmpjcoej 2017-04-12 18:23:09 : [scan.chromium] - Opening C:\Users\Varun\AppData\Local\Google\Chrome\User Data\Default\Web Data 2017-04-12 18:23:09 : [scan.chromium] - Closing C:\Users\Varun\AppData\Local\Google\Chrome\User Data\Default\Web Data 2017-04-12 18:23:09 : [scan.chromium] - Opening C:\Users\Varun\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences 2017-04-12 18:23:20 : [scan.chromium] - Found C:\Users\Varun\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extensions] cknghehebaconkajgiobncfleofebcog 2017-04-12 18:23:21 : [scan.chromium] - No profile to scan, skipping 2017-04-12 18:23:21 : [scan.chromium] - No profile to scan, skipping 2017-04-12 18:23:21 : [scan.chromium] - No profile to scan, skipping 2017-04-12 18:23:21 : [scan.chromium] - No profile to scan, skipping 2017-04-12 18:23:21 : [scan.chromium] - No profile to scan, skipping 2017-04-12 18:23:21 : [scan.chromium] - Stopping Chromium based browsers scan [2] 2017-04-12 18:23:21 : [scan] - Progress: 99% 2017-04-12 18:23:21 : [scan.chromium] - Starting Chromium based browsers scan [3] 2017-04-12 18:23:21 : [scan.chromium] - Stopping Chromium based browsers scan [3] 2017-04-12 18:23:21 : [scan.chromium] - 4 malicious Chromium preferences elements found 2017-04-12 18:23:21 : [scan] - Progress: 100% 2017-04-12 18:23:21 : [scan] - Stopping scan 2017-04-12 18:23:36 : [main.gui] - Clean requested 2017-04-12 18:23:41 : [main.gui] - Killing all processes 2017-04-12 18:23:41 : [main] - Killing [System Process](0) 2017-04-12 18:23:41 : [main] - Killing System(4) 2017-04-12 18:23:41 : [main] - smss.exe - (4) not killed - whitelisted 2017-04-12 18:23:41 : [main] - csrss.exe - (4) not killed - whitelisted 2017-04-12 18:23:41 : [main] - wininit.exe - (4) not killed - whitelisted 2017-04-12 18:23:41 : [main] - services.exe - (4) not killed - whitelisted 2017-04-12 18:23:41 : [main] - lsass.exe - (4) not killed - whitelisted 2017-04-12 18:23:41 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-12 18:23:41 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-12 18:23:41 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-12 18:23:41 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-12 18:23:41 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-12 18:23:41 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-12 18:23:41 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-12 18:23:41 : [main] - dasHost.exe - (4) not killed - whitelisted 2017-04-12 18:23:41 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-12 18:23:41 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-12 18:23:41 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-12 18:23:41 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-12 18:23:41 : [main] - Killing afwServ.exe(2320) 2017-04-12 18:23:41 : [main] - svchost.exe - (2320) not killed - whitelisted 2017-04-12 18:23:41 : [main] - svchost.exe - (2320) not killed - whitelisted 2017-04-12 18:23:41 : [main] - TeamViewer_Service.exe - (2320) not killed - whitelisted 2017-04-12 18:23:41 : [main] - svchost.exe - (2320) not killed - whitelisted 2017-04-12 18:23:41 : [main] - Killing Memory Compression(2844) 2017-04-12 18:23:41 : [main] - DMAgent.exe - (2844) not killed - whitelisted 2017-04-12 18:23:41 : [main] - WmiPrvSE.exe - (2844) not killed - whitelisted 2017-04-12 18:23:41 : [main] - svchost.exe - (2844) not killed - whitelisted 2017-04-12 18:23:41 : [main] - svchost.exe - (2844) not killed - whitelisted 2017-04-12 18:23:41 : [main] - svchost.exe - (2844) not killed - whitelisted 2017-04-12 18:23:41 : [main] - Killing AvastSvc.exe(9788) 2017-04-12 18:23:41 : [main] - Killing spoolsv.exe(6100) 2017-04-12 18:23:41 : [main] - Killing SearchIndexer.exe(4904) 2017-04-12 18:23:41 : [main] - Killing AppSrv.exe(892) 2017-04-12 18:23:41 : [main] - Killing btwdins.exe(9008) 2017-04-12 18:23:41 : [main] - Killing CsrBtService.exe(3580) 2017-04-12 18:23:41 : [main] - Killing OSPPSVC.EXE(4680) 2017-04-12 18:23:41 : [main] - csrss.exe - (4680) not killed - whitelisted 2017-04-12 18:23:41 : [main] - winlogon.exe - (4680) not killed - whitelisted 2017-04-12 18:23:41 : [main] - dwm.exe - (4680) not killed - whitelisted 2017-04-12 18:23:41 : [main] - sihost.exe - (4680) not killed - whitelisted 2017-04-12 18:23:41 : [main] - svchost.exe - (4680) not killed - whitelisted 2017-04-12 18:23:41 : [main] - Killing taskhostw.exe(2868) 2017-04-12 18:23:41 : [main] - Killing RuntimeBroker.exe(9872) 2017-04-12 18:23:41 : [main] - explorer.exe - (9872) not killed - whitelisted 2017-04-12 18:23:41 : [main] - Killing ShellExperienceHost.exe(5960) 2017-04-12 18:23:42 : [main] - SearchUI.exe - (5960) not killed - whitelisted 2017-04-12 18:23:42 : [main] - Killing SkypeHost.exe(3708) 2017-04-12 18:23:42 : [main] - Killing AsusTPLoader.exe(9368) 2017-04-12 18:23:42 : [main] - Killing AvastUI.exe(6160) 2017-04-12 18:23:42 : [main] - Killing SynTPEnh.exe(5072) 2017-04-12 18:23:42 : [main] - Killing SynTPHelper.exe(5276) 2017-04-12 18:23:42 : [main] - Killing jusched.exe(7576) 2017-04-12 18:23:43 : [main] - Killing igfxtray.exe(260) 2017-04-12 18:23:43 : [main] - hkcmd.exe - (260) not killed - whitelisted 2017-04-12 18:23:43 : [main] - Killing YCMMirage.exe(5520) 2017-04-12 18:23:43 : [main] - Killing igfxpers.exe(9600) 2017-04-12 18:23:43 : [main] - Killing HarmonyUserStartup.exe(6096) 2017-04-12 18:23:43 : [main] - Killing vksts.exe(4988) 2017-04-12 18:23:43 : [main] - Killing TrayApplication.exe(8904) 2017-04-12 18:23:43 : [main] - Killing CsrBtOBEXService.exe(9148) 2017-04-12 18:23:43 : [main] - Killing AsusTPCenter.exe(6504) 2017-04-12 18:23:43 : [main] - Killing AsusSGPlusBTServer.exe(9944) 2017-04-12 18:23:43 : [main] - Killing AsusSmartGestureDetector.exe(4180) 2017-04-12 18:23:43 : [main] - Killing AsusTPHelper.exe(9464) 2017-04-12 18:23:43 : [main] - Killing RemindersServer.exe(7632) 2017-04-12 18:23:43 : [main] - fontdrvhost.exe - (7632) not killed - whitelisted 2017-04-12 18:23:43 : [main] - Killing SettingSyncHost.exe(6404) 2017-04-12 18:23:43 : [main] - InstallAgent.exe - (6404) not killed - whitelisted 2017-04-12 18:23:43 : [main] - Killing CompatTelRunner.exe(6236) 2017-04-12 18:23:43 : [main] - conhost.exe - (6236) not killed - whitelisted 2017-04-12 18:23:43 : [main] - Killing CompatTelRunner.exe(7692) 2017-04-12 18:23:44 : [main] - Killing InstallAgentUserBroker.exe(4944) 2017-04-12 18:23:44 : [main] - svchost.exe - (4944) not killed - whitelisted 2017-04-12 18:23:44 : [main] - Killing SearchProtocolHost.exe(0) 2017-04-12 18:23:44 : [main] - Killing dllhost.exe(4124) 2017-04-12 18:23:44 : [main] - Killing ctfmon.exe(8120) 2017-04-12 18:23:44 : [main] - adwcleaner_6.045(1).exe - (8120) not killed - whitelisted 2017-04-12 18:23:44 : [main] - Killing SystemSettingsBroker.exe(0) 2017-04-12 18:23:44 : [main] - Killing SearchFilterHost.exe(0) 2017-04-12 18:23:44 : [main] - Killing audiodg.exe(5192) 2017-04-12 18:23:44 : [main] - Killing backgroundTaskHost.exe(6944) 2017-04-12 18:23:44 : [main] - Killing backgroundTaskHost.exe(6548) 2017-04-12 18:23:44 : [main] - Killing backgroundTaskHost.exe(0) 2017-04-12 18:23:44 : [quarantine] - Quarantine database successfully opened 2017-04-12 18:23:44 : [clean] - Progress: 0% 2017-04-12 18:23:44 : [clean.services] - Starting services clean 2017-04-12 18:23:44 : [clean.services] - Stopping services clean 2017-04-12 18:23:44 : [clean] - Progress: 10% 2017-04-12 18:23:44 : [clean.folders] - Starting folders clean 2017-04-12 18:40:15 : INFO [main] - >>>> STARTING <<<< 2017-04-12 18:40:15 : INFO [main] - Version: 6.045 2017-04-12 18:40:15 : INFO [main] - RAM Usage: 53 2017-04-12 18:40:15 : INFO [main] - OS: WIN_10 X86 2017-04-12 18:40:15 : [main.language] - Checking the language 2017-04-12 18:40:15 : [main.language] - Language found: en 2017-04-12 18:40:15 : [main.network] - Checking the network connectivity 2017-04-12 18:40:15 : [main.network] - Network connectivity status: True 2017-04-12 18:40:15 : [main.eula] - Checking for EULA agreement 2017-04-12 18:40:15 : [main.network] - Check for updates 2017-04-12 18:40:15 : [main.network] - Requesting the last release number 2017-04-12 18:40:17 : [main.network] - The current version is up-to-date 2017-04-12 18:40:17 : [main.gui] - GUI setup 2017-04-12 18:40:17 : [main.gui] - Languages setup 2017-04-12 18:40:17 : [main] - Chrome is installed: True 2017-04-12 18:40:17 : [main] - Firefox is installed: True 2017-04-12 18:40:17 : [main.gui] - Showing the gui 2017-04-12 18:40:19 : [main.gui] - Scan requested 2017-04-12 18:40:19 : [scan] - Running from: C:\AdwCleaner 2017-04-12 18:40:19 : [scan] - Progress: 0% 2017-04-12 18:40:19 : [database] - Checking for database updates 2017-04-12 18:40:19 : [main.network] - Requesting the latest database release number 2017-04-12 18:40:21 : [main.network] - Latest definitions: ce5e6b43ed0df5889c92044333ba91a9 2017-04-12 18:40:21 : [database] - Database already up-to-date: CE5E6B43ED0DF5889C92044333BA91A9 2017-04-12 18:40:21 : [scan] - Progress: 5% 2017-04-12 18:40:21 : [database] - Initialize the database 2017-04-12 18:40:21 : [database] - Loading sqlite3.dll 2017-04-12 18:40:21 : [database] - Opening the database 2017-04-12 18:40:21 : [database] - Querying database's version 2017-04-12 18:40:22 : [database] - Loading internal data 2017-04-12 18:40:22 : [database] - Loading detections 2017-04-12 18:40:26 : [database] - Loading generics 2017-04-12 18:40:26 : [database] - Closing the database 2017-04-12 18:40:26 : [database] - Closing database 2017-04-12 18:40:26 : [database] - Unloading sqlite3.dll 2017-04-12 18:40:26 : [scan] - Progress: 15% 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [1] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [2] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [3] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [4] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [5] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [6] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [7] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [8] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [9] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [10] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [11] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [12] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [13] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [14] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [15] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [16] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [17] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [18] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [19] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [20] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [21] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [22] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [23] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [24] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [25] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [26] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [27] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [28] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [29] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [30] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [31] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [32] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [33] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [34] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [35] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [36] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [37] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [38] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [39] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [40] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [41] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [42] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [43] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [44] 2017-04-12 18:40:26 : [scan.generic] - Generating generic detections [45] 2017-04-12 18:40:26 : [scan.generic] - Generic detections generated 2017-04-12 18:40:26 : [scan] - Progress: 20% 2017-04-12 18:40:26 : [scan.generic] - Starting generic analysis 2017-04-12 18:40:28 : [scan.generic] - Found HKLM\SOFTWARE\5b952a37-ebad-c0b3-e5d4-92d30f6ce1bc 2017-04-12 18:40:28 : [scan.generic] - Found Tafewardkinerpy 2017-04-12 18:40:31 : [scan] - Progress: 30% 2017-04-12 18:40:31 : [scan.services] - Starting services scan [1] 2017-04-12 18:40:31 : [scan.registry] - Found WindowsMangerProtect 2017-04-12 18:40:31 : [scan.registry] - Found GoogleChromeUpService 2017-04-12 18:40:31 : [scan.registry] - Found FirefoxU 2017-04-12 18:40:31 : [scan.registry] - Found WinSnare 2017-04-12 18:40:31 : [scan.registry] - Found windowsmangerprotect 2017-04-12 18:40:31 : [scan.registry] - Found googlechromeupservice 2017-04-12 18:40:31 : [scan.registry] - Found SNARER 2017-04-12 18:40:31 : [scan.services] - Stopping services scan [1] 2017-04-12 18:40:31 : [scan.services] - Starting services scan [2] 2017-04-12 18:40:32 : [scan.services] - Stopping services scan [2] 2017-04-12 18:40:32 : [scan.services] - 0 malicious services found 2017-04-12 18:40:32 : [scan] - Progress: 40% 2017-04-12 18:40:32 : [scan.folders] - Starting folders scan 2017-04-12 18:41:15 : [scan.folders] - Found C:\Users\Vaishnavi\AppData\Roaming\Firefox 2017-04-12 18:41:15 : [scan.folders] - Found C:\Users\Vaishnavi\AppData\Local\Firefox 2017-04-12 18:41:15 : [scan.folders] - Stopping folders scan 2017-04-12 18:41:15 : [scan.folders] - 2 malicious folders found 2017-04-12 18:41:15 : [scan] - Progress: 50% 2017-04-12 18:41:15 : [scan.files] - Starting files scan 2017-04-12 18:41:18 : [scan.files] - Found C:\Users\Vaishnavi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk 2017-04-12 18:41:19 : [scan.files] - Found C:\Users\Vaishnavi\AppData\Roaming\Microsoft\Windows\Start Menu\¿ìѹ.lnk 2017-04-12 18:41:25 : [scan.files] - Found C:\WINDOWS\system32\findit.xml 2017-04-12 18:41:25 : [scan.files] - Found C:\WINDOWS\system32\drivers\iSafeKrnlBoot.sys 2017-04-12 18:41:25 : [scan.files] - Found C:\WINDOWS\system32\drivers\KuaiZipDrive.sys 2017-04-12 18:41:26 : [scan.files] - Found C:\WINDOWS\rsrcs.dll 2017-04-12 18:41:26 : [scan.files] - Found C:\Program Files\settings.dat 2017-04-12 18:41:26 : [scan.files] - Found C:\Users\Public\Documents\temp.dat 2017-04-12 18:41:26 : [scan.files] - Found C:\Users\Public\Documents\report.dat 2017-04-12 18:41:26 : [scan.files] - Stopping files scan 2017-04-12 18:41:26 : [scan.files] - 9 malicious files found 2017-04-12 18:41:26 : [scan] - Progress: 55% 2017-04-12 18:41:26 : [scan.dll] - Starting DLL scan 2017-04-12 18:41:26 : [scan.dll] - Stopping DLL scan 2017-04-12 18:41:26 : [scan.dll] - 0 malicious DLL found 2017-04-12 18:41:26 : [scan] - Progress: 60% 2017-04-12 18:41:26 : [scan.wmi] - Starting WMI scan 2017-04-12 18:41:27 : [scan.wmi] - Found \root\subscription 2017-04-12 18:41:27 : [scan.wmi] - Stopping WMI scan 2017-04-12 18:41:27 : [scan.wmi] - 1 malicious WMI found 2017-04-12 18:41:27 : [scan] - Progress: 65% 2017-04-12 18:41:27 : [scan.shortcuts] - Starting shortcuts scan 2017-04-12 18:41:27 : [scan.shortcuts] - Cannot scan C:\Users\Vaishnavi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk 2017-04-12 18:41:27 : [scan.shortcuts] - Stopping shortcuts scan 2017-04-12 18:41:27 : [scan.shortcuts] - 0 malicious shortcuts found 2017-04-12 18:41:27 : [scan] - Progress: 70% 2017-04-12 18:41:27 : [scan.tasks] - Starting tasks scan 2017-04-12 18:41:28 : [scan.tasks] - Found Milimili 2017-04-12 18:41:28 : [scan.tasks] - Found iorrt 2017-04-12 18:41:28 : [scan.tasks] - Found Windows-PG 2017-04-12 18:41:28 : [scan.tasks] - Stopping tasks scan 2017-04-12 18:41:28 : [scan.tasks] - 4 malicious tasks found 2017-04-12 18:41:28 : [scan] - Progress: 75% 2017-04-12 18:41:28 : [scan.registry] - Starting registry scan [1] 2017-04-12 18:41:29 : [scan.registry] - Found Fishjanesc 2017-04-12 18:41:29 : [scan.registry] - Found QZipShell.ContextMenuExt 2017-04-12 18:41:29 : [scan.registry] - Found QZipShell.ContextMenuExt.1 2017-04-12 18:41:29 : [scan.registry] - Found QZipShell.DragDropMenu 2017-04-12 18:41:29 : [scan.registry] - Found QZipShell.DragDropMenu.1 2017-04-12 18:41:29 : [scan.registry] - Found QZipShell.KYDropHandler 2017-04-12 18:41:29 : [scan.registry] - Found QZipShell.KYDropHandler.1 2017-04-12 18:41:29 : [scan.registry] - Found QZipShell.KzShlobj 2017-04-12 18:41:29 : [scan.registry] - Found QZipShell.KzShlobj.1 2017-04-12 18:41:29 : [scan.registry] - Found QZipShell.PropertyExt 2017-04-12 18:41:29 : [scan.registry] - Found QZipShell.PropertyExt.1 2017-04-12 18:41:30 : [scan.registry] - Stopping registry scan [1] 2017-04-12 18:41:30 : [scan.registry] - Starting registry scan [2] 2017-04-12 18:41:32 : [scan.registry] - Found {9CC34070-3A38-4C7A-89CB-EF8177EF07A1} 2017-04-12 18:41:32 : [scan.registry] - Found {2FB831EA-DA68-4A66-8E31-A2D976A6296C} 2017-04-12 18:41:32 : [scan.registry] - Found {3DCCD550-7586-40D2-A51D-D2F98EC06B3C} 2017-04-12 18:41:32 : [scan.registry] - Found {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} 2017-04-12 18:41:32 : [scan.registry] - Found {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} 2017-04-12 18:41:32 : [scan.registry] - Found {C9487131-EF4C-40D9-BA70-E85356CAF67E} 2017-04-12 18:41:33 : [scan.registry] - Found {86C4C3BA-4EA4-4CF8-98B9-6B07B477B835} 2017-04-12 18:41:34 : [scan.registry] - Found {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} 2017-04-12 18:41:37 : [scan.registry] - Stopping registry scan [2] 2017-04-12 18:41:37 : [scan.registry] - Starting registry scan [3] 2017-04-12 18:41:37 : [scan.registry] - Found KuaiZip 2017-04-12 18:41:37 : [scan.registry] - Found UpgSvr 2017-04-12 18:41:37 : [scan.registry] - Found xvb`lj 2017-04-12 18:41:37 : [scan.registry] - Found {12DA0E6F-5543-440C-BAA2-28BF01070AFA} 2017-04-12 18:41:38 : [scan.registry] - Found APN PIP 2017-04-12 18:41:38 : [scan.registry] - Found AskPartnerNetwork 2017-04-12 18:41:38 : [scan.registry] - Found HomeTab 2017-04-12 18:41:38 : [scan.registry] - Found Kromtech 2017-04-12 18:41:38 : [scan.registry] - Found Mozilla\Extends 2017-04-12 18:41:38 : [scan.registry] - Found PIP 2017-04-12 18:41:38 : [scan.registry] - Found PRODUCTSETUP 2017-04-12 18:41:38 : [scan.registry] - Found SearchProtectWS 2017-04-12 18:41:38 : [scan.registry] - Found simplytech 2017-04-12 18:41:38 : [scan.registry] - Found Simplytech\HomeTab 2017-04-12 18:41:38 : [scan.registry] - Found TNT2 2017-04-12 18:41:38 : [scan.registry] - Found csastats 2017-04-12 18:41:38 : [scan.registry] - Found SIMPLYTECH 2017-04-12 18:41:38 : [scan.registry] - Found KuaiZip 2017-04-12 18:41:38 : [scan.registry] - Found mtUtatity 2017-04-12 18:41:38 : [scan.registry] - Found WinSnare 2017-04-12 18:41:38 : [scan.registry] - Found Fishjane 2017-04-12 18:41:38 : [scan.registry] - Found deskapp 2017-04-12 18:41:38 : [scan.registry] - Found {12DA0E6F-5543-440C-BAA2-28BF01070AFA} 2017-04-12 18:41:38 : [scan.registry] - Found {4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} 2017-04-12 18:41:38 : [scan.registry] - Found {D01A33E2-0A34-4659-82AA-8A90C51C0D21} 2017-04-12 18:41:38 : [scan.registry] - Found IMBoosterARP 2017-04-12 18:41:38 : [scan.registry] - Found IminentToolbar 2017-04-12 18:41:38 : [scan.registry] - Found SearchProtect 2017-04-12 18:41:38 : [scan.registry] - Found Vosteran.com 2017-04-12 18:41:38 : [scan.registry] - Found WajIntEnhance 2017-04-12 18:41:38 : [scan.registry] - Found SEARCHPROTECT 2017-04-12 18:41:39 : [scan.registry] - Found {12DA0E6F-5543-440C-BAA2-28BF01070AFA} 2017-04-12 18:41:40 : [scan.registry] - Found Installer 2017-04-12 18:41:40 : [scan.registry] - Found AutoTime 2017-04-12 18:41:40 : [scan.registry] - Found SNDA 2017-04-12 18:41:40 : [scan.registry] - Found mtUtatity 2017-04-12 18:41:40 : [scan.registry] - Found MICROSOFT\wewewe 2017-04-12 18:41:40 : [scan.registry] - Found WinSnare 2017-04-12 18:41:40 : [scan.registry] - Found dlr 2017-04-12 18:41:40 : [scan.registry] - Found PopWnd 2017-04-12 18:41:40 : [scan.registry] - Found UpgSvr 2017-04-12 18:41:40 : [scan.registry] - Found deskapp 2017-04-12 18:41:40 : [scan.registry] - Found {12DA0E6F-5543-440C-BAA2-28BF01070AFA} 2017-04-12 18:41:41 : [scan.registry] - Found AppTrailers 2017-04-12 18:41:41 : [scan.registry] - Found KuaiZip 2017-04-12 18:41:41 : [scan.registry] - Found UpgSvr 2017-04-12 18:41:41 : [scan.registry] - Found xvb`lj 2017-04-12 18:41:41 : [scan.registry] - Found {12DA0E6F-5543-440C-BAA2-28BF01070AFA} 2017-04-12 18:41:42 : [scan.registry] - Found Installer 2017-04-12 18:41:42 : [scan.registry] - Found AutoTime 2017-04-12 18:41:42 : [scan.registry] - Found SNDA 2017-04-12 18:41:42 : [scan.registry] - Found mtUtatity 2017-04-12 18:41:42 : [scan.registry] - Found MICROSOFT\wewewe 2017-04-12 18:41:42 : [scan.registry] - Found WinSnare 2017-04-12 18:41:42 : [scan.registry] - Found dlr 2017-04-12 18:41:42 : [scan.registry] - Found PopWnd 2017-04-12 18:41:42 : [scan.registry] - Found UpgSvr 2017-04-12 18:41:42 : [scan.registry] - Found deskapp 2017-04-12 18:41:42 : [scan.registry] - Found {12DA0E6F-5543-440C-BAA2-28BF01070AFA} 2017-04-12 18:41:42 : [scan.registry] - Found AppTrailers 2017-04-12 18:41:42 : [scan.registry] - Found {12A61307-94CD-4F8E-94BC-918E511FAA81} 2017-04-12 18:41:42 : [scan.registry] - Found {12DA0E6F-5543-440C-BAA2-28BF01070AFA} 2017-04-12 18:41:42 : [scan.registry] - Found {3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} 2017-04-12 18:41:42 : [scan.registry] - Found {4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} 2017-04-12 18:41:42 : [scan.registry] - Found AIM Toolbar 2017-04-12 18:41:42 : [scan.registry] - Found AskPartnerNetwork 2017-04-12 18:41:42 : [scan.registry] - Found Conduit 2017-04-12 18:41:42 : [scan.registry] - Found FFPluginHp 2017-04-12 18:41:42 : [scan.registry] - Found Iminent 2017-04-12 18:41:42 : [scan.registry] - Found istartsurfSoftware 2017-04-12 18:41:42 : [scan.registry] - Found SearchModule 2017-04-12 18:41:42 : [scan.registry] - Found SearchProtect 2017-04-12 18:41:42 : [scan.registry] - Found searchult 2017-04-12 18:41:42 : [scan.registry] - Found SpeedBit 2017-04-12 18:41:42 : [scan.registry] - Found SEARCHPROTECT 2017-04-12 18:41:42 : [scan.registry] - Found youndooSoftware 2017-04-12 18:41:42 : [scan.registry] - Found OtherSearch 2017-04-12 18:41:42 : [scan.registry] - Found amule-custom 2017-04-12 18:41:42 : [scan.registry] - Found mtUtatity 2017-04-12 18:41:42 : [scan.registry] - Found InterSect Alliance 2017-04-12 18:41:42 : [scan.registry] - Found startpageing123Software 2017-04-12 18:41:42 : [scan.registry] - Found Fishjane 2017-04-12 18:41:42 : [scan.registry] - Found xvb`lj 2017-04-12 18:41:42 : [scan.registry] - Found msServer 2017-04-12 18:41:42 : [scan.registry] - Found {84416237-6490-494D-9AD6-4994DD978971} 2017-04-12 18:41:42 : [scan.registry] - Found {D01A33E2-0A34-4659-82AA-8A90C51C0D21} 2017-04-12 18:41:42 : [scan.registry] - Found IMBoosterARP 2017-04-12 18:41:42 : [scan.registry] - Found IminentToolbar 2017-04-12 18:41:42 : [scan.registry] - Found Linkey 2017-04-12 18:41:42 : [scan.registry] - Found SearchProtect 2017-04-12 18:41:42 : [scan.registry] - Found Vosteran.com 2017-04-12 18:41:42 : [scan.registry] - Found WajIntEnhance 2017-04-12 18:41:42 : [scan.registry] - Found SEARCHPROTECT 2017-04-12 18:41:42 : [scan.registry] - Found {59B5A9CD-253D-4C41-A073-B387D4C9672D} 2017-04-12 18:41:42 : [scan.registry] - Found {13D7C2E9-08E7-4889-94FF-87E707184E53} 2017-04-12 18:41:43 : [scan.registry] - Stopping registry scan [3] 2017-04-12 18:41:43 : [scan] - Progress: 80% 2017-04-12 18:41:43 : [scan.registry] - Starting registry scan [4] 2017-04-12 18:41:43 : [scan.registry] - Stopping registry scan [4] 2017-04-12 18:41:43 : [scan.registry] - Starting registry scan [5] 2017-04-12 18:41:43 : [scan.registry] - Stopping registry scan [5] 2017-04-12 18:41:43 : [scan] - Progress: 82% 2017-04-12 18:41:43 : [scan.registry] - Starting registry scan [6] 2017-04-12 18:41:43 : [scan.registry] - Stopping registry scan [6] 2017-04-12 18:41:43 : [scan.registry] - Starting registry scan [7] 2017-04-12 18:41:43 : [scan.registry] - Stopping registry scan [7] 2017-04-12 18:41:43 : [scan.registry] - Starting registry scan [8] 2017-04-12 18:41:43 : [scan.registry] - Stopping registry scan [8] 2017-04-12 18:41:43 : [scan] - Progress: 84% 2017-04-12 18:41:43 : [scan.registry] - Starting registry scan [9] 2017-04-12 18:41:43 : [scan.registry] - Stopping registry scan [9] 2017-04-12 18:41:43 : [scan.registry] - Starting registry scan [10] 2017-04-12 18:41:43 : [scan.registry] - Stopping registry scan [10] 2017-04-12 18:41:43 : [scan.registry] - Starting registry scan [11] 2017-04-12 18:41:43 : [scan.registry] - Found C:\ProgramData\Utatity\TransLax.dll 2017-04-12 18:41:43 : [scan.registry] - Stopping registry scan [11] 2017-04-12 18:41:43 : [scan.registry] - Starting registry scan [12] 2017-04-12 18:41:43 : [scan.registry] - Stopping registry scan [12] 2017-04-12 18:41:43 : [scan.registry] - Starting registry scan [13] 2017-04-12 18:41:43 : [scan.registry] - Stopping registry scan [13] 2017-04-12 18:41:43 : [scan.registry] - Starting registry scan [14] 2017-04-12 18:41:43 : [scan.registry] - Stopping registry scan [14] 2017-04-12 18:41:43 : [scan.registry] - Starting registry scan [15] 2017-04-12 18:41:43 : [scan.registry] - Stopping registry scan [15] 2017-04-12 18:41:43 : [scan.registry] - Starting registry scan [16] 2017-04-12 18:41:43 : [scan.registry] - Stopping registry scan [16] 2017-04-12 18:41:43 : [scan.registry] - Starting registry scan [17] 2017-04-12 18:41:43 : [scan.registry] - Stopping registry scan [17] 2017-04-12 18:41:43 : [scan.registry] - Starting registry scan [18] 2017-04-12 18:41:44 : [scan.registry] - Found msiql 2017-04-12 18:41:44 : [scan.registry] - Found DiskPower 2017-04-12 18:41:44 : [scan.registry] - Found AppTrailers 2017-04-12 18:41:44 : [scan.registry] - Stopping registry scan [18] 2017-04-12 18:41:44 : [scan] - Progress: 86% 2017-04-12 18:41:44 : [scan.registry] - Starting registry scan [19] 2017-04-12 18:41:44 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH 2017-04-12 18:41:44 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iSafeSvc2.exe 2017-04-12 18:41:44 : [scan.registry] - Found HKCU\Environment SNF 2017-04-12 18:41:44 : [scan.registry] - Found HKCU\Environment SNP 2017-04-12 18:41:44 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC} 2017-04-12 18:41:44 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1} 2017-04-12 18:41:44 : [scan.registry] - Found HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH 2017-04-12 18:41:44 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved KuaiZip Shell Extension 2017-04-12 18:41:44 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost kuaizipupdatesvc 2017-04-12 18:41:44 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj 2017-04-12 18:41:44 : [scan.registry] - Found HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 2017-04-12 18:41:44 : [scan.registry] - Found HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt 2017-04-12 18:41:44 : [scan.registry] - Found HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt 2017-04-12 18:41:44 : [scan.registry] - Found HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL 2017-04-12 18:41:44 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost WinSAPSvc 2017-04-12 18:41:44 : [scan.registry] - Found HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\KuaiZipShlExt 2017-04-12 18:41:44 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Utatity.exe 2017-04-12 18:41:44 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Utatity.exe 2017-04-12 18:41:44 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost WinSnare 2017-04-12 18:41:44 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost WinSnare 2017-04-12 18:41:44 : [scan.registry] - Found HKCU\SOFTWARE\Classes\ChromeHTML 2017-04-12 18:41:44 : [scan.registry] - Found HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML 2017-04-12 18:41:44 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost WINSNARE 2017-04-12 18:41:44 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost SNARER 2017-04-12 18:41:44 : [scan.registry] - Stopping registry scan [19] 2017-04-12 18:41:44 : [scan] - Progress: 88% 2017-04-12 18:41:44 : [scan.registry] - 150 malicious registry element found 2017-04-12 18:41:44 : [scan] - Progress: 90% 2017-04-12 18:41:44 : [main] - Firefox is installed: True 2017-04-12 18:41:44 : [scan.firefox] - Starting Firefox based browsers scan [1] 2017-04-12 18:41:47 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchffv2@gmail.com] 2017-04-12 18:41:48 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com] 2017-04-12 18:41:50 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchffv2@gmail.com] 2017-04-12 18:41:50 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com] 2017-04-12 18:41:53 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchffv2@gmail.com] 2017-04-12 18:41:53 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com] 2017-04-12 18:41:53 : [scan.firefox] - Stopping Firefox based browsers scan [1] 2017-04-12 18:41:53 : [scan.firefox] - Starting Firefox based browsers scan [2] 2017-04-12 18:41:54 : [scan.firefox] - Found C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a4ycc3sr.default\searchplugins\startpageing123.xml 2017-04-12 18:41:54 : [scan.firefox] - Stopping Firefox based browsers scan [2] 2017-04-12 18:41:54 : [scan] - Progress: 92% 2017-04-12 18:41:54 : [scan.firefox] - Starting Firefox based browsers scan [3] 2017-04-12 18:41:54 : [scan.firefox] - Reading C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a4ycc3sr.default\prefs.js 2017-04-12 18:41:55 : [scan.firefox] - Reading C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a4ycc3sr.default\user.js 2017-04-12 18:41:55 : [scan.firefox] - Reading C:\Users\Vaishnavi\AppData\Roaming\Mozilla\Firefox\Profiles\al4wjjbd.default-1467199780811\prefs.js 2017-04-12 18:41:55 : [scan.firefox] - Reading C:\Users\Vaishnavi\AppData\Roaming\Mozilla\Firefox\Profiles\al4wjjbd.default-1467199780811\user.js 2017-04-12 18:41:55 : [scan.firefox] - Reading C:\Users\Vaishnavi\AppData\Roaming\Mozilla\Firefox\Profiles\oz7itdg9.default-1491669357601\prefs.js 2017-04-12 18:41:55 : [scan.firefox] - Reading C:\Users\Vaishnavi\AppData\Roaming\Mozilla\Firefox\Profiles\oz7itdg9.default-1491669357601\user.js 2017-04-12 18:41:55 : [scan.firefox] - Reading C:\Users\Varun\AppData\Roaming\Mozilla\Firefox\Profiles\rmbrwe3s.default\prefs.js 2017-04-12 18:41:55 : [scan.firefox] - Reading C:\Users\Varun\AppData\Roaming\Mozilla\Firefox\Profiles\rmbrwe3s.default\user.js 2017-04-12 18:41:55 : [scan.firefox] - No profile to scan, skipping 2017-04-12 18:41:55 : [scan.firefox] - No profile to scan, skipping 2017-04-12 18:41:55 : [scan.firefox] - No profile to scan, skipping 2017-04-12 18:41:55 : [scan] - Progress: 94% 2017-04-12 18:41:55 : [scan.firefox] - Stopping Firefox based browsers scan [3] 2017-04-12 18:41:55 : [scan.firefox] - 0 malicious Firefox preferences found 2017-04-12 18:41:55 : [scan] - Progress: 95% 2017-04-12 18:41:55 : [main] - Chrome is installed: True 2017-04-12 18:41:55 : [scan.chromium] - Starting Chromium based browsers scan [1] 2017-04-12 18:42:02 : [scan.chromium] - Found HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa 2017-04-12 18:42:03 : [scan.chromium] - Found C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-04-12 18:42:03 : [scan.chromium] - Found C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage 2017-04-12 18:42:03 : [scan.chromium] - Found C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage-journal 2017-04-12 18:42:03 : [scan.chromium] - Found C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage 2017-04-12 18:42:03 : [scan.chromium] - Found HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-04-12 18:42:04 : [scan.chromium] - Stopping Chromium based browsers scan [1] 2017-04-12 18:42:04 : [scan] - Progress: 97% 2017-04-12 18:42:04 : [scan.chromium] - Starting Chromium based browsers scan [2] 2017-04-12 18:42:04 : [scan.chromium] - No profile to scan, skipping 2017-04-12 18:42:04 : [scan.chromium] - Opening C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data 2017-04-12 18:42:04 : [scan.chromium] - Closing C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data 2017-04-12 18:42:04 : [scan.chromium] - Opening C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences 2017-04-12 18:42:08 : [scan.chromium] - Found C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extensions] pilplloabdedfmialnfchjomjmpjcoej 2017-04-12 18:42:08 : [scan.chromium] - Opening C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data 2017-04-12 18:42:08 : [scan.chromium] - Closing C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data 2017-04-12 18:42:08 : [scan.chromium] - Opening C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences 2017-04-12 18:42:09 : [scan.chromium] - Opening C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data 2017-04-12 18:42:09 : [scan.chromium] - Closing C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data 2017-04-12 18:42:09 : [scan.chromium] - Opening C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences 2017-04-12 18:42:10 : [scan.chromium] - Opening C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data 2017-04-12 18:42:10 : [scan.chromium] - Closing C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data 2017-04-12 18:42:10 : [scan.chromium] - Opening C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\Profile 2\Secure Preferences 2017-04-12 18:42:12 : [scan.chromium] - Opening C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Data 2017-04-12 18:42:12 : [scan.chromium] - Closing C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Data 2017-04-12 18:42:12 : [scan.chromium] - Opening C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences 2017-04-12 18:42:22 : [scan.chromium] - Found C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [Extensions] jlcgehabolcakkjhgmgpkagpolbjlhfa 2017-04-12 18:42:23 : [scan.chromium] - Found C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [Extensions] pilplloabdedfmialnfchjomjmpjcoej 2017-04-12 18:42:23 : [scan.chromium] - Opening C:\Users\Varun\AppData\Local\Google\Chrome\User Data\Default\Web Data 2017-04-12 18:42:23 : [scan.chromium] - Closing C:\Users\Varun\AppData\Local\Google\Chrome\User Data\Default\Web Data 2017-04-12 18:42:23 : [scan.chromium] - Opening C:\Users\Varun\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences 2017-04-12 18:42:30 : [scan.chromium] - Found C:\Users\Varun\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extensions] cknghehebaconkajgiobncfleofebcog 2017-04-12 18:42:31 : [scan.chromium] - No profile to scan, skipping 2017-04-12 18:42:31 : [scan.chromium] - No profile to scan, skipping 2017-04-12 18:42:31 : [scan.chromium] - No profile to scan, skipping 2017-04-12 18:42:31 : [scan.chromium] - No profile to scan, skipping 2017-04-12 18:42:31 : [scan.chromium] - No profile to scan, skipping 2017-04-12 18:42:31 : [scan.chromium] - Stopping Chromium based browsers scan [2] 2017-04-12 18:42:31 : [scan] - Progress: 99% 2017-04-12 18:42:31 : [scan.chromium] - Starting Chromium based browsers scan [3] 2017-04-12 18:42:31 : [scan.chromium] - Stopping Chromium based browsers scan [3] 2017-04-12 18:42:31 : [scan.chromium] - 4 malicious Chromium preferences elements found 2017-04-12 18:42:31 : [scan] - Progress: 100% 2017-04-12 18:42:31 : [scan] - Stopping scan 2017-04-12 18:43:12 : [main.gui] - Showing Options window 2017-04-12 18:43:16 : [main] - Saving current options to the configuration file 2017-04-12 18:43:26 : [main.gui] - Clean requested 2017-04-12 18:43:29 : [main.gui] - Killing all processes 2017-04-12 18:43:29 : [main] - Killing [System Process](0) 2017-04-12 18:43:29 : [main] - Killing System(4) 2017-04-12 18:43:29 : [main] - smss.exe - (4) not killed - whitelisted 2017-04-12 18:43:29 : [main] - csrss.exe - (4) not killed - whitelisted 2017-04-12 18:43:29 : [main] - wininit.exe - (4) not killed - whitelisted 2017-04-12 18:43:29 : [main] - services.exe - (4) not killed - whitelisted 2017-04-12 18:43:29 : [main] - lsass.exe - (4) not killed - whitelisted 2017-04-12 18:43:29 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-12 18:43:29 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-12 18:43:29 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-12 18:43:29 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-12 18:43:29 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-12 18:43:29 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-12 18:43:29 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-12 18:43:29 : [main] - dasHost.exe - (4) not killed - whitelisted 2017-04-12 18:43:29 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-12 18:43:29 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-12 18:43:29 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-12 18:43:29 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-12 18:43:29 : [main] - Killing afwServ.exe(2320) 2017-04-12 18:43:29 : [main] - svchost.exe - (2320) not killed - whitelisted 2017-04-12 18:43:29 : [main] - svchost.exe - (2320) not killed - whitelisted 2017-04-12 18:43:29 : [main] - TeamViewer_Service.exe - (2320) not killed - whitelisted 2017-04-12 18:43:29 : [main] - svchost.exe - (2320) not killed - whitelisted 2017-04-12 18:43:29 : [main] - Killing Memory Compression(2844) 2017-04-12 18:43:29 : [main] - DMAgent.exe - (2844) not killed - whitelisted 2017-04-12 18:43:29 : [main] - WmiPrvSE.exe - (2844) not killed - whitelisted 2017-04-12 18:43:29 : [main] - svchost.exe - (2844) not killed - whitelisted 2017-04-12 18:43:29 : [main] - svchost.exe - (2844) not killed - whitelisted 2017-04-12 18:43:29 : [main] - svchost.exe - (2844) not killed - whitelisted 2017-04-12 18:43:29 : [main] - Killing AvastSvc.exe(9788) 2017-04-12 18:43:29 : [main] - csrss.exe - (9788) not killed - whitelisted 2017-04-12 18:43:29 : [main] - winlogon.exe - (9788) not killed - whitelisted 2017-04-12 18:43:29 : [main] - dwm.exe - (9788) not killed - whitelisted 2017-04-12 18:43:29 : [main] - sihost.exe - (9788) not killed - whitelisted 2017-04-12 18:43:29 : [main] - svchost.exe - (9788) not killed - whitelisted 2017-04-12 18:43:29 : [main] - explorer.exe - (9788) not killed - whitelisted 2017-04-12 18:43:29 : [main] - SearchUI.exe - (9788) not killed - whitelisted 2017-04-12 18:43:29 : [main] - Killing AvastUI.exe(6160) 2017-04-12 18:43:29 : [main] - hkcmd.exe - (6160) not killed - whitelisted 2017-04-12 18:43:29 : [main] - fontdrvhost.exe - (6160) not killed - whitelisted 2017-04-12 18:43:29 : [main] - InstallAgent.exe - (6160) not killed - whitelisted 2017-04-12 18:43:29 : [main] - Killing taskhostw.exe(5224) 2017-04-12 18:43:29 : [main] - Killing RuntimeBroker.exe(7884) 2017-04-12 18:43:29 : [main] - Killing SkypeHost.exe(8884) 2017-04-12 18:43:29 : [main] - Killing ShellExperienceHost.exe(7520) 2017-04-12 18:43:29 : [main] - Killing SearchIndexer.exe(2476) 2017-04-12 18:43:29 : [main] - Killing AppSrv.exe(7552) 2017-04-12 18:43:29 : [main] - Killing btwdins.exe(4996) 2017-04-12 18:43:29 : [main] - Killing SearchProtocolHost.exe(0) 2017-04-12 18:43:29 : [main] - smartscreen.exe - (0) not killed - whitelisted 2017-04-12 18:43:29 : [main] - Killing dllhost.exe(6264) 2017-04-12 18:43:30 : [main] - Killing firefox.exe(5692) 2017-04-12 18:43:30 : [main] - Killing dllhost.exe(5704) 2017-04-12 18:43:30 : [main] - Killing RemindersServer.exe(8976) 2017-04-12 18:43:30 : [main] - svchost.exe - (8976) not killed - whitelisted 2017-04-12 18:43:30 : [main] - Killing audiodg.exe(3388) 2017-04-12 18:43:30 : [main] - adwcleaner_6.045.exe - (3388) not killed - whitelisted 2017-04-12 18:43:30 : [main] - Killing SearchFilterHost.exe(0) 2017-04-12 18:43:30 : [quarantine] - Quarantine database successfully opened 2017-04-12 18:43:30 : [clean] - Progress: 0% 2017-04-12 18:43:30 : [clean.services] - Starting services clean 2017-04-12 18:43:30 : [clean.services] - Nothing to clean. 2017-04-12 18:43:30 : [clean.services] - Stopping services clean 2017-04-12 18:43:30 : [clean] - Progress: 10% 2017-04-12 18:43:30 : [clean.folders] - Starting folders clean 2017-04-12 18:44:29 : [quarantine] - Added file to quarantine database [C:\Users\Vaishnavi\AppData\Roaming\Firefox] 2017-04-12 18:44:38 : [quarantine] - Folder added to quarantined and remove [C:\Users\Vaishnavi\AppData\Roaming\Firefox] 2017-04-14 12:07:47 : INFO [main] - >>>> STARTING <<<< 2017-04-14 12:07:47 : INFO [main] - Version: 6.045 2017-04-14 12:07:47 : INFO [main] - RAM Usage: 50 2017-04-14 12:07:47 : INFO [main] - OS: WIN_10 X86 2017-04-14 12:07:47 : [main.language] - Checking the language 2017-04-14 12:07:47 : [main.language] - Language found: en 2017-04-14 12:07:47 : [main.network] - Checking the network connectivity 2017-04-14 12:07:47 : [main.network] - Network connectivity status: True 2017-04-14 12:07:47 : [main.eula] - Checking for EULA agreement 2017-04-14 12:07:47 : [main.network] - Check for updates 2017-04-14 12:07:47 : [main.network] - Requesting the last release number 2017-04-14 12:07:48 : [main.network] - The current version is up-to-date 2017-04-14 12:07:48 : [main.gui] - GUI setup 2017-04-14 12:07:48 : [main.gui] - Languages setup 2017-04-14 12:07:48 : [main] - Chrome is installed: True 2017-04-14 12:07:48 : [main] - Firefox is installed: True 2017-04-14 12:07:48 : [main.gui] - Showing the gui 2017-04-14 12:07:50 : [main.gui] - Scan requested 2017-04-14 12:07:50 : [scan] - Running from: C:\AdwCleaner 2017-04-14 12:07:50 : [scan] - Progress: 0% 2017-04-14 12:07:50 : [database] - Checking for database updates 2017-04-14 12:07:50 : [main.network] - Requesting the latest database release number 2017-04-14 12:07:54 : [main.network] - Latest definitions: f8c67de018067e2a30efbd0f1d4f70d4 2017-04-14 12:07:54 : [main.network] - Updating definitions 2017-04-14 12:10:34 : [main.network] - Saving the updated definitions 2017-04-14 12:10:34 : [database] - Database successfully updated: F8C67DE018067E2A30EFBD0F1D4F70D4 2017-04-14 12:10:34 : [scan] - Progress: 5% 2017-04-14 12:10:34 : [database] - Initialize the database 2017-04-14 12:10:34 : [database] - Loading sqlite3.dll 2017-04-14 12:10:34 : [database] - Opening the database 2017-04-14 12:10:34 : [database] - Querying database's version 2017-04-14 12:10:34 : [database] - Loading internal data 2017-04-14 12:10:34 : [database] - Loading detections 2017-04-14 12:10:39 : [database] - Loading generics 2017-04-14 12:10:40 : [database] - Closing the database 2017-04-14 12:10:40 : [database] - Closing database 2017-04-14 12:10:40 : [database] - Unloading sqlite3.dll 2017-04-14 12:10:40 : [scan] - Progress: 15% 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [1] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [2] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [3] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [4] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [5] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [6] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [7] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [8] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [9] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [10] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [11] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [12] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [13] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [14] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [15] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [16] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [17] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [18] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [19] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [20] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [21] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [22] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [23] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [24] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [25] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [26] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [27] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [28] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [29] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [30] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [31] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [32] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [33] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [34] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [35] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [36] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [37] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [38] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [39] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [40] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [41] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [42] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [43] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [44] 2017-04-14 12:10:40 : [scan.generic] - Generating generic detections [45] 2017-04-14 12:10:40 : [scan.generic] - Generic detections generated 2017-04-14 12:10:40 : [scan] - Progress: 20% 2017-04-14 12:10:40 : [scan.generic] - Starting generic analysis 2017-04-14 12:10:55 : [scan.generic] - Found HKLM\SOFTWARE\5b952a37-ebad-c0b3-e5d4-92d30f6ce1bc 2017-04-14 12:10:56 : [scan.generic] - Found Tafewardkinerpy 2017-04-14 12:11:05 : [scan] - Progress: 30% 2017-04-14 12:11:05 : [scan.services] - Starting services scan [1] 2017-04-14 12:11:05 : [scan.registry] - Found WindowsMangerProtect 2017-04-14 12:11:05 : [scan.registry] - Found GoogleChromeUpService 2017-04-14 12:11:05 : [scan.registry] - Found FirefoxU 2017-04-14 12:11:05 : [scan.registry] - Found WinSnare 2017-04-14 12:11:05 : [scan.registry] - Found windowsmangerprotect 2017-04-14 12:11:05 : [scan.registry] - Found googlechromeupservice 2017-04-14 12:11:05 : [scan.registry] - Found SNARER 2017-04-14 12:11:05 : [scan.services] - Stopping services scan [1] 2017-04-14 12:11:05 : [scan.services] - Starting services scan [2] 2017-04-14 12:11:05 : [scan.services] - Stopping services scan [2] 2017-04-14 12:11:05 : [scan.services] - 0 malicious services found 2017-04-14 12:11:05 : [scan] - Progress: 40% 2017-04-14 12:11:05 : [scan.folders] - Starting folders scan 2017-04-14 12:11:56 : [scan.folders] - Found C:\Users\Vaishnavi\AppData\Local\Firefox 2017-04-14 12:11:56 : [scan.folders] - Stopping folders scan 2017-04-14 12:11:56 : [scan.folders] - 1 malicious folders found 2017-04-14 12:11:56 : [scan] - Progress: 50% 2017-04-14 12:11:56 : [scan.files] - Starting files scan 2017-04-14 12:12:00 : [scan.files] - Found C:\Users\Vaishnavi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk 2017-04-14 12:12:01 : [scan.files] - Found C:\Users\Vaishnavi\AppData\Roaming\Microsoft\Windows\Start Menu\¿ìѹ.lnk 2017-04-14 12:12:07 : [scan.files] - Found C:\WINDOWS\system32\findit.xml 2017-04-14 12:12:07 : [scan.files] - Found C:\WINDOWS\system32\drivers\iSafeKrnlBoot.sys 2017-04-14 12:12:08 : [scan.files] - Found C:\WINDOWS\system32\drivers\KuaiZipDrive.sys 2017-04-14 12:12:09 : [scan.files] - Found C:\WINDOWS\rsrcs.dll 2017-04-14 12:12:09 : [scan.files] - Found C:\Program Files\settings.dat 2017-04-14 12:12:09 : [scan.files] - Found C:\Users\Public\Documents\temp.dat 2017-04-14 12:12:09 : [scan.files] - Found C:\Users\Public\Documents\report.dat 2017-04-14 12:12:09 : [scan.files] - Stopping files scan 2017-04-14 12:12:09 : [scan.files] - 9 malicious files found 2017-04-14 12:12:09 : [scan] - Progress: 55% 2017-04-14 12:12:09 : [scan.dll] - Starting DLL scan 2017-04-14 12:12:09 : [scan.dll] - Stopping DLL scan 2017-04-14 12:12:09 : [scan.dll] - 0 malicious DLL found 2017-04-14 12:12:09 : [scan] - Progress: 60% 2017-04-14 12:12:09 : [scan.wmi] - Starting WMI scan 2017-04-14 12:12:09 : [scan.wmi] - Found \root\subscription 2017-04-14 12:12:09 : [scan.wmi] - Stopping WMI scan 2017-04-14 12:12:09 : [scan.wmi] - 1 malicious WMI found 2017-04-14 12:12:09 : [scan] - Progress: 65% 2017-04-14 12:12:09 : [scan.shortcuts] - Starting shortcuts scan 2017-04-14 12:12:12 : [scan.shortcuts] - Cannot scan C:\Users\Vaishnavi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk 2017-04-14 12:12:13 : [scan.shortcuts] - Stopping shortcuts scan 2017-04-14 12:12:13 : [scan.shortcuts] - 0 malicious shortcuts found 2017-04-14 12:12:13 : [scan] - Progress: 70% 2017-04-14 12:12:13 : [scan.tasks] - Starting tasks scan 2017-04-14 12:12:14 : [scan.tasks] - Found Milimili 2017-04-14 12:12:14 : [scan.tasks] - Found iorrt 2017-04-14 12:12:14 : [scan.tasks] - Found Windows-PG 2017-04-14 12:12:14 : [scan.tasks] - Stopping tasks scan 2017-04-14 12:12:14 : [scan.tasks] - 4 malicious tasks found 2017-04-14 12:12:14 : [scan] - Progress: 75% 2017-04-14 12:12:14 : [scan.registry] - Starting registry scan [1] 2017-04-14 12:12:15 : [scan.registry] - Found Fishjanesc 2017-04-14 12:12:15 : [scan.registry] - Found QZipShell.ContextMenuExt 2017-04-14 12:12:15 : [scan.registry] - Found QZipShell.ContextMenuExt.1 2017-04-14 12:12:15 : [scan.registry] - Found QZipShell.DragDropMenu 2017-04-14 12:12:15 : [scan.registry] - Found QZipShell.DragDropMenu.1 2017-04-14 12:12:15 : [scan.registry] - Found QZipShell.KYDropHandler 2017-04-14 12:12:15 : [scan.registry] - Found QZipShell.KYDropHandler.1 2017-04-14 12:12:15 : [scan.registry] - Found QZipShell.KzShlobj 2017-04-14 12:12:15 : [scan.registry] - Found QZipShell.KzShlobj.1 2017-04-14 12:12:15 : [scan.registry] - Found QZipShell.PropertyExt 2017-04-14 12:12:15 : [scan.registry] - Found QZipShell.PropertyExt.1 2017-04-14 12:12:16 : [scan.registry] - Stopping registry scan [1] 2017-04-14 12:12:16 : [scan.registry] - Starting registry scan [2] 2017-04-14 12:12:17 : [scan.registry] - Found {9CC34070-3A38-4C7A-89CB-EF8177EF07A1} 2017-04-14 12:12:18 : [scan.registry] - Found {2FB831EA-DA68-4A66-8E31-A2D976A6296C} 2017-04-14 12:12:18 : [scan.registry] - Found {3DCCD550-7586-40D2-A51D-D2F98EC06B3C} 2017-04-14 12:12:18 : [scan.registry] - Found {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} 2017-04-14 12:12:18 : [scan.registry] - Found {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} 2017-04-14 12:12:18 : [scan.registry] - Found {C9487131-EF4C-40D9-BA70-E85356CAF67E} 2017-04-14 12:12:18 : [scan.registry] - Found {86C4C3BA-4EA4-4CF8-98B9-6B07B477B835} 2017-04-14 12:12:20 : [scan.registry] - Found {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} 2017-04-14 12:12:23 : [scan.registry] - Stopping registry scan [2] 2017-04-14 12:12:23 : [scan.registry] - Starting registry scan [3] 2017-04-14 12:12:23 : [scan.registry] - Found KuaiZip 2017-04-14 12:12:23 : [scan.registry] - Found UpgSvr 2017-04-14 12:12:23 : [scan.registry] - Found xvb`lj 2017-04-14 12:12:23 : [scan.registry] - Found {12DA0E6F-5543-440C-BAA2-28BF01070AFA} 2017-04-14 12:12:24 : [scan.registry] - Found Installer 2017-04-14 12:12:24 : [scan.registry] - Found AutoTime 2017-04-14 12:12:24 : [scan.registry] - Found SNDA 2017-04-14 12:12:24 : [scan.registry] - Found mtUtatity 2017-04-14 12:12:24 : [scan.registry] - Found MICROSOFT\wewewe 2017-04-14 12:12:24 : [scan.registry] - Found WinSnare 2017-04-14 12:12:24 : [scan.registry] - Found dlr 2017-04-14 12:12:24 : [scan.registry] - Found PopWnd 2017-04-14 12:12:24 : [scan.registry] - Found UpgSvr 2017-04-14 12:12:24 : [scan.registry] - Found deskapp 2017-04-14 12:12:24 : [scan.registry] - Found {12DA0E6F-5543-440C-BAA2-28BF01070AFA} 2017-04-14 12:12:25 : [scan.registry] - Found AppTrailers 2017-04-14 12:12:25 : [scan.registry] - Found KuaiZip 2017-04-14 12:12:25 : [scan.registry] - Found UpgSvr 2017-04-14 12:12:25 : [scan.registry] - Found xvb`lj 2017-04-14 12:12:25 : [scan.registry] - Found {12DA0E6F-5543-440C-BAA2-28BF01070AFA} 2017-04-14 12:12:26 : [scan.registry] - Found Installer 2017-04-14 12:12:26 : [scan.registry] - Found AutoTime 2017-04-14 12:12:26 : [scan.registry] - Found SNDA 2017-04-14 12:12:26 : [scan.registry] - Found mtUtatity 2017-04-14 12:12:26 : [scan.registry] - Found MICROSOFT\wewewe 2017-04-14 12:12:26 : [scan.registry] - Found WinSnare 2017-04-14 12:12:26 : [scan.registry] - Found dlr 2017-04-14 12:12:26 : [scan.registry] - Found PopWnd 2017-04-14 12:12:26 : [scan.registry] - Found UpgSvr 2017-04-14 12:12:26 : [scan.registry] - Found deskapp 2017-04-14 12:12:26 : [scan.registry] - Found {12DA0E6F-5543-440C-BAA2-28BF01070AFA} 2017-04-14 12:12:26 : [scan.registry] - Found AppTrailers 2017-04-14 12:12:26 : [scan.registry] - Found {12A61307-94CD-4F8E-94BC-918E511FAA81} 2017-04-14 12:12:26 : [scan.registry] - Found {12DA0E6F-5543-440C-BAA2-28BF01070AFA} 2017-04-14 12:12:26 : [scan.registry] - Found {3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} 2017-04-14 12:12:26 : [scan.registry] - Found {4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} 2017-04-14 12:12:26 : [scan.registry] - Found AIM Toolbar 2017-04-14 12:12:26 : [scan.registry] - Found AskPartnerNetwork 2017-04-14 12:12:26 : [scan.registry] - Found Conduit 2017-04-14 12:12:26 : [scan.registry] - Found FFPluginHp 2017-04-14 12:12:26 : [scan.registry] - Found Iminent 2017-04-14 12:12:26 : [scan.registry] - Found istartsurfSoftware 2017-04-14 12:12:26 : [scan.registry] - Found SearchModule 2017-04-14 12:12:26 : [scan.registry] - Found SearchProtect 2017-04-14 12:12:26 : [scan.registry] - Found searchult 2017-04-14 12:12:26 : [scan.registry] - Found SpeedBit 2017-04-14 12:12:26 : [scan.registry] - Found SEARCHPROTECT 2017-04-14 12:12:26 : [scan.registry] - Found youndooSoftware 2017-04-14 12:12:26 : [scan.registry] - Found OtherSearch 2017-04-14 12:12:26 : [scan.registry] - Found amule-custom 2017-04-14 12:12:26 : [scan.registry] - Found mtUtatity 2017-04-14 12:12:26 : [scan.registry] - Found InterSect Alliance 2017-04-14 12:12:26 : [scan.registry] - Found startpageing123Software 2017-04-14 12:12:26 : [scan.registry] - Found Fishjane 2017-04-14 12:12:26 : [scan.registry] - Found xvb`lj 2017-04-14 12:12:26 : [scan.registry] - Found msServer 2017-04-14 12:12:26 : [scan.registry] - Found {84416237-6490-494D-9AD6-4994DD978971} 2017-04-14 12:12:26 : [scan.registry] - Found {D01A33E2-0A34-4659-82AA-8A90C51C0D21} 2017-04-14 12:12:26 : [scan.registry] - Found IMBoosterARP 2017-04-14 12:12:26 : [scan.registry] - Found IminentToolbar 2017-04-14 12:12:26 : [scan.registry] - Found Linkey 2017-04-14 12:12:26 : [scan.registry] - Found SearchProtect 2017-04-14 12:12:26 : [scan.registry] - Found Vosteran.com 2017-04-14 12:12:26 : [scan.registry] - Found WajIntEnhance 2017-04-14 12:12:26 : [scan.registry] - Found SEARCHPROTECT 2017-04-14 12:12:27 : [scan.registry] - Found {59B5A9CD-253D-4C41-A073-B387D4C9672D} 2017-04-14 12:12:27 : [scan.registry] - Found {13D7C2E9-08E7-4889-94FF-87E707184E53} 2017-04-14 12:12:27 : [scan.registry] - Stopping registry scan [3] 2017-04-14 12:12:27 : [scan] - Progress: 80% 2017-04-14 12:12:27 : [scan.registry] - Starting registry scan [4] 2017-04-14 12:12:27 : [scan.registry] - Stopping registry scan [4] 2017-04-14 12:12:27 : [scan.registry] - Starting registry scan [5] 2017-04-14 12:12:27 : [scan.registry] - Stopping registry scan [5] 2017-04-14 12:12:27 : [scan] - Progress: 82% 2017-04-14 12:12:27 : [scan.registry] - Starting registry scan [6] 2017-04-14 12:12:27 : [scan.registry] - Stopping registry scan [6] 2017-04-14 12:12:27 : [scan.registry] - Starting registry scan [7] 2017-04-14 12:12:27 : [scan.registry] - Stopping registry scan [7] 2017-04-14 12:12:27 : [scan.registry] - Starting registry scan [8] 2017-04-14 12:12:27 : [scan.registry] - Stopping registry scan [8] 2017-04-14 12:12:27 : [scan] - Progress: 84% 2017-04-14 12:12:27 : [scan.registry] - Starting registry scan [9] 2017-04-14 12:12:27 : [scan.registry] - Stopping registry scan [9] 2017-04-14 12:12:27 : [scan.registry] - Starting registry scan [10] 2017-04-14 12:12:27 : [scan.registry] - Stopping registry scan [10] 2017-04-14 12:12:27 : [scan.registry] - Starting registry scan [11] 2017-04-14 12:12:27 : [scan.registry] - Found C:\ProgramData\Utatity\TransLax.dll 2017-04-14 12:12:27 : [scan.registry] - Stopping registry scan [11] 2017-04-14 12:12:27 : [scan.registry] - Starting registry scan [12] 2017-04-14 12:12:27 : [scan.registry] - Stopping registry scan [12] 2017-04-14 12:12:27 : [scan.registry] - Starting registry scan [13] 2017-04-14 12:12:27 : [scan.registry] - Stopping registry scan [13] 2017-04-14 12:12:27 : [scan.registry] - Starting registry scan [14] 2017-04-14 12:12:27 : [scan.registry] - Stopping registry scan [14] 2017-04-14 12:12:27 : [scan.registry] - Starting registry scan [15] 2017-04-14 12:12:27 : [scan.registry] - Stopping registry scan [15] 2017-04-14 12:12:27 : [scan.registry] - Starting registry scan [16] 2017-04-14 12:12:27 : [scan.registry] - Stopping registry scan [16] 2017-04-14 12:12:27 : [scan.registry] - Starting registry scan [17] 2017-04-14 12:12:27 : [scan.registry] - Stopping registry scan [17] 2017-04-14 12:12:27 : [scan.registry] - Starting registry scan [18] 2017-04-14 12:12:28 : [scan.registry] - Found msiql 2017-04-14 12:12:28 : [scan.registry] - Found DiskPower 2017-04-14 12:12:28 : [scan.registry] - Found AppTrailers 2017-04-14 12:12:28 : [scan.registry] - Stopping registry scan [18] 2017-04-14 12:12:28 : [scan] - Progress: 86% 2017-04-14 12:12:28 : [scan.registry] - Starting registry scan [19] 2017-04-14 12:12:28 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH 2017-04-14 12:12:28 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iSafeSvc2.exe 2017-04-14 12:12:28 : [scan.registry] - Found HKCU\Environment SNF 2017-04-14 12:12:28 : [scan.registry] - Found HKCU\Environment SNP 2017-04-14 12:12:28 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC} 2017-04-14 12:12:28 : [scan.registry] - Found HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1} 2017-04-14 12:12:28 : [scan.registry] - Found HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH 2017-04-14 12:12:28 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved KuaiZip Shell Extension 2017-04-14 12:12:28 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost kuaizipupdatesvc 2017-04-14 12:12:28 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj 2017-04-14 12:12:28 : [scan.registry] - Found HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 2017-04-14 12:12:28 : [scan.registry] - Found HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt 2017-04-14 12:12:28 : [scan.registry] - Found HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt 2017-04-14 12:12:28 : [scan.registry] - Found HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL 2017-04-14 12:12:28 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost WinSAPSvc 2017-04-14 12:12:28 : [scan.registry] - Found HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\KuaiZipShlExt 2017-04-14 12:12:28 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Utatity.exe 2017-04-14 12:12:28 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Utatity.exe 2017-04-14 12:12:28 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost WinSnare 2017-04-14 12:12:28 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost WinSnare 2017-04-14 12:12:28 : [scan.registry] - Found HKCU\SOFTWARE\Classes\ChromeHTML 2017-04-14 12:12:28 : [scan.registry] - Found HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML 2017-04-14 12:12:28 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost WINSNARE 2017-04-14 12:12:28 : [scan.registry] - Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost SNARER 2017-04-14 12:12:28 : [scan.registry] - Stopping registry scan [19] 2017-04-14 12:12:28 : [scan] - Progress: 88% 2017-04-14 12:12:28 : [scan.registry] - 122 malicious registry element found 2017-04-14 12:12:28 : [scan] - Progress: 90% 2017-04-14 12:12:28 : [main] - Firefox is installed: True 2017-04-14 12:12:28 : [scan.firefox] - Starting Firefox based browsers scan [1] 2017-04-14 12:12:32 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchffv2@gmail.com] 2017-04-14 12:12:32 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com] 2017-04-14 12:12:35 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchffv2@gmail.com] 2017-04-14 12:12:35 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com] 2017-04-14 12:12:38 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchffv2@gmail.com] 2017-04-14 12:12:38 : [scan.firefox] - Found HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com] 2017-04-14 12:12:38 : [scan.firefox] - Stopping Firefox based browsers scan [1] 2017-04-14 12:12:38 : [scan.firefox] - Starting Firefox based browsers scan [2] 2017-04-14 12:12:39 : [scan.firefox] - Found C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a4ycc3sr.default\searchplugins\startpageing123.xml 2017-04-14 12:12:39 : [scan.firefox] - Stopping Firefox based browsers scan [2] 2017-04-14 12:12:39 : [scan] - Progress: 92% 2017-04-14 12:12:39 : [scan.firefox] - Starting Firefox based browsers scan [3] 2017-04-14 12:12:39 : [scan.firefox] - Reading C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a4ycc3sr.default\prefs.js 2017-04-14 12:12:40 : [scan.firefox] - Reading C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a4ycc3sr.default\user.js 2017-04-14 12:12:40 : [scan.firefox] - Reading C:\Users\Vaishnavi\AppData\Roaming\Mozilla\Firefox\Profiles\al4wjjbd.default-1467199780811\prefs.js 2017-04-14 12:12:40 : [scan.firefox] - Reading C:\Users\Vaishnavi\AppData\Roaming\Mozilla\Firefox\Profiles\al4wjjbd.default-1467199780811\user.js 2017-04-14 12:12:40 : [scan.firefox] - Reading C:\Users\Vaishnavi\AppData\Roaming\Mozilla\Firefox\Profiles\oz7itdg9.default-1491669357601\prefs.js 2017-04-14 12:12:40 : [scan.firefox] - Reading C:\Users\Vaishnavi\AppData\Roaming\Mozilla\Firefox\Profiles\oz7itdg9.default-1491669357601\user.js 2017-04-14 12:12:40 : [scan.firefox] - Reading C:\Users\Varun\AppData\Roaming\Mozilla\Firefox\Profiles\rmbrwe3s.default\prefs.js 2017-04-14 12:12:40 : [scan.firefox] - Reading C:\Users\Varun\AppData\Roaming\Mozilla\Firefox\Profiles\rmbrwe3s.default\user.js 2017-04-14 12:12:40 : [scan.firefox] - No profile to scan, skipping 2017-04-14 12:12:40 : [scan.firefox] - No profile to scan, skipping 2017-04-14 12:12:40 : [scan.firefox] - No profile to scan, skipping 2017-04-14 12:12:40 : [scan] - Progress: 94% 2017-04-14 12:12:40 : [scan.firefox] - Stopping Firefox based browsers scan [3] 2017-04-14 12:12:40 : [scan.firefox] - 0 malicious Firefox preferences found 2017-04-14 12:12:40 : [scan] - Progress: 95% 2017-04-14 12:12:40 : [main] - Chrome is installed: True 2017-04-14 12:12:40 : [scan.chromium] - Starting Chromium based browsers scan [1] 2017-04-14 12:12:48 : [scan.chromium] - Found HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa 2017-04-14 12:12:48 : [scan.chromium] - Found C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-04-14 12:12:48 : [scan.chromium] - Found C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage 2017-04-14 12:12:48 : [scan.chromium] - Found C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage-journal 2017-04-14 12:12:48 : [scan.chromium] - Found C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage 2017-04-14 12:12:48 : [scan.chromium] - Found HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej 2017-04-14 12:12:50 : [scan.chromium] - Stopping Chromium based browsers scan [1] 2017-04-14 12:12:50 : [scan] - Progress: 97% 2017-04-14 12:12:50 : [scan.chromium] - Starting Chromium based browsers scan [2] 2017-04-14 12:12:50 : [scan.chromium] - No profile to scan, skipping 2017-04-14 12:12:50 : [scan.chromium] - Opening C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data 2017-04-14 12:12:50 : [scan.chromium] - Closing C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data 2017-04-14 12:12:50 : [scan.chromium] - Opening C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences 2017-04-14 12:12:54 : [scan.chromium] - Found C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extensions] pilplloabdedfmialnfchjomjmpjcoej 2017-04-14 12:12:54 : [scan.chromium] - Opening C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data 2017-04-14 12:12:54 : [scan.chromium] - Closing C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data 2017-04-14 12:12:54 : [scan.chromium] - Opening C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences 2017-04-14 12:12:55 : [scan.chromium] - Opening C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data 2017-04-14 12:12:55 : [scan.chromium] - Closing C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data 2017-04-14 12:12:55 : [scan.chromium] - Opening C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences 2017-04-14 12:12:57 : [scan.chromium] - Opening C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data 2017-04-14 12:12:57 : [scan.chromium] - Closing C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data 2017-04-14 12:12:57 : [scan.chromium] - Opening C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\Profile 2\Secure Preferences 2017-04-14 12:12:58 : [scan.chromium] - Opening C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Data 2017-04-14 12:12:58 : [scan.chromium] - Closing C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Data 2017-04-14 12:12:58 : [scan.chromium] - Opening C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences 2017-04-14 12:13:10 : [scan.chromium] - Found C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [Extensions] jlcgehabolcakkjhgmgpkagpolbjlhfa 2017-04-14 12:13:10 : [scan.chromium] - Found C:\Users\Vaishnavi\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Secure Preferences] [Extensions] pilplloabdedfmialnfchjomjmpjcoej 2017-04-14 12:13:10 : [scan.chromium] - Opening C:\Users\Varun\AppData\Local\Google\Chrome\User Data\Default\Web Data 2017-04-14 12:13:10 : [scan.chromium] - Closing C:\Users\Varun\AppData\Local\Google\Chrome\User Data\Default\Web Data 2017-04-14 12:13:10 : [scan.chromium] - Opening C:\Users\Varun\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences 2017-04-14 12:13:19 : [scan.chromium] - Found C:\Users\Varun\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extensions] cknghehebaconkajgiobncfleofebcog 2017-04-14 12:13:20 : [scan.chromium] - No profile to scan, skipping 2017-04-14 12:13:20 : [scan.chromium] - No profile to scan, skipping 2017-04-14 12:13:20 : [scan.chromium] - No profile to scan, skipping 2017-04-14 12:13:20 : [scan.chromium] - No profile to scan, skipping 2017-04-14 12:13:20 : [scan.chromium] - No profile to scan, skipping 2017-04-14 12:13:20 : [scan.chromium] - Stopping Chromium based browsers scan [2] 2017-04-14 12:13:20 : [scan] - Progress: 99% 2017-04-14 12:13:20 : [scan.chromium] - Starting Chromium based browsers scan [3] 2017-04-14 12:13:20 : [scan.chromium] - Stopping Chromium based browsers scan [3] 2017-04-14 12:13:20 : [scan.chromium] - 4 malicious Chromium preferences elements found 2017-04-14 12:13:20 : [scan] - Progress: 100% 2017-04-14 12:13:20 : [scan] - Stopping scan 2017-04-14 12:13:39 : [main.gui] - Showing Options window 2017-04-14 12:13:42 : [main] - Retrieving options from the configuration file 2017-04-14 12:15:14 : [main.gui] - Clean requested 2017-04-14 12:15:19 : [main.gui] - Killing all processes 2017-04-14 12:15:19 : [main] - Killing [System Process](0) 2017-04-14 12:15:19 : [main] - Killing System(4) 2017-04-14 12:15:19 : [main] - smss.exe - (4) not killed - whitelisted 2017-04-14 12:15:19 : [main] - csrss.exe - (4) not killed - whitelisted 2017-04-14 12:15:19 : [main] - wininit.exe - (4) not killed - whitelisted 2017-04-14 12:15:19 : [main] - csrss.exe - (4) not killed - whitelisted 2017-04-14 12:15:19 : [main] - services.exe - (4) not killed - whitelisted 2017-04-14 12:15:19 : [main] - lsass.exe - (4) not killed - whitelisted 2017-04-14 12:15:19 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-14 12:15:19 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-14 12:15:19 : [main] - winlogon.exe - (4) not killed - whitelisted 2017-04-14 12:15:19 : [main] - dwm.exe - (4) not killed - whitelisted 2017-04-14 12:15:19 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-14 12:15:19 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-14 12:15:19 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-14 12:15:19 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-14 12:15:19 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-14 12:15:19 : [main] - dasHost.exe - (4) not killed - whitelisted 2017-04-14 12:15:19 : [main] - svchost.exe - (4) not killed - whitelisted 2017-04-14 12:15:19 : [main] - Killing atiesrxx.exe(1820) 2017-04-14 12:15:19 : [main] - Killing atieclxx.exe(1888) 2017-04-14 12:15:19 : [main] - svchost.exe - (1888) not killed - whitelisted 2017-04-14 12:15:19 : [main] - svchost.exe - (1888) not killed - whitelisted 2017-04-14 12:15:19 : [main] - svchost.exe - (1888) not killed - whitelisted 2017-04-14 12:15:19 : [main] - Killing AvastSvc.exe(760) 2017-04-14 12:15:19 : [main] - Killing spoolsv.exe(356) 2017-04-14 12:15:19 : [main] - Killing afwServ.exe(2284) 2017-04-14 12:15:19 : [main] - Killing AdobeUpdateService.exe(2416) 2017-04-14 12:15:19 : [main] - Killing btwdins.exe(2424) 2017-04-14 12:15:19 : [main] - Killing CsrBtService.exe(2432) 2017-04-14 12:15:19 : [main] - Killing BtwRSupportService.exe(2440) 2017-04-14 12:15:19 : [main] - Killing AppSrv.exe(2448) 2017-04-14 12:15:19 : [main] - Killing AGSService.exe(2456) 2017-04-14 12:15:19 : [main] - svchost.exe - (2456) not killed - whitelisted 2017-04-14 12:15:19 : [main] - Killing CsrBtOBEXService.exe(2484) 2017-04-14 12:15:19 : [main] - Killing SynTPEnhService.exe(2672) 2017-04-14 12:15:19 : [main] - TeamViewer_Service.exe - (2672) not killed - whitelisted 2017-04-14 12:15:19 : [main] - svchost.exe - (2672) not killed - whitelisted 2017-04-14 12:15:19 : [main] - svchost.exe - (2672) not killed - whitelisted 2017-04-14 12:15:19 : [main] - Killing Memory Compression(2908) 2017-04-14 12:15:19 : [main] - DMAgent.exe - (2908) not killed - whitelisted 2017-04-14 12:15:19 : [main] - svchost.exe - (2908) not killed - whitelisted 2017-04-14 12:15:19 : [main] - WmiPrvSE.exe - (2908) not killed - whitelisted 2017-04-14 12:15:19 : [main] - svchost.exe - (2908) not killed - whitelisted 2017-04-14 12:15:19 : [main] - aswidsagent.exe - (2908) not killed - whitelisted 2017-04-14 12:15:19 : [main] - Killing SynTPEnh.exe(4360) 2017-04-14 12:15:19 : [main] - sihost.exe - (4360) not killed - whitelisted 2017-04-14 12:15:19 : [main] - svchost.exe - (4360) not killed - whitelisted 2017-04-14 12:15:19 : [main] - Killing taskhostw.exe(4540) 2017-04-14 12:15:19 : [main] - Killing GoogleUpdate.exe(4576) 2017-04-14 12:15:19 : [main] - explorer.exe - (4576) not killed - whitelisted 2017-04-14 12:15:19 : [main] - Killing RuntimeBroker.exe(5112) 2017-04-14 12:15:19 : [main] - Killing ShellExperienceHost.exe(5508) 2017-04-14 12:15:19 : [main] - Killing AsusTPLoader.exe(5944) 2017-04-14 12:15:19 : [main] - Killing SynTPHelper.exe(4444) 2017-04-14 12:15:20 : [main] - SearchUI.exe - (4444) not killed - whitelisted 2017-04-14 12:15:20 : [main] - Killing SkypeHost.exe(5880) 2017-04-14 12:15:20 : [main] - svchost.exe - (5880) not killed - whitelisted 2017-04-14 12:15:20 : [main] - Killing SearchIndexer.exe(6284) 2017-04-14 12:15:20 : [main] - Killing AsusTPCenter.exe(6700) 2017-04-14 12:15:20 : [main] - Killing SettingSyncHost.exe(7448) 2017-04-14 12:15:20 : [main] - Killing AvastUI.exe(7652) 2017-04-14 12:15:20 : [main] - Killing jusched.exe(7684) 2017-04-14 12:15:20 : [main] - Killing YCMMirage.exe(7800) 2017-04-14 12:15:21 : [main] - Killing AsusSmartGestureDetector.exe(7904) 2017-04-14 12:15:21 : [main] - Killing igfxtray.exe(7976) 2017-04-14 12:15:21 : [main] - hkcmd.exe - (7976) not killed - whitelisted 2017-04-14 12:15:21 : [main] - Killing igfxpers.exe(4260) 2017-04-14 12:15:21 : [main] - Killing HarmonyUserStartup.exe(7260) 2017-04-14 12:15:21 : [main] - Killing vksts.exe(7428) 2017-04-14 12:15:21 : [main] - Killing TrayApplication.exe(7696) 2017-04-14 12:15:21 : [main] - Killing AsusSGPlusBTServer.exe(8136) 2017-04-14 12:15:21 : [main] - Killing AsusTPHelper.exe(4760) 2017-04-14 12:15:21 : [main] - Killing RemindersServer.exe(8072) 2017-04-14 12:15:21 : [main] - Killing ActionUriServer.exe(2524) 2017-04-14 12:15:21 : [main] - svchost.exe - (2524) not killed - whitelisted 2017-04-14 12:15:21 : [main] - fontdrvhost.exe - (2524) not killed - whitelisted 2017-04-14 12:15:21 : [main] - Killing firefox.exe(5636) 2017-04-14 12:15:21 : [main] - adwcleaner_6.045.exe - (5636) not killed - whitelisted 2017-04-14 12:15:21 : [main] - WmiPrvSE.exe - (5636) not killed - whitelisted 2017-04-14 12:15:21 : [main] - Killing TrustedInstaller.exe(3992) 2017-04-14 12:15:21 : [main] - Killing TiWorker.exe(688) 2017-04-14 12:15:21 : [main] - Killing SearchProtocolHost.exe(0) 2017-04-14 12:15:21 : [main] - Killing CompatTelRunner.exe(4300) 2017-04-14 12:15:21 : [main] - conhost.exe - (4300) not killed - whitelisted 2017-04-14 12:15:21 : [main] - Killing CompatTelRunner.exe(536) 2017-04-14 12:15:21 : [main] - Killing msiexec.exe(5828) 2017-04-14 12:15:21 : [main] - smartscreen.exe - (5828) not killed - whitelisted 2017-04-14 12:15:21 : [main] - Killing notepad.exe(0) 2017-04-14 12:15:21 : [main] - Killing audiodg.exe(6752) 2017-04-14 12:15:21 : [main] - Killing SearchFilterHost.exe(0) 2017-04-14 12:15:21 : [quarantine] - Quarantine database successfully opened 2017-04-14 12:15:21 : [clean] - Progress: 0% 2017-04-14 12:15:21 : [clean.services] - Starting services clean 2017-04-14 12:15:21 : [clean.services] - Nothing to clean. 2017-04-14 12:15:21 : [clean.services] - Stopping services clean 2017-04-14 12:15:21 : [clean] - Progress: 10% 2017-04-14 12:15:21 : [clean.folders] - Starting folders clean 2017-04-14 12:15:25 : [quarantine] - Added file to quarantine database [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej] 2017-04-14 12:15:26 : [quarantine] - Folder added to quarantined and remove [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej] 2017-04-14 12:15:26 : [clean.folders] - Stopping folders clean 2017-04-14 12:15:26 : [clean] - Progress: 20% 2017-04-14 12:15:26 : [clean.files] - Starting files clean 2017-04-14 12:15:26 : [quarantine] - Added file to quarantine database [C:\Users\Vaishnavi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk] 2017-04-14 12:15:26 : [quarantine] - File added to quarantine and removed [C:\Users\Vaishnavi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk] 2017-04-14 12:15:26 : [quarantine] - Added file to quarantine database [C:\Users\Vaishnavi\AppData\Roaming\Microsoft\Windows\Start Menu\¿ìѹ.lnk] 2017-04-14 12:15:26 : [quarantine] - File added to quarantine and removed [C:\Users\Vaishnavi\AppData\Roaming\Microsoft\Windows\Start Menu\¿ìѹ.lnk] 2017-04-14 12:15:27 : [quarantine] - Added file to quarantine database [C:\WINDOWS\system32\findit.xml] 2017-04-14 12:15:27 : [quarantine] - File added to quarantine and removed [C:\WINDOWS\system32\findit.xml] 2017-04-14 12:15:27 : [quarantine] - Added file to quarantine database [C:\WINDOWS\system32\drivers\iSafeKrnlBoot.sys] 2017-04-14 12:15:27 : [quarantine] - File added to quarantine and removed [C:\WINDOWS\system32\drivers\iSafeKrnlBoot.sys] 2017-04-14 12:15:27 : [quarantine] - Added file to quarantine database [C:\WINDOWS\system32\drivers\KuaiZipDrive.sys] 2017-04-14 12:15:27 : [quarantine] - File added to quarantine and removed [C:\WINDOWS\system32\drivers\KuaiZipDrive.sys] 2017-04-14 12:15:27 : [quarantine] - Added file to quarantine database [C:\WINDOWS\rsrcs.dll] 2017-04-14 12:15:27 : [quarantine] - File added to quarantine and removed [C:\WINDOWS\rsrcs.dll] 2017-04-14 12:15:27 : [quarantine] - Added file to quarantine database [C:\Program Files\settings.dat] 2017-04-14 12:15:27 : [quarantine] - File added to quarantine and removed [C:\Program Files\settings.dat] 2017-04-14 12:15:27 : [quarantine] - Added file to quarantine database [C:\Users\Public\Documents\temp.dat] 2017-04-14 12:15:27 : [quarantine] - File added to quarantine and removed [C:\Users\Public\Documents\temp.dat] 2017-04-14 12:15:28 : [quarantine] - Added file to quarantine database [C:\Users\Public\Documents\report.dat] 2017-04-14 12:15:28 : [quarantine] - File added to quarantine and removed [C:\Users\Public\Documents\report.dat] 2017-04-14 12:15:28 : [quarantine] - Added file to quarantine database [C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a4ycc3sr.default\searchplugins\startpageing123.xml ] 2017-04-14 12:15:28 : [quarantine] - File added to quarantine and removed [C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\a4ycc3sr.default\searchplugins\startpageing123.xml ] 2017-04-14 12:15:28 : [quarantine] - Added file to quarantine database [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage] 2017-04-14 12:15:28 : [quarantine] - File added to quarantine and removed [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage] 2017-04-14 12:15:28 : [quarantine] - Added file to quarantine database [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage-journal] 2017-04-14 12:15:28 : [quarantine] - File added to quarantine and removed [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage-journal] 2017-04-14 12:15:28 : [quarantine] - Added file to quarantine database [C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage] 2017-04-14 12:15:28 : [quarantine] - File added to quarantine and removed [C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage] 2017-04-14 12:15:28 : [clean.files] - Stopping files clean 2017-04-14 12:15:28 : [clean] - Progress: 25% 2017-04-14 12:15:28 : [clean.dll] - Starting DLL clean 2017-04-14 12:15:28 : [clean.dll] - Nothing to clean. 2017-04-14 12:15:28 : [clean.dll] - Stopping DLL clean 2017-04-14 12:15:28 : [clean] - Progress: 30% 2017-04-14 12:15:28 : [clean.wmi] - Starting WMI clean 2017-04-14 12:15:28 : [main.com] - COM Error: 80041017 - 2017-04-14 12:15:28 : [clean.wmi] - Stopping WMI clean 2017-04-14 12:15:28 : [clean] - Progress: 40% 2017-04-14 12:15:28 : [clean.shortcuts] - Starting shortcuts clean 2017-04-14 12:15:28 : [clean.shortcuts] - Nothing to clean. 2017-04-14 12:15:28 : [clean.shortcuts] - Stopping shortcuts clean 2017-04-14 12:15:28 : [clean] - Progress: 50% 2017-04-14 12:15:28 : [clean.tasks] - Starting tasks clean 2017-04-14 12:15:28 : [clean.tasks] - Deleting task Tafewardkinerpy 2017-04-14 12:15:28 : [clean.tasks] - Deleting task Milimili 2017-04-14 12:15:29 : [clean.tasks] - Deleting task iorrt 2017-04-14 12:15:29 : [clean.tasks] - Deleting task Windows-PG 2017-04-14 12:15:29 : [clean.tasks] - Stopping tasks clean 2017-04-14 12:15:29 : [clean] - Progress: 55% 2017-04-14 12:15:29 : [clean.registry] - Starting registry clean 2017-04-14 12:15:29 : [clean.registry] - Cleaning registry 2017-04-14 12:15:30 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\5b952a37-ebad-c0b3-e5d4-92d30f6ce1bc] 2017-04-14 12:15:30 : [quarantine] - Key removed [HKLM\SOFTWARE\5b952a37-ebad-c0b3-e5d4-92d30f6ce1bc] 2017-04-14 12:15:30 : [quarantine] - Added registry element to quarantine database [HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowsMangerProtect] 2017-04-14 12:15:30 : [quarantine] - Key removed [HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowsMangerProtect] 2017-04-14 12:15:31 : [quarantine] - Added registry element to quarantine database [HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService] 2017-04-14 12:15:31 : [quarantine] - Key removed [HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService] 2017-04-14 12:15:31 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\FirefoxU] 2017-04-14 12:15:31 : [quarantine] - Key removed [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\FirefoxU] 2017-04-14 12:15:31 : [quarantine] - Added registry element to quarantine database [HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare] 2017-04-14 12:15:31 : [quarantine] - Key removed [HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare] 2017-04-14 12:15:31 : [quarantine] - Can't read key, attempting to delete key on reboot [HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\windowsmangerprotect] 2017-04-14 12:15:32 : [quarantine] - Added registry element to quarantine database [HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\windowsmangerprotect] 2017-04-14 12:15:32 : [quarantine] - Can't read key, attempting to delete key on reboot [HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\googlechromeupservice] 2017-04-14 12:15:32 : [quarantine] - Added registry element to quarantine database [HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\googlechromeupservice] 2017-04-14 12:15:32 : [quarantine] - Added registry element to quarantine database [HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARER] 2017-04-14 12:15:32 : [quarantine] - Key removed [HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARER] 2017-04-14 12:15:32 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\Fishjanesc] 2017-04-14 12:15:32 : [quarantine] - Key removed [HKLM\SOFTWARE\Classes\Fishjanesc] 2017-04-14 12:15:33 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt] 2017-04-14 12:15:33 : [quarantine] - Key removed [HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt] 2017-04-14 12:15:33 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt.1] 2017-04-14 12:15:33 : [quarantine] - Key removed [HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt.1] 2017-04-14 12:15:33 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu] 2017-04-14 12:15:33 : [quarantine] - Key removed [HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu] 2017-04-14 12:15:33 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu.1] 2017-04-14 12:15:33 : [quarantine] - Key removed [HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu.1] 2017-04-14 12:15:34 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler] 2017-04-14 12:15:34 : [quarantine] - Key removed [HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler] 2017-04-14 12:15:34 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler.1] 2017-04-14 12:15:34 : [quarantine] - Key removed [HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler.1] 2017-04-14 12:15:34 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\QZipShell.KzShlobj] 2017-04-14 12:15:34 : [quarantine] - Key removed [HKLM\SOFTWARE\Classes\QZipShell.KzShlobj] 2017-04-14 12:15:34 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\QZipShell.KzShlobj.1] 2017-04-14 12:15:34 : [quarantine] - Key removed [HKLM\SOFTWARE\Classes\QZipShell.KzShlobj.1] 2017-04-14 12:15:35 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\QZipShell.PropertyExt] 2017-04-14 12:15:35 : [quarantine] - Key removed [HKLM\SOFTWARE\Classes\QZipShell.PropertyExt] 2017-04-14 12:15:35 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\QZipShell.PropertyExt.1] 2017-04-14 12:15:35 : [quarantine] - Key removed [HKLM\SOFTWARE\Classes\QZipShell.PropertyExt.1] 2017-04-14 12:15:35 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}] 2017-04-14 12:15:35 : [quarantine] - Key removed [HKLM\SOFTWARE\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}] 2017-04-14 12:15:35 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C}] 2017-04-14 12:15:35 : [quarantine] - Key removed [HKLM\SOFTWARE\Classes\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C}] 2017-04-14 12:15:36 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C}] 2017-04-14 12:15:36 : [quarantine] - Key removed [HKLM\SOFTWARE\Classes\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C}] 2017-04-14 12:15:36 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}] 2017-04-14 12:15:36 : [quarantine] - Key removed [HKLM\SOFTWARE\Classes\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}] 2017-04-14 12:15:36 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}] 2017-04-14 12:15:36 : [quarantine] - Key removed [HKLM\SOFTWARE\Classes\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}] 2017-04-14 12:15:37 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E}] 2017-04-14 12:15:37 : [quarantine] - Key removed [HKLM\SOFTWARE\Classes\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E}] 2017-04-14 12:15:37 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\TypeLib\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}] 2017-04-14 12:15:37 : [quarantine] - Key removed [HKLM\SOFTWARE\Classes\TypeLib\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}] 2017-04-14 12:15:37 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID] 2017-04-14 12:15:37 : [quarantine] - Value removed [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID, {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}] 2017-04-14 12:15:37 : [quarantine] - Added registry element to quarantine database [HKU\.DEFAULT\Software\KuaiZip] 2017-04-14 12:15:37 : [quarantine] - Key removed [HKU\.DEFAULT\Software\KuaiZip] 2017-04-14 12:15:38 : [quarantine] - Added registry element to quarantine database [HKU\.DEFAULT\Software\UpgSvr] 2017-04-14 12:15:38 : [quarantine] - Key removed [HKU\.DEFAULT\Software\UpgSvr] 2017-04-14 12:15:38 : [quarantine] - Added registry element to quarantine database [HKU\.DEFAULT\Software\xvb`lj] 2017-04-14 12:15:38 : [quarantine] - Key removed [HKU\.DEFAULT\Software\xvb`lj] 2017-04-14 12:15:38 : [quarantine] - Added registry element to quarantine database [HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}] 2017-04-14 12:15:38 : [quarantine] - Key removed [HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}] 2017-04-14 12:15:38 : [quarantine] - Added registry element to quarantine database [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\Installer] 2017-04-14 12:15:38 : [quarantine] - Key removed [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\Installer] 2017-04-14 12:15:39 : [quarantine] - Added registry element to quarantine database [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\AutoTime] 2017-04-14 12:15:39 : [quarantine] - Key removed [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\AutoTime] 2017-04-14 12:15:39 : [quarantine] - Added registry element to quarantine database [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\SNDA] 2017-04-14 12:15:39 : [quarantine] - Key removed [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\SNDA] 2017-04-14 12:15:39 : [quarantine] - Added registry element to quarantine database [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\mtUtatity] 2017-04-14 12:15:39 : [quarantine] - Key removed [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\mtUtatity] 2017-04-14 12:15:40 : [quarantine] - Added registry element to quarantine database [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\MICROSOFT\wewewe] 2017-04-14 12:15:40 : [quarantine] - Key removed [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\MICROSOFT\wewewe] 2017-04-14 12:15:40 : [quarantine] - Added registry element to quarantine database [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\WinSnare] 2017-04-14 12:15:40 : [quarantine] - Key removed [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\WinSnare] 2017-04-14 12:15:40 : [quarantine] - Added registry element to quarantine database [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\dlr] 2017-04-14 12:15:40 : [quarantine] - Key removed [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\dlr] 2017-04-14 12:15:41 : [quarantine] - Added registry element to quarantine database [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\PopWnd] 2017-04-14 12:15:41 : [quarantine] - Key removed [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\PopWnd] 2017-04-14 12:15:41 : [quarantine] - Added registry element to quarantine database [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\UpgSvr] 2017-04-14 12:15:41 : [quarantine] - Key removed [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\UpgSvr] 2017-04-14 12:15:41 : [quarantine] - Added registry element to quarantine database [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\deskapp] 2017-04-14 12:15:41 : [quarantine] - Key removed [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\deskapp] 2017-04-14 12:15:41 : [quarantine] - Added registry element to quarantine database [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}] 2017-04-14 12:15:41 : [quarantine] - Key removed [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}] 2017-04-14 12:15:42 : [quarantine] - Added registry element to quarantine database [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\AppDataLow\Software\AppTrailers] 2017-04-14 12:15:42 : [quarantine] - Key removed [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\AppDataLow\Software\AppTrailers] 2017-04-14 12:15:42 : [quarantine] - Can't read key, attempting to delete key on reboot [HKU\S-1-5-18\Software\KuaiZip] 2017-04-14 12:15:42 : [quarantine] - Added registry element to quarantine database [HKU\S-1-5-18\Software\KuaiZip] 2017-04-14 12:15:42 : [quarantine] - Can't read key, attempting to delete key on reboot [HKU\S-1-5-18\Software\UpgSvr] 2017-04-14 12:15:42 : [quarantine] - Added registry element to quarantine database [HKU\S-1-5-18\Software\UpgSvr] 2017-04-14 12:15:42 : [quarantine] - Can't read key, attempting to delete key on reboot [HKU\S-1-5-18\Software\xvb`lj] 2017-04-14 12:15:43 : [quarantine] - Added registry element to quarantine database [HKU\S-1-5-18\Software\xvb`lj] 2017-04-14 12:15:43 : [quarantine] - Can't read key, attempting to delete key on reboot [HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}] 2017-04-14 12:15:43 : [quarantine] - Added registry element to quarantine database [HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}] 2017-04-14 12:15:43 : [quarantine] - Can't read key, attempting to delete key on reboot [HKCU\Software\Installer] 2017-04-14 12:15:43 : [quarantine] - Added registry element to quarantine database [HKCU\Software\Installer] 2017-04-14 12:15:43 : [quarantine] - Can't read key, attempting to delete key on reboot [HKCU\Software\AutoTime] 2017-04-14 12:15:43 : [quarantine] - Added registry element to quarantine database [HKCU\Software\AutoTime] 2017-04-14 12:15:43 : [quarantine] - Can't read key, attempting to delete key on reboot [HKCU\Software\SNDA] 2017-04-14 12:15:44 : [quarantine] - Added registry element to quarantine database [HKCU\Software\SNDA] 2017-04-14 12:15:44 : [quarantine] - Can't read key, attempting to delete key on reboot [HKCU\Software\mtUtatity] 2017-04-14 12:15:44 : [quarantine] - Added registry element to quarantine database [HKCU\Software\mtUtatity] 2017-04-14 12:15:44 : [quarantine] - Can't read key, attempting to delete key on reboot [HKCU\Software\MICROSOFT\wewewe] 2017-04-14 12:15:44 : [quarantine] - Added registry element to quarantine database [HKCU\Software\MICROSOFT\wewewe] 2017-04-14 12:15:44 : [quarantine] - Can't read key, attempting to delete key on reboot [HKCU\Software\WinSnare] 2017-04-14 12:15:44 : [quarantine] - Added registry element to quarantine database [HKCU\Software\WinSnare] 2017-04-14 12:15:44 : [quarantine] - Can't read key, attempting to delete key on reboot [HKCU\Software\dlr] 2017-04-14 12:15:45 : [quarantine] - Added registry element to quarantine database [HKCU\Software\dlr] 2017-04-14 12:15:45 : [quarantine] - Can't read key, attempting to delete key on reboot [HKCU\Software\PopWnd] 2017-04-14 12:15:45 : [quarantine] - Added registry element to quarantine database [HKCU\Software\PopWnd] 2017-04-14 12:15:45 : [quarantine] - Can't read key, attempting to delete key on reboot [HKCU\Software\UpgSvr] 2017-04-14 12:15:45 : [quarantine] - Added registry element to quarantine database [HKCU\Software\UpgSvr] 2017-04-14 12:15:45 : [quarantine] - Can't read key, attempting to delete key on reboot [HKCU\Software\deskapp] 2017-04-14 12:15:45 : [quarantine] - Added registry element to quarantine database [HKCU\Software\deskapp] 2017-04-14 12:15:45 : [quarantine] - Can't read key, attempting to delete key on reboot [HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}] 2017-04-14 12:15:45 : [quarantine] - Added registry element to quarantine database [HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}] 2017-04-14 12:15:45 : [quarantine] - Can't read key, attempting to delete key on reboot [HKCU\Software\AppDataLow\Software\AppTrailers] 2017-04-14 12:15:46 : [quarantine] - Added registry element to quarantine database [HKCU\Software\AppDataLow\Software\AppTrailers] 2017-04-14 12:15:46 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}] 2017-04-14 12:15:46 : [quarantine] - Key removed [HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}] 2017-04-14 12:15:46 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}] 2017-04-14 12:15:46 : [quarantine] - Key removed [HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}] 2017-04-14 12:15:46 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}] 2017-04-14 12:15:46 : [quarantine] - Key removed [HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}] 2017-04-14 12:15:47 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}] 2017-04-14 12:15:47 : [quarantine] - Key removed [HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}] 2017-04-14 12:15:47 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\AIM Toolbar] 2017-04-14 12:15:47 : [quarantine] - Key removed [HKLM\SOFTWARE\AIM Toolbar] 2017-04-14 12:15:47 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\AskPartnerNetwork] 2017-04-14 12:15:47 : [quarantine] - Key removed [HKLM\SOFTWARE\AskPartnerNetwork] 2017-04-14 12:15:48 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Conduit] 2017-04-14 12:15:48 : [quarantine] - Key removed [HKLM\SOFTWARE\Conduit] 2017-04-14 12:15:48 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\FFPluginHp] 2017-04-14 12:15:48 : [quarantine] - Key removed [HKLM\SOFTWARE\FFPluginHp] 2017-04-14 12:15:48 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Iminent] 2017-04-14 12:15:48 : [quarantine] - Key removed [HKLM\SOFTWARE\Iminent] 2017-04-14 12:15:48 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\istartsurfSoftware] 2017-04-14 12:15:48 : [quarantine] - Key removed [HKLM\SOFTWARE\istartsurfSoftware] 2017-04-14 12:15:49 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\SearchModule] 2017-04-14 12:15:49 : [quarantine] - Key removed [HKLM\SOFTWARE\SearchModule] 2017-04-14 12:15:49 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\SearchProtect] 2017-04-14 12:15:49 : [quarantine] - Key removed [HKLM\SOFTWARE\SearchProtect] 2017-04-14 12:15:49 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\searchult] 2017-04-14 12:15:49 : [quarantine] - Key removed [HKLM\SOFTWARE\searchult] 2017-04-14 12:15:49 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\SpeedBit] 2017-04-14 12:15:49 : [quarantine] - Key removed [HKLM\SOFTWARE\SpeedBit] 2017-04-14 12:15:49 : [quarantine] - Can't read key, attempting to delete key on reboot [HKLM\SOFTWARE\SEARCHPROTECT] 2017-04-14 12:15:50 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\SEARCHPROTECT] 2017-04-14 12:15:50 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\youndooSoftware] 2017-04-14 12:15:50 : [quarantine] - Key removed [HKLM\SOFTWARE\youndooSoftware] 2017-04-14 12:15:50 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\OtherSearch] 2017-04-14 12:15:50 : [quarantine] - Key removed [HKLM\SOFTWARE\OtherSearch] 2017-04-14 12:15:50 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\amule-custom] 2017-04-14 12:15:50 : [quarantine] - Key removed [HKLM\SOFTWARE\amule-custom] 2017-04-14 12:15:51 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\mtUtatity] 2017-04-14 12:15:51 : [quarantine] - Key removed [HKLM\SOFTWARE\mtUtatity] 2017-04-14 12:15:51 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\InterSect Alliance] 2017-04-14 12:15:51 : [quarantine] - Key removed [HKLM\SOFTWARE\InterSect Alliance] 2017-04-14 12:15:51 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\startpageing123Software] 2017-04-14 12:15:51 : [quarantine] - Key removed [HKLM\SOFTWARE\startpageing123Software] 2017-04-14 12:15:51 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Fishjane] 2017-04-14 12:15:51 : [quarantine] - Key removed [HKLM\SOFTWARE\Fishjane] 2017-04-14 12:15:52 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\xvb`lj] 2017-04-14 12:15:52 : [quarantine] - Key removed [HKLM\SOFTWARE\xvb`lj] 2017-04-14 12:15:52 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\msServer] 2017-04-14 12:15:52 : [quarantine] - Key removed [HKLM\SOFTWARE\msServer] 2017-04-14 12:15:52 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\{84416237-6490-494D-9AD6-4994DD978971}] 2017-04-14 12:15:52 : [quarantine] - Key removed [HKLM\SOFTWARE\{84416237-6490-494D-9AD6-4994DD978971}] 2017-04-14 12:15:52 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}] 2017-04-14 12:15:52 : [quarantine] - Key removed [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}] 2017-04-14 12:15:52 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] 2017-04-14 12:15:52 : [quarantine] - Key removed [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] 2017-04-14 12:15:53 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar] 2017-04-14 12:15:53 : [quarantine] - Key removed [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar] 2017-04-14 12:15:53 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey] 2017-04-14 12:15:53 : [quarantine] - Key removed [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey] 2017-04-14 12:15:53 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] 2017-04-14 12:15:53 : [quarantine] - Key removed [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] 2017-04-14 12:15:53 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com] 2017-04-14 12:15:53 : [quarantine] - Key removed [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com] 2017-04-14 12:15:54 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance] 2017-04-14 12:15:54 : [quarantine] - Key removed [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance] 2017-04-14 12:15:54 : [quarantine] - Can't read key, attempting to delete key on reboot [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SEARCHPROTECT] 2017-04-14 12:15:54 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SEARCHPROTECT] 2017-04-14 12:15:54 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{59B5A9CD-253D-4C41-A073-B387D4C9672D}] 2017-04-14 12:15:54 : [quarantine] - Key removed [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{59B5A9CD-253D-4C41-A073-B387D4C9672D}] 2017-04-14 12:15:55 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13D7C2E9-08E7-4889-94FF-87E707184E53}] 2017-04-14 12:15:55 : [quarantine] - Key removed [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13D7C2E9-08E7-4889-94FF-87E707184E53}] 2017-04-14 12:15:55 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 2017-04-14 12:15:55 : [quarantine] - Data replaced [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs, C:\ProgramData\Utatity\TransLax.dll] 2017-04-14 12:15:55 : [quarantine] - Added registry element to quarantine database [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] 2017-04-14 12:15:55 : [quarantine] - Value removed [HKU\S-1-5-21-1790925875-1115741758-2148593521-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run, msiql] 2017-04-14 12:15:55 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] 2017-04-14 12:15:55 : [quarantine] - Value removed [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run, DiskPower] 2017-04-14 12:15:55 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] 2017-04-14 12:15:55 : [quarantine] - Value removed [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run, AppTrailers] 2017-04-14 12:15:55 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH] 2017-04-14 12:15:55 : [quarantine] - Key removed [HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH] 2017-04-14 12:15:56 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iSafeSvc2.exe] 2017-04-14 12:15:56 : [quarantine] - Key removed [HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iSafeSvc2.exe] 2017-04-14 12:15:56 : [quarantine] - Added registry element to quarantine database [HKCU\Environment] 2017-04-14 12:15:56 : [quarantine] - Value removed [HKCU\Environment, SNF] 2017-04-14 12:15:56 : [quarantine] - Added registry element to quarantine database [HKCU\Environment] 2017-04-14 12:15:56 : [quarantine] - Value removed [HKCU\Environment, SNP] 2017-04-14 12:15:56 : [quarantine] - Added registry element to quarantine database [HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}] 2017-04-14 12:15:56 : [quarantine] - Key removed [HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}] 2017-04-14 12:15:57 : [quarantine] - Added registry element to quarantine database [HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}] 2017-04-14 12:15:57 : [quarantine] - Key removed [HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}] 2017-04-14 12:15:57 : [quarantine] - Can't read key, attempting to delete key on reboot [HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH] 2017-04-14 12:15:57 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH] 2017-04-14 12:15:57 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] 2017-04-14 12:15:57 : [quarantine] - Value removed [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, KuaiZip Shell Extension] 2017-04-14 12:15:57 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] 2017-04-14 12:15:57 : [quarantine] - Value removed [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost, kuaizipupdatesvc] 2017-04-14 12:15:57 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj] 2017-04-14 12:15:58 : [quarantine] - Key removed [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj] 2017-04-14 12:15:58 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9] 2017-04-14 12:15:58 : [quarantine] - Key removed [HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9] 2017-04-14 12:15:58 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt] 2017-04-14 12:15:58 : [quarantine] - Key removed [HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt] 2017-04-14 12:15:59 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt] 2017-04-14 12:15:59 : [quarantine] - Key removed [HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt] 2017-04-14 12:15:59 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL] 2017-04-14 12:15:59 : [quarantine] - Key removed [HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL] 2017-04-14 12:15:59 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] 2017-04-14 12:15:59 : [quarantine] - Value removed [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost, WinSAPSvc] 2017-04-14 12:15:59 : [quarantine] - Added registry element to quarantine database [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\KuaiZipShlExt] 2017-04-14 12:15:59 : [quarantine] - Key removed [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\KuaiZipShlExt] 2017-04-14 12:16:00 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Utatity.exe] 2017-04-14 12:16:00 : [quarantine] - Key removed [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Utatity.exe] 2017-04-14 12:16:00 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Utatity.exe] 2017-04-14 12:16:00 : [quarantine] - Key removed [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Utatity.exe] 2017-04-14 12:16:00 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] 2017-04-14 12:16:00 : [quarantine] - Value removed [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost, WinSnare] 2017-04-14 12:16:01 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] 2017-04-14 12:16:01 : [quarantine] - Can't remove key|value [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost, WinSnare] 2017-04-14 12:16:01 : [quarantine] - Removed row from quarantine database [registry, tfn, C:\AdwCleaner\quarantine\registry\reg_njvfhogxuefhcqduvsfaflkwoyqpgwny.reg] 2017-04-14 12:16:01 : [quarantine] - Added registry element to quarantine database [HKCU\SOFTWARE\Classes\ChromeHTML] 2017-04-14 12:16:01 : [quarantine] - Key removed [HKCU\SOFTWARE\Classes\ChromeHTML] 2017-04-14 12:16:01 : [quarantine] - Added registry element to quarantine database [HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML] 2017-04-14 12:16:01 : [quarantine] - Key removed [HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML] 2017-04-14 12:16:02 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] 2017-04-14 12:16:02 : [quarantine] - Can't remove key|value [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost, WINSNARE] 2017-04-14 12:16:02 : [quarantine] - Removed row from quarantine database [registry, tfn, C:\AdwCleaner\quarantine\registry\reg_epnamkofhoajomzuiwjqbkxziiosppbt.reg] 2017-04-14 12:16:02 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] 2017-04-14 12:16:02 : [quarantine] - Value removed [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost, SNARER] 2017-04-14 12:16:02 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Mozilla\Firefox\Extensions] 2017-04-14 12:16:02 : [quarantine] - Value removed [HKLM\SOFTWARE\Mozilla\Firefox\Extensions, searchffv2@gmail.com] 2017-04-14 12:16:02 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Mozilla\Firefox\Extensions] 2017-04-14 12:16:02 : [quarantine] - Value removed [HKLM\SOFTWARE\Mozilla\Firefox\Extensions, sweetsearch@gmail.com] 2017-04-14 12:16:02 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Mozilla\Firefox\Extensions] 2017-04-14 12:16:02 : [quarantine] - Can't remove key|value [HKLM\SOFTWARE\Mozilla\Firefox\Extensions, searchffv2@gmail.com] 2017-04-14 12:16:03 : [quarantine] - Removed row from quarantine database [registry, tfn, C:\AdwCleaner\quarantine\registry\reg_kgqdpzeywltczyupzajemgntlowhyaky.reg] 2017-04-14 12:16:03 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Mozilla\Firefox\Extensions] 2017-04-14 12:16:03 : [quarantine] - Can't remove key|value [HKLM\SOFTWARE\Mozilla\Firefox\Extensions, sweetsearch@gmail.com] 2017-04-14 12:16:03 : [quarantine] - Removed row from quarantine database [registry, tfn, C:\AdwCleaner\quarantine\registry\reg_msckufketnafwmltuaxghctfdyyzqptc.reg] 2017-04-14 12:16:03 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Mozilla\Firefox\Extensions] 2017-04-14 12:16:03 : [quarantine] - Can't remove key|value [HKLM\SOFTWARE\Mozilla\Firefox\Extensions, searchffv2@gmail.com] 2017-04-14 12:16:03 : [quarantine] - Removed row from quarantine database [registry, tfn, C:\AdwCleaner\quarantine\registry\reg_vejxxmqjlpdzgvfemxafdlpyqkrbmdph.reg] 2017-04-14 12:16:04 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Mozilla\Firefox\Extensions] 2017-04-14 12:16:04 : [quarantine] - Can't remove key|value [HKLM\SOFTWARE\Mozilla\Firefox\Extensions, sweetsearch@gmail.com] 2017-04-14 12:16:04 : [quarantine] - Removed row from quarantine database [registry, tfn, C:\AdwCleaner\quarantine\registry\reg_lzsxdzhvzderydfdxnnayhwkeyhtwlnz.reg] 2017-04-14 12:16:04 : [quarantine] - Added registry element to quarantine database [HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa] 2017-04-14 12:16:04 : [quarantine] - Key removed [HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa] 2017-04-14 12:16:04 : [quarantine] - Added registry element to quarantine database [HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej] 2017-04-14 12:16:04 : [quarantine] - Key removed [HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej] 2017-04-14 12:16:04 : [clean.registry] - Registry cleaned 2017-04-14 12:16:04 : [clean.registry] - Stopping registry clean 2017-04-14 12:16:04 : [clean] - Progress: 75% 2017-04-14 12:16:04 : [clean.firefox] - Starting Firefox based browsers clean 2017-04-14 12:16:04 : [clean.registry] - Nothing to clean. 2017-04-14 12:16:04 : [clean.firefox] - Stopping Firefox based browsers clean 2017-04-14 12:16:04 : [clean] - Progress: 85% 2017-04-14 12:16:04 : [clean.chromium] - Starting Chromium based browsers clean 2017-04-14 12:16:04 : [scan.chromium] - Cleaning Chromium based browsers based preferences 2017-04-14 12:16:48 : [scan.chromium] - Cleaning done 2017-04-14 12:16:48 : [clean.chromium] - Stopping Chromium based browsers clean 2017-04-14 12:16:48 : [quarantine] - Quarantine database closed 2017-04-14 12:16:48 : [clean] - Progress: 95% 2017-04-14 12:16:48 : [clean.options] - Tracings keys 2017-04-14 12:16:48 : [main] - Deleting Tracing Keys 2017-04-14 12:16:48 : [clean.options] - Winsock reset 2017-04-14 12:16:48 : [main] - Resetting Winsock 2017-04-14 12:16:50 : [clean.options] - IFEO keys 2017-04-14 12:16:50 : [clean.options] - Prefetch files 2017-04-14 12:16:50 : [clean.options] - Proxy reset 2017-04-14 12:16:50 : [clean.options] - TCP/IP reset 2017-04-14 12:16:50 : [clean.options] - Firewall rules reset 2017-04-14 12:16:50 : [clean.options] - IPSec reset 2017-04-14 12:16:50 : [clean.options] - BITS flush 2017-04-14 12:16:50 : [clean.options] - IE policies reset 2017-04-14 12:16:50 : [clean.options] - Chrome policies reset 2017-04-14 12:16:50 : [clean.options] - Chrome preferences reset 2017-04-14 12:16:50 : [clean.options] - Hosts reset 2017-04-14 12:16:50 : [clean] - Progress: 100% 2017-04-14 12:16:50 : [clean] - Stopping clean 2017-04-14 12:16:52 : [main.stats] - Error while sending stats 2017-04-14 12:17:39 : [clean] - Reboot