# AdwCleaner v5.119 - Logfile created 13/06/2016 at 16:58:15
# Updated 30/05/2016 by Xplode
# Database : 2016-06-12.1 [Server]
# Operating system : Windows 8.1 Pro  (X64)
# Username : pc user - AIDRIAN
# Running from : C:\Users\pc user\Downloads\adwcleaner_5.119.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : QMUdisk
Service Found : TS888x64
Service Found : Program Manager

***** [ Folders ] *****

Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\tencent
Folder Found : C:\ProgramData\Tmp0x0x
Folder Found : C:\ProgramData\TXQMPC
Folder Found : C:\ProgramData\ytd video downloader
Folder Found : C:\ProgramData\13438947756880973375
Folder Found : C:\ProgramData\{0b4c8161-0ef9-03b1-0b4c-c81610ef0584}
Folder Found : C:\ProgramData\Application Data\apn
Folder Found : C:\ProgramData\Application Data\tencent
Folder Found : C:\ProgramData\Application Data\Tmp0x0x
Folder Found : C:\ProgramData\Application Data\TXQMPC
Folder Found : C:\ProgramData\Application Data\ytd video downloader
Folder Found : C:\ProgramData\Application Data\13438947756880973375
Folder Found : C:\ProgramData\Application Data\{0b4c8161-0ef9-03b1-0b4c-c81610ef0584}
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ÃÀÍ¼ä¯ÀÀ
Folder Found : C:\Program Files (x86)\Application Updater
Folder Found : C:\Program Files (x86)\GreenTree Applications
Folder Found : C:\Program Files (x86)\Window Update
Folder Found : C:\Program Files (x86)\yessearches-bnd
Folder Found : C:\Program Files (x86)\YTD Toolbar
Folder Found : C:\Program Files (x86)\Winsere
Folder Found : C:\Program Files (x86)\WinTaske
Folder Found : C:\Program Files (x86)\QQBrowser
Folder Found : C:\Program Files (x86)\Yahoo!\yset
Folder Found : C:\Program Files (x86)\Common Files\ProgramManager
Folder Found : C:\Program Files (x86)\Common Files\tencent
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Application Updater
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
Folder Found : C:\Users\pc user\AppData\Local\MalwareProtectionLive
Folder Found : C:\Users\pc user\AppData\Local\YSearchUtil
Folder Found : C:\Users\pc user\AppData\LocalLow\ytd
Folder Found : C:\Users\pc user\AppData\Roaming\BrowserExtensions
Folder Found : C:\Users\pc user\AppData\Roaming\eCyber
Folder Found : C:\Users\pc user\AppData\Roaming\OpenCandy
Folder Found : C:\Users\pc user\AppData\Roaming\RPEng
Folder Found : C:\Users\pc user\AppData\Roaming\Settings Manager
Folder Found : C:\Users\pc user\AppData\Roaming\SSN
Folder Found : C:\Users\pc user\AppData\Roaming\tencent
Folder Found : C:\Users\pc user\AppData\Roaming\Update Manager
Folder Found : C:\Users\pc user\AppData\Roaming\WinZiper
Folder Found : C:\Users\pc user\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
Folder Found : C:\Users\pc user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
Folder Found : C:\Users\pc user\Desktop\tencent
Folder Found : C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\extensions\staged\{23BA1545-A651-4EDB-9568-45BE0CBAE475}
Folder Found : C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\deskCutv2@gmail.com
Folder Found : C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\{1b80ae74-4912-44fc-9f27-30f9252a5ad7}
Folder Found : C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\{24d26487-6274-48b1-b500-22f24884f971}
Folder Found : C:\Users\pc user\AppData\Roaming\Opera Software\Opera Stable\Extensions\ccgmfdmilggeicjlilfkdccihkkdiagj
Folder Found : C:\Program Files\Common Files\tencent
Folder Found : C:\Users\pc user\AppData\Local\VirtualStore\Program Files (x86)\tencent
Folder Found : C:\Users\Public\Documents\dmp

***** [ Files ] *****

File Found : C:\omniboxes.xml
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
File Found : C:\Windows\SysWOW64\lavasofttcpservice.dll
File Found : C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
File Found : C:\Windows\SysWOW64\drivers\TS888x64.sys
File Found : C:\Users\pc user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ÃÀÍ¼ä¯ÀÀ.lnk
File Found : C:\Users\pc user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malware Protection Live.lnk
File Found : C:\Users\pc user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aliexpress .lnk
File Found : C:\Users\pc user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Booking .lnk
File Found : C:\Users\pc user\Desktop\Booking.URL
File Found : C:\Users\pc user\Desktop\Aliexpress.URL
File Found : C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ÃÀÍ¼ä¯ÀÀ.lnk
File Found : C:\Users\Guest\Desktop\Facebook.lnk
File Found : C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\searchplugins\yahoo_ff.xml
File Found : C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\searchplugins\search-provided-by-yahoo.xml
File Found : C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\searchplugins\default.xml
File Found : C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\invalidprefs.js
File Found : C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yahoo_ff.xml
File Found : C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\default.xml
File Found : C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yahoo-lavasoft.xml
File Found : C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage
File Found : C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage-journal
File Found : C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\pc user\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_ccgmfdmilggeicjlilfkdccihkkdiagj_0.localstorage
File Found : C:\Windows\SysNative\LavasoftTcpService64.dll
File Found : C:\Windows\SysNative\LavasoftTcpServiceOff.ini
File Found : C:\Windows\SysNative\drivers\TFsFltX64.sys

***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : updateTask
Task Found : task Update
Task Found : WinTaske
Task Found : Browser Updater Task(Core)

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Key Found : HKEY_CLASSES_ROOT\.qmgc
Key Found : HKLM\SOFTWARE\Classes\WinZippers.001
Key Found : HKLM\SOFTWARE\Classes\WinZippers.7z
Key Found : HKLM\SOFTWARE\Classes\WinZippers.arj
Key Found : HKLM\SOFTWARE\Classes\WinZippers.bz2
Key Found : HKLM\SOFTWARE\Classes\WinZippers.bzip2
Key Found : HKLM\SOFTWARE\Classes\WinZippers.cab
Key Found : HKLM\SOFTWARE\Classes\WinZippers.cpio
Key Found : HKLM\SOFTWARE\Classes\WinZippers.deb
Key Found : HKLM\SOFTWARE\Classes\WinZippers.dmg
Key Found : HKLM\SOFTWARE\Classes\WinZippers.fat
Key Found : HKLM\SOFTWARE\Classes\WinZippers.gz
Key Found : HKLM\SOFTWARE\Classes\WinZippers.gzip
Key Found : HKLM\SOFTWARE\Classes\WinZippers.hfs
Key Found : HKLM\SOFTWARE\Classes\WinZippers.iso
Key Found : HKLM\SOFTWARE\Classes\WinZippers.lha
Key Found : HKLM\SOFTWARE\Classes\WinZippers.lzh
Key Found : HKLM\SOFTWARE\Classes\WinZippers.lzma
Key Found : HKLM\SOFTWARE\Classes\WinZippers.ntfs
Key Found : HKLM\SOFTWARE\Classes\WinZippers.rar
Key Found : HKLM\SOFTWARE\Classes\WinZippers.rpm
Key Found : HKLM\SOFTWARE\Classes\WinZippers.squashfs
Key Found : HKLM\SOFTWARE\Classes\WinZippers.swm
Key Found : HKLM\SOFTWARE\Classes\WinZippers.tar
Key Found : HKLM\SOFTWARE\Classes\WinZippers.taz
Key Found : HKLM\SOFTWARE\Classes\WinZippers.tbz
Key Found : HKLM\SOFTWARE\Classes\WinZippers.tbz2
Key Found : HKLM\SOFTWARE\Classes\WinZippers.tgz
Key Found : HKLM\SOFTWARE\Classes\WinZippers.tpz
Key Found : HKLM\SOFTWARE\Classes\WinZippers.txz
Key Found : HKLM\SOFTWARE\Classes\WinZippers.vhd
Key Found : HKLM\SOFTWARE\Classes\WinZippers.wim
Key Found : HKLM\SOFTWARE\Classes\WinZippers.xar
Key Found : HKLM\SOFTWARE\Classes\WinZippers.xz
Key Found : HKLM\SOFTWARE\Classes\WinZippers.z
Key Found : HKLM\SOFTWARE\Classes\WinZippers.zip
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
Key Found : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo
Key Found : HKLM\SOFTWARE\Classes\metnsd
Key Found : HKLM\SOFTWARE\Classes\MTview.bmp
Key Found : HKLM\SOFTWARE\Classes\MTview.dib
Key Found : HKLM\SOFTWARE\Classes\MTview.emf
Key Found : HKLM\SOFTWARE\Classes\MTview.exif
Key Found : HKLM\SOFTWARE\Classes\MTview.gif
Key Found : HKLM\SOFTWARE\Classes\MTview.ico
Key Found : HKLM\SOFTWARE\Classes\MTview.jfif
Key Found : HKLM\SOFTWARE\Classes\MTview.jpe
Key Found : HKLM\SOFTWARE\Classes\MTview.jpeg
Key Found : HKLM\SOFTWARE\Classes\MTview.jpg
Key Found : HKLM\SOFTWARE\Classes\MTview.png
Key Found : HKLM\SOFTWARE\Classes\MTview.tif
Key Found : HKLM\SOFTWARE\Classes\MTview.tiff
Key Found : HKLM\SOFTWARE\Classes\MTview.wmf
Key Found : HKLM\SOFTWARE\Classes\qmgcfiles
Key Found : HKLM\SOFTWARE\Classes\AppID\{20B9C05C-99C9-4BAB-B596-FB0C0E1C9F55}
Key Found : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Found : HKCU\Software\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EC0FA563-E0F2-406F-8659-1E728458A91E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{88260EA6-BC91-42DF-ABEF-4A683E8A3C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4C097DF1-0716-4FA1-84A9-025BC1E7B03F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Key Found : HKCU\Software\genieo
Key Found : HKCU\Software\Mozilla\Extends
Key Found : HKCU\Software\PRODUCTSETUP
Key Found : HKCU\Software\ssn
Key Found : HKCU\Software\WajIEnhance
Key Found : HKCU\Software\WEBAPP
Key Found : HKCU\Software\yahooprovidedsearch
Key Found : HKCU\Software\STA
Key Found : HKCU\Software\YTD
Key Found : HKCU\Software\csastats
Key Found : HKCU\Software\GreenTree Applications\YTD
Key Found : HKCU\Software\AppDataLow\Software\Browser Extensions
Key Found : HKCU\Software\AppDataLow\Software\Settings Manager
Key Found : HKCU\Software\AppDataLow\Software\YTD
Key Found : HKLM\SOFTWARE\Application Updater
Key Found : HKLM\SOFTWARE\hdcode
Key Found : HKLM\SOFTWARE\omniboxesSoftware
Key Found : HKLM\SOFTWARE\yessearchesSoftware
Key Found : HKLM\SOFTWARE\Lavasoft\Web Companion
Key Found : HKLM\SOFTWARE\YTD
Key Found : HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Key Found : HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96F04C1B-E352-4A90-BED4-11A0FA968BC2}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MalwareProtectionLive
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
Key Found : [x64] HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Key Found : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Found : HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Key Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\genieo
Key Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\Mozilla\Extends
Key Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\PRODUCTSETUP
Key Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\ssn
Key Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\WajIEnhance
Key Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\WEBAPP
Key Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\yahooprovidedsearch
Key Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\STA
Key Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\YTD
Key Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\csastats
Key Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\GreenTree Applications\YTD
Key Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\AppDataLow\Software\Browser Extensions
Key Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\AppDataLow\Software\Settings Manager
Key Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\AppDataLow\Software\YTD
Key Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
Key Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
Key Found : HKU\S-1-5-18\Software\AskPartnerNetwork
Key Found : HKU\S-1-5-18\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_16_23&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CtDtA0F0DyDyEzzyEtD0D0BtCtCtA0AtN0D0Tzu0StCyCtByEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyByBtDzzzzyDzytBtGyEtA0FtBtGyE0B0A0BtGtByB0ByEtGtByC0DtByByDtC0DyE0CtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtD0F0AzzyEzztDtG0BtDyByBtGyEyByBtBtGzz0F0E0FtGtDtBtBtCyBtDzyzzzyyC0Ezy2QtN0A0LzuyE%26cr%3D436527993%26a%3Dwncy_gmmedply_16_23%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_23&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CtDtA0F0DyDyEzzyEtD0D0BtCtCtA0AtN0D0Tzu0StCyCtBtDtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StC0FtAtB0DtDtCzytGyB0A0FyCtGyEtDzzyDtGyDzyyBtBtG0FyC0FyBtDtByD0A0FyE0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtD0F0AzzyEzztDtG0BtDyByBtGyEyByBtBtGzz0F0E0FtGtDtBtBtCyBtDzyzzzyyC0Ezy2QtN0A0LzuyE%26cr%3D1810272187%26a%3Dwbf_ir_16_23%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_16_23&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CtDtA0F0DyDyEzzyEtD0D0BtCtCtA0AtN0D0Tzu0StCyCtByEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyByBtDzzzzyDzytBtGyEtA0FtBtGyE0B0A0BtGtByB0ByEtGtByC0DtByByDtC0DyE0CtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtD0F0AzzyEzztDtG0BtDyByBtGyEyByBtBtGzz0F0E0FtGtDtBtBtCyBtDzyzzzyyC0Ezy2QtN0A0LzuyE%26cr%3D436527993%26a%3Dwncy_gmmedply_16_23%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_16_23&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CtDtA0F0DyDyEzzyEtD0D0BtCtCtA0AtN0D0Tzu0StCyCtByEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyByBtDzzzzyDzytBtGyEtA0FtBtGyE0B0A0BtGtByB0ByEtGtByC0DtByByDtC0DyE0CtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtD0F0AzzyEzztDtG0BtDyByBtGyEyByBtBtGzz0F0E0FtGtDtBtBtCyBtDzyzzzyyC0Ezy2QtN0A0LzuyE%26cr%3D436527993%26a%3Dwncy_gmmedply_16_23%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro
Data Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_16_23&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CtDtA0F0DyDyEzzyEtD0D0BtCtCtA0AtN0D0Tzu0StCyCtByEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyByBtDzzzzyDzytBtGyEtA0FtBtGyE0B0A0BtGtByB0ByEtGtByC0DtByByDtC0DyE0CtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtD0F0AzzyEzztDtG0BtDyByBtGyEyByBtBtGzz0F0E0FtGtDtBtBtCyBtDzyzzzyyC0Ezy2QtN0A0LzuyE%26cr%3D436527993%26a%3Dwncy_gmmedply_16_23%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro
Data Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_23&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CtDtA0F0DyDyEzzyEtD0D0BtCtCtA0AtN0D0Tzu0StCyCtBtDtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StC0FtAtB0DtDtCzytGyB0A0FyCtGyEtDzzyDtGyDzyyBtBtG0FyC0FyBtDtByD0A0FyE0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtD0F0AzzyEzztDtG0BtDyByBtGyEyByBtBtGzz0F0E0FtGtDtBtBtCyBtDzyzzzyyC0Ezy2QtN0A0LzuyE%26cr%3D1810272187%26a%3Dwbf_ir_16_23%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{DED0806E-053D-4B42-9F4F-30BBBB84E84B}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{8CD75710-60A8-4157-8BB0-02042258119E}]
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5B58C278-EA94-46BD-B210-A602B132EC10}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{65462EB1-B783-4702-8C0A-37B011E40328}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A1A1350F-46D1-40E7-B1EE-7DCFE145099C}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {A1A1350F-46D1-40E7-B1EE-7DCFE145099C}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5B58C278-EA94-46BD-B210-A602B132EC10}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5B58C278-EA94-46BD-B210-A602B132EC10}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}
Key Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\Microsoft\Internet Explorer\SearchScopes\{5B58C278-EA94-46BD-B210-A602B132EC10}
Key Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\Microsoft\Internet Explorer\SearchScopes\{65462EB1-B783-4702-8C0A-37B011E40328}
Key Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}
Key Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A1A1350F-46D1-40E7-B1EE-7DCFE145099C}
Data Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {A1A1350F-46D1-40E7-B1EE-7DCFE145099C}
Key Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [ApnTBMon]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Extensions]
Value Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\Microsoft\Windows\CurrentVersion\Run [Browser Extensions]
Value Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [GenieoSystemTray]
Value Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [GenieoUpdaterService]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [MalwareProtectionLive]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MTView]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [SearchSettings]
Value Found : HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [ssn]
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowsMangerProtect
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService

***** [ Web browsers ] *****

[C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\prefs.js] Found : user_pref("extensions.JSksw4LMIjOvtenE.scode", "(function(){try{if(window.location.href.indexOf(\"pjs8pdg8pjY9pdg5rTU7rjwHrY\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\"[...]
[C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\prefs.js] Found : \",\"websearch.mocaflix.com\",\"search.easylifeapp.com\",\"searchy.easylifeapp.com\",\"us.yhs4.search.yahoo.com\",\"search.gboxapp.com\",\"searchiy.gboxapp.com\",\"bestonlinegadgetguide.com\",\"odpu.c[...]
[C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\prefs.js] Found : he-searcheng|oversearch|searchere|relevantsearch|wisesearch|search-guide|searchisbestmy|searchbomb|searchguru|searchsun|searchsunmy|toolksearchbook|searchinweb|webisgreat|webisawsome|exitingsearch|ama[...]
[C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\prefs.js] Found : Element(e),k=e.parentNode;k.insertBefore(g,e);k.removeChild(e)}}};this[\"superfiles.com\"]=new function(){this.init=function(){for(var d=\r\nh.utils.query_selector_all(\"#tag_download\"),a=0;a<d.lengt[...]
[C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\prefs.js] Found : clkmon.c minecraftdl\".split(\" \"); for (var i = 0; i < b.length; i++) { var a = location.href + (document.title ? document.title.toLowerCase() : \"z\"); if (document.referrer && -1 < document.referr[...]
[C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\prefs.js] Found : result__a\", unique_search_divs: \"1\", dr: [\"\", \"\"], urls: [\"://duckduckgo.com/?q=*\"], src_for_keyword: \"#search_form_input\", validate: function () { b.utils.ping(\"validate2\"); return !0 }}[...]
[C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\prefs.js] Found : info: { unique_search_divs: \"1\", urls: [\"hxxp://www.info.com/search?*\"], src_for_keyword: \"input[type='text']#qkw0\", validate: function () { return !0 }}, webcrawler: { unique_search_divs: \"1\"[...]
[C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\prefs.js] Found : erHTML;location.href=a.downloadUrl;a.storage.set();a.events.flush()};a.sendAjax=function(){a.utils.ajax.get(a.domain,function(b){b=b.replace(/\\n$/,\"\");b==\"try{\"+a.callback+\"}catch(e){}\"&&a.addC[...]
[C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\prefs.js] Found : ngdom.com www.optionsclick.com www.optionfair.com www.24option.com www.viracure.com onesystemcare.com onesave.com backin.net trianglecash.com acebook flybrain.com www.pcutilitiespro.com www.pcutilitie[...]
[C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\prefs.js] Found : he.gmx.de search.gmx.com search.gmx.co.uk news.gmx.com news.gmx.co.uk www.turbosearchengine.com search.turbosearchengine.com www.relatedtopix.com search.relatedtopix.com www.app-rover.com www.appignit[...]
[C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\prefs.js] Found : c_up01_hao123_jp form=u064ht&pc=u064 source=45905810 source=532d277e aro.com/ws/?source=6974b128 esmoke.com/?isid=9949 esmoke.com/?isid=9950 esmoke.com/?isid=9951 id=webpick_ot id=wbpk_ot hash=a4vxy8 [...]
[C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\prefs.js] Found : teElement('a').constructor))}catch(T){try{G(T.stack.replace(/(\\n+\\s*|\\s*\\n)+/gm,';'))}catch(K){G(K.name+': '+K.message)}}}};(function(){if(window===window.top&&!document.hasOwnProperty('fghjktghnd[...]
[C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\prefs.js] Found : user_pref("keyword.URL", "hxxps://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=715483&p=");
[C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\prefs.js] Found : user_pref("browser.startup.homepage", "hxxps://ph.search.yahoo.com/?type=715483&fr=spigot-yhp-ff|hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFFBJFhdUw1HDFERdg0VVQ5DQhhCIg4OTFwUFAUXIVxcWFxC[...]
[C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] Found : user_pref("browser.newtabpage.url", "hxxps://ph.search.yahoo.com/?type=715483&fr=spigot-yhp-ff|hxxp://www.omniboxes.com/?type=hp&ts=1450830554&z=6e886a97ad797cdc5df7c18g7zdw0eeb9c5e9wewfg&from=amt&uid[...]
[C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] Found : user_pref("browser.startup.homepage", "hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_16_23&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dph%26pa%3DWincy%26cd[...]
[C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search provided by yahoo.com
[C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : omniboxes
[C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFFBJFhdUw1HDFERdg0VVQ5DQhhCIg4OTFwUFAUXIVxcWFxCExNBNARaUUtXUUEeGGlxR1dMc1BPIU1dBWkDTlJRIVQ=
[C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : aaaaaiabcopkplhgaedhbloeejhhankf
[C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : fcfenmboojpjinhpgggodefccipikbpd
[C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : npdicihegicnhaangkdmcgbjceoemeoo

*************************

C:\AdwCleaner\AdwCleaner[S2].txt - [29691 bytes] - [13/06/2016 16:58:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [29765 bytes] ##########